Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525389
MD5:	1a7dbcfc4c8a85127db62a70e3a6635a
SHA1:	fc7eb4ea4434971e13299eb018ac584457f8f77a
SHA256:	3693f77573eeb4005fd0032086e7c3f79245dc04136fe430749ba0f92cf886af
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1A7DBCFC4C8A85127DB62A70E3A6635A)

taskkill.exe (PID: 6268 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3400 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2852 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2692 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5800 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3188 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2935303809.0000000000B88000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: file.exe PID: 7152	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_88.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_88.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_79.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_88.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_88.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_79.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_79.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_88.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_88.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_88.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_88.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_79.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_88.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_88.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_79.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_88.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_88.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_79.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_88.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_88.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1707428379.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2935303809.0000000000B88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_88.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:50000 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A4EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00A4EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A4ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00A4ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00A4EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A3AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00A3AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A69576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00A69576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_8b88b103-9
Source: file.exe, 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_713b5b05-2
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_a5913dec-1
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_65c8946d-e

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A3D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00A3D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A31201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00A31201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A3E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00A3E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42046	0_2_00A42046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8060	0_2_009D8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A38298	0_2_00A38298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E4FF	0_2_00A0E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0676B	0_2_00A0676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A64873	0_2_00A64873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FCAA0	0_2_009FCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DCAF0	0_2_009DCAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ECC39	0_2_009ECC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06DD9	0_2_00A06DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D91C0	0_2_009D91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EB119	0_2_009EB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F1394	0_2_009F1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F1706	0_2_009F1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F781B	0_2_009F781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F19B0	0_2_009F19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D7920	0_2_009D7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E997D	0_2_009E997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F7A4A	0_2_009F7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F7CA7	0_2_009F7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F1C77	0_2_009F1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A09EEE	0_2_00A09EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5BE44	0_2_00A5BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F1F32	0_2_009F1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009F0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 009EF9F2 appears 31 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/30@12/7

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A437B5 GetLastError,FormatMessageW,

0_2_00A437B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A310BF AdjustTokenPrivileges,CloseHandle,		0_2_00A310BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A316C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00A316C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A451CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00A451CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A5A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00A5A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A4648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00A4648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009D42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_009D42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:352:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3188 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3188 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_009D42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009F0A76 push ecx; ret

0_2_009F0A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_009EF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A61C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00A61C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-95570

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7164			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1774			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.3 %

Source: C:\Users\user\Desktop\file.exe TID: 6240

Thread sleep time: -71640s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7164 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00A3DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A468EE FindFirstFileW,FindClose,	0_2_00A468EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00A4698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00A3D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00A3D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A49642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00A49642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00A4979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A49B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00A49B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A45C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00A45C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_009D42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A4EAA2 BlockInput,

0_2_00A4EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A02622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00A02622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_009D42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009F4CE8 mov eax, dword ptr fs:[00000030h]

0_2_009F4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A30B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00A30B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00A02622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_009F083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F09D5 SetUnhandledExceptionFilter,	0_2_009F09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_009F0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00A31201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A12BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00A12BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A3B226 SendInput,keybd_event,

0_2_00A3B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A522DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00A522DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00A30B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A31663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00A31663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009F0698 cpuid

0_2_009F0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A48195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00A48195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A2D27A GetUserNameW,

0_2_00A2D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A0BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00A0BB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009D42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_009D42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2935303809.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7152, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2935303809.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7152, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A51204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00A51204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A51806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00A51806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
youtube-ui.l.google.com	0%	Virustotal	Browse
www3.l.google.com	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
youtube.com	0%	Virustotal	Browse
accounts.youtube.com	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
play.google.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://www.google.com/intl/	1%	Virustotal		Browse
https://youtube.com/t/terms?gl=	0%	Virustotal		Browse
https://play.google.com/work/enroll?identifier=	0%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true&authuser=0	0%	Virustotal		Browse
https://www.youtube.com/t/terms?chromeless=1&hl=	0%	Virustotal		Browse
https://play.google.com/log?hasfast=true&authuser=0&format=json	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youtube-ui.l.google.com	216.58.212.142	true	false	0%, Virustotal, Browse	unknown
www3.l.google.com	142.250.184.238	true	false	0%, Virustotal, Browse	unknown
play.google.com	216.58.206.78	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.164	true	false	0%, Virustotal, Browse	unknown
youtube.com	142.250.186.174	true	false	0%, Virustotal, Browse	unknown
accounts.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse	unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_88.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/technologies/location-data	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_88.13.dr	false	1%, Virustotal, Browse	unknown
https://apis.google.com/js/api.js	chromecache_79.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_88.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/terms/service-specific	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_88.13.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_88.13.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_79.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_88.13.dr	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_88.13.dr	false	0%, Virustotal, Browse	unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_88.13.dr	false	0%, Virustotal, Browse	unknown
https://support.google.com/accounts?hl=	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_88.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_88.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.212.142	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.174	youtube.com	United States	15169	GOOGLEUS	false
216.58.206.78	play.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
142.250.184.238	www3.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525389
Start date and time:	2024-10-04 05:30:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/30@12/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 38 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.18.110, 74.125.71.84, 34.104.35.123, 216.58.212.163, 142.250.185.227, 172.217.18.106, 142.250.185.106, 142.250.185.202, 142.250.186.106, 142.250.186.138, 142.250.185.170, 216.58.206.74, 142.250.186.74, 142.250.184.202, 142.250.184.234, 142.250.185.74, 172.217.16.202, 142.250.185.138, 142.250.185.234, 172.217.18.10, 142.250.186.42, 216.58.212.170, 172.217.16.138, 216.58.206.42, 142.250.186.170, 142.250.181.234, 142.250.74.202, 199.232.210.172, 192.229.221.95, 142.250.186.99, 64.233.166.84, 142.250.186.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	http://perweierscotish.online	Get hash	malicious	HtmlDropper	Browse
	http://144.126.159.102	Get hash	malicious	Unknown	Browse
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse
	http://144.126.159.102	Get hash	malicious	Unknown	Browse
	http://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9	Get hash	malicious	Unknown	Browse
	http://144.126.159.102:8080/loader	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	2FA Updating-2226-YZW.pdf	Get hash	malicious	Unknown	Browse
	http://gruasphenbogota.com	Get hash	malicious	Unknown	Browse
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://perweierscotish.online	Get hash	malicious	HtmlDropper	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	http://144.126.159.102	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	http://144.126.159.102	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	http://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	http://144.126.159.102:8080/loader	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	2FA Updating-2226-YZW.pdf	Get hash	malicious	Unknown	Browse	172.202.163.200 184.28.90.27 13.107.246.60
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse	172.202.163.200 184.28.90.27 13.107.246.60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4066
Entropy (8bit):	5.369564168658135
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoT4w:3mTOImedWOVF6vtUJyA8xJt
MD5:	4D3D9750CA5EB8A7D20993397BC5A6B8
SHA1:	DDB05A2C8AB1FD4537EEB2433BDF507CEE8CB8D2
SHA-256:	FCD1C642992A0BAF9038B3710DA080282AF0C80C113E1CE8F984F8143A2B2B32
SHA-512:	482DD926971FACA341058B35D333CEF64EAC460FC29B0B17AF5CD515253BCE973BBCAABADE3C4D125E07DE3BC75DE52059D5B229C44C5F95A30B845651EF64CA
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744316
Entropy (8bit):	5.792609563905897
Encrypted:	false
SSDEEP:	6144:h5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguaH:5OeKGSpguA
MD5:	E5DFAA54FA9E49582769745439A0B809
SHA1:	A5BA6F69DA4C2D684DF9A6E5EFAF91CDEDC9DFBA
SHA-256:	FC7077701258AA0159E2A90714C0245E556F60F36F73574515C5E12B02CBDDD2
SHA-512:	EF0BE7B81E43B2E899769204B107EBA503C46E27D57952238DD92A35F8871061302E1BB97398B7E58672B598642C85B2918DC881E63F2F85712E38601E76CF7F
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGqbcbY7EPIbU9aEKq4q6omjn3kkA/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x20469860, 0x39e13c40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698375
Entropy (8bit):	5.594847180822494
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLniy7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxniZU+
MD5:	9CB39A9BED5FF75EEA0E5CDECB8173A2
SHA1:	17221DDCEBFCDD26C01E6EB9A8FB51CFCDE716E8
SHA-256:	37D3F108CC80806B0C46B3D6A2084E33E7370124D3B8AAEF55588370CFEBC014
SHA-512:	8C07EC9BEB91B345B25280EFD158D77F8E4A6F889A9CDFDECF734C12EDAC2D2FC329EF5F72D5DBF7A795E24E5D77A30E4072F8547FCF80560655AB737ED4658E
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.5838066792858605
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	1a7dbcfc4c8a85127db62a70e3a6635a
SHA1:	fc7eb4ea4434971e13299eb018ac584457f8f77a
SHA256:	3693f77573eeb4005fd0032086e7c3f79245dc04136fe430749ba0f92cf886af
SHA512:	905b6571e1a7a5b9e8a8e4def0293d73536bf34bdb3d03ec13a863b3ea5755544f01002442b3687f296a1ddee86760cda23f9fb1012aa4430ea7b81e7a678e7d
SSDEEP:	24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8a4oK:zTvC/MTQYxsWR7a4
TLSH:	54159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FF5CAF [Fri Oct 4 03:10:39 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F254D34E613h
jmp 00007F254D34DF1Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F254D34E0FDh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F254D34E0CAh
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F254D350CBDh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F254D350D08h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F254D350CF1h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	3501cb9ed73fca1e895198be0cb43613	False	0.31665665064102566	data	5.3324163620701235	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 05:31:04.513986111 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 4, 2024 05:31:05.613246918 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:05.613348007 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:05.613523006 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:05.616895914 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:05.616920948 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.259505987 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.271455050 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.271517038 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.272809982 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.272902012 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.275382042 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.275465965 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.290992975 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.291486979 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.294898987 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.294980049 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.340769053 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.530235052 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.530424118 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.530560970 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.531003952 CEST	49730	443	192.168.2.4	142.250.186.174
Oct 4, 2024 05:31:06.531045914 CEST	443	49730	142.250.186.174	192.168.2.4
Oct 4, 2024 05:31:06.541099072 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:06.541151047 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:06.541218996 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:06.541434050 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:06.541446924 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.176553965 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.177154064 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.177217007 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.177772999 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.177848101 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.178771019 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.178831100 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.179789066 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.179872036 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.180016994 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.180032015 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.231400967 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.478360891 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.478415966 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.478581905 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:07.478585958 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.478651047 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.480897903 CEST	49736	443	192.168.2.4	216.58.212.142
Oct 4, 2024 05:31:07.480942965 CEST	443	49736	216.58.212.142	192.168.2.4
Oct 4, 2024 05:31:09.773607016 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:09.773699045 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:09.773775101 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:09.773992062 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:09.774017096 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.183533907 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:10.183564901 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:10.183643103 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:10.185920000 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:10.185933113 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:10.444714069 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.444988012 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:10.445002079 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.446444988 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.446513891 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:10.447509050 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:10.447592974 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.497126102 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:10.497133017 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:10.543998957 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:10.833185911 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:10.833307981 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:10.937779903 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:10.937802076 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:10.938731909 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:10.981890917 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.011737108 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.055406094 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.197107077 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.197253942 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.197308064 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.197460890 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.197488070 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.197500944 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.197508097 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.239423990 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.239470959 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.239531994 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.239810944 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.239824057 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.883245945 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.883352041 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.885070086 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.885090113 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.885878086 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:11.887069941 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:11.931406975 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:12.155914068 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:12.155978918 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:12.156585932 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:12.161887884 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:12.161922932 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:12.161950111 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 05:31:12.161964893 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 05:31:14.468436956 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:14.468508959 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:14.468580961 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:14.468756914 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:14.468775034 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.108688116 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.108887911 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.108933926 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.109457970 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.109541893 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.110059023 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.110119104 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.110975027 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.111040115 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.111108065 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.111123085 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.154314041 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.429023027 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.429064989 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.429132938 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.429194927 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.429270029 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.429321051 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.434974909 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.435050011 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.435065985 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.441170931 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.441211939 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.441241026 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.441257000 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.441315889 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.447566986 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.447645903 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.453716993 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.453768969 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.453804016 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.453846931 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.517276049 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.517345905 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.517376900 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.517411947 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.517466068 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.518188000 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.518256903 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.524341106 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.524418116 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.524816036 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.524869919 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.530850887 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.530937910 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.537012100 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.537085056 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.537101030 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.543404102 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.543482065 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.543498039 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.549660921 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.549740076 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.549738884 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.549799919 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.570576906 CEST	49756	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:31:15.570617914 CEST	443	49756	142.250.184.238	192.168.2.4
Oct 4, 2024 05:31:15.863688946 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.863738060 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:15.863821983 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.864053965 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.864072084 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:15.901985884 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.902044058 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:15.902142048 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.902565956 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:15.902584076 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.520500898 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.520781040 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.520812988 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.522361040 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.522459984 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.524888992 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.524959087 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.525749922 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.525983095 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.526158094 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.536079884 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.536338091 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.536402941 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.536957979 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.537061930 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.537955999 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.538028002 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.538172007 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.538258076 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.538300037 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.577080965 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.577140093 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.578986883 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.579015017 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.625210047 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.625236988 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.799129963 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.799195051 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.799371958 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.799597025 CEST	49760	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.799645901 CEST	443	49760	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.800437927 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.800482035 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.800566912 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.800854921 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.800868034 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.812460899 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.812669992 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.812753916 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.812865019 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.812865019 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.812907934 CEST	443	49761	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.812952995 CEST	49761	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.813487053 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.813566923 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:16.813640118 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.813803911 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:16.813822031 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.375401020 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:17.375437021 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:17.375515938 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:17.376943111 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:17.376959085 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:17.434591055 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.435822964 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.435832024 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.436871052 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.436939955 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.437491894 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.437541962 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.437681913 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.437735081 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.437819004 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.437825918 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.437844038 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.476978064 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.477180958 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.477242947 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.477754116 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.477962971 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.478749990 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.478805065 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.479110956 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.479199886 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.479243994 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.479325056 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.479341984 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.483408928 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.491734982 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.522665024 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.631994963 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.632272959 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.632328987 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.633104086 CEST	49764	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.633116961 CEST	443	49764	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.675520897 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.675810099 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:17.675873041 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.676336050 CEST	49765	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:17.676372051 CEST	443	49765	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:18.058754921 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:18.058815956 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:18.131346941 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:18.131362915 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:18.131699085 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:18.185177088 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:18.344130039 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.391434908 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615184069 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615293026 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615355015 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.615375042 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615437031 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615617037 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615677118 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.615731001 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615782976 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.615798950 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615852118 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.615988970 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.617280006 CEST	49741	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:31:18.617311001 CEST	443	49741	142.250.186.164	192.168.2.4
Oct 4, 2024 05:31:18.833904028 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:18.879405022 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058435917 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058476925 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058485985 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058531046 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058546066 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058562040 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058568954 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058595896 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058604002 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058617115 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058628082 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058650970 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058670998 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.058707952 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.058737040 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.059070110 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.059137106 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:19.059215069 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.566139936 CEST	49766	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:19.566169024 CEST	443	49766	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:21.590912104 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 4, 2024 05:31:21.596426964 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 4, 2024 05:31:21.596479893 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 4, 2024 05:31:23.500313997 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:23.500375032 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:23.500461102 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:23.500798941 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:23.500818014 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.170094013 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.170497894 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.170564890 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.171902895 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.172213078 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.172406912 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.172406912 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.172422886 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.172456026 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.216223001 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.474396944 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.474706888 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:24.474817038 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.499651909 CEST	49780	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:24.499679089 CEST	443	49780	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:46.328037024 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:46.328139067 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:46.328244925 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:46.328692913 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:46.328767061 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.123256922 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.123652935 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.123714924 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.124237061 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.124515057 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.124644995 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.124665022 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.124690056 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.125339031 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.168997049 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.402381897 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.402719021 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.403012991 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.403337955 CEST	49781	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.403434992 CEST	443	49781	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.436600924 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.436697006 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.437006950 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.437119961 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.437151909 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.952892065 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.952991009 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:47.953089952 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.953322887 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:47.953345060 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.094391108 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.094847918 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.094916105 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.096188068 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.096599102 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.096689939 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.096690893 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.096729040 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.096805096 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.137927055 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.374385118 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.374560118 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.374623060 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.375107050 CEST	49782	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.375133991 CEST	443	49782	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.610178947 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.610532045 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.610564947 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.611051083 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.611326933 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.611404896 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.611485958 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.611505985 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.611515999 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.806307077 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.806392908 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:48.806461096 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.807010889 CEST	49783	443	192.168.2.4	216.58.206.78
Oct 4, 2024 05:31:48.807032108 CEST	443	49783	216.58.206.78	192.168.2.4
Oct 4, 2024 05:31:56.545294046 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:56.545396090 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:56.545509100 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:56.546267033 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:56.546298981 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.248523951 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.248624086 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.254345894 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.254401922 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.254982948 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.269124985 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.315416098 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.517174006 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.517270088 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.517318010 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.517467976 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.517468929 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.517535925 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.517607927 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.518074989 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.518161058 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.518285990 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.518325090 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.518325090 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.518393993 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.525424004 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.525424004 CEST	49784	443	192.168.2.4	172.202.163.200
Oct 4, 2024 05:31:57.525491953 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:57.525527000 CEST	443	49784	172.202.163.200	192.168.2.4
Oct 4, 2024 05:31:58.220273972 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:58.220376968 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:58.220489979 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:58.220926046 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:58.220983028 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:58.865753889 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:58.866142988 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:58.981744051 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:58.981791019 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:58.982909918 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.028690100 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.067073107 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.111414909 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.165817022 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.165877104 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.165894985 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.166002989 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.166007996 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.166002989 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.166069031 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.166105032 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.166162014 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.166162014 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.250775099 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.250849962 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.250981092 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.250981092 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.251049042 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.251126051 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.252242088 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.252293110 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.252423048 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.252423048 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.252487898 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.252578020 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.336920977 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.336945057 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.336997032 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.337030888 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.337049961 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.337074995 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.337094069 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.337136984 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.337150097 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.337160110 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.337209940 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.338187933 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.338228941 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.338257074 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.338263988 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.338291883 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.338311911 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.339148998 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.339190960 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.339216948 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.339225054 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.339242935 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.339261055 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.422713041 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.422753096 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.422908068 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.422908068 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.422940016 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.423007011 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.423290014 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.423327923 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.423429966 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.423429966 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.423461914 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.423688889 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424088955 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424130917 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424165964 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424185038 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424201965 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424247026 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424663067 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424701929 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424726009 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424734116 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.424748898 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424762964 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.424772024 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.425350904 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.425390959 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.425415993 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.425424099 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.425453901 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.425472975 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426286936 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426326036 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426362991 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426372051 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426387072 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426388025 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426441908 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426450014 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426476002 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426563978 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426597118 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426615000 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426615000 CEST	49785	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.426625013 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.426635027 CEST	443	49785	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.469757080 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.469851017 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.470062971 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.470422983 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.470500946 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.471312046 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.471416950 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.471493006 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.471662045 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.471683979 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.472783089 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.472877026 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.472950935 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.473550081 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.473592043 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.473647118 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.473685026 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.473766088 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.474395990 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.474422932 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.474486113 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.474514008 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.474530935 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:31:59.474575043 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:31:59.474581957 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.112452984 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.113410950 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.113481045 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.114099026 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.114113092 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.114204884 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.114684105 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.114731073 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.115067959 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.115076065 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.127087116 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.127809048 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.127897024 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.128494978 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.128547907 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.154563904 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.155271053 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.155292034 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.155805111 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.155810118 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.211169004 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.211225033 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.211361885 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.211493969 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.211493969 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.211752892 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.211752892 CEST	49786	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.211795092 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.211817026 CEST	443	49786	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.212512016 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.212560892 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.212683916 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.212707996 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.212738037 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.212841988 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.212862968 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.212896109 CEST	49789	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.212903023 CEST	443	49789	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.214827061 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.214858055 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.214879036 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.214947939 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.214951038 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.215030909 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.215075970 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.215084076 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.215317011 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.215426922 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.228336096 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.228490114 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.228550911 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.228907108 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.228907108 CEST	49787	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.228974104 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.229011059 CEST	443	49787	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.231235981 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.231329918 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.231515884 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.231585026 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.231602907 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.261148930 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.261214972 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.261513948 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.261513948 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.261513948 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.263561010 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.263648987 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.263823986 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.263894081 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.263914108 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.562155008 CEST	49790	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.562180042 CEST	443	49790	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.855978966 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.856868982 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.856930017 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.857213974 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.857225895 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.884576082 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.885226965 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.885265112 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.885673046 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.885682106 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.939985991 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.940498114 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.940560102 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.940931082 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.940938950 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.959034920 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.959170103 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.959239960 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.959350109 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.959350109 CEST	49792	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.959423065 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.959448099 CEST	443	49792	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.962388992 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.962438107 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.962510109 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.962647915 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.962666035 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.985321045 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.985485077 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.985635042 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.985687971 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.985687971 CEST	49793	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.985714912 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.985729933 CEST	443	49793	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.988280058 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.988313913 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:00.988457918 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.988538027 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:00.988543987 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.045183897 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.045262098 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.045443058 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.045497894 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.045497894 CEST	49794	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.045522928 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.045541048 CEST	443	49794	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.048345089 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.048438072 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.048577070 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.048690081 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.048711061 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.205307961 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.205826044 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.205885887 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.206370115 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.206387997 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.254508972 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.255014896 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.255033970 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.255330086 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.255341053 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.310009003 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.310091972 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.310269117 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.310266972 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.310266972 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.310324907 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.310559988 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.310600042 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.310626030 CEST	49788	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.310641050 CEST	443	49788	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.313242912 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.313333988 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.313622952 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.313623905 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.313783884 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.357971907 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.358129025 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.358292103 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.358292103 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.358292103 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.360234022 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.360276937 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.360341072 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.360450983 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.360459089 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.670090914 CEST	49791	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.670160055 CEST	443	49791	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.796561003 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.797200918 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.797214031 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.797631979 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.797637939 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.803262949 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.803623915 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.803683043 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.803730965 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.803925037 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.803951979 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.803967953 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.804059029 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.804236889 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.804256916 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.895958900 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.896116018 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.896174908 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.896316051 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.896339893 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.896353960 CEST	49796	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.896365881 CEST	443	49796	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.899243116 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.899295092 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.899373055 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.899502039 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.899511099 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.905796051 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.905946016 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.906018019 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.906094074 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.906094074 CEST	49795	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.906136990 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.906162977 CEST	443	49795	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908031940 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908107042 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908165932 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908212900 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908236027 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908252001 CEST	49797	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908258915 CEST	443	49797	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908430099 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908519030 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.908591032 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908730984 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.908749104 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.910270929 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.910290956 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.910361052 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.910458088 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.910474062 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.959825993 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.960262060 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.960293055 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.960730076 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.960740089 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.998362064 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.998944044 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.998961926 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:01.999340057 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:01.999346972 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.066538095 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.066637039 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.066724062 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.066930056 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.066956997 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.066972017 CEST	49798	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.066978931 CEST	443	49798	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.069802999 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.069854975 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.069957972 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.070116043 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.070130110 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.097851038 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.097927094 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.097990990 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.098118067 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.098149061 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.098165035 CEST	49799	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.098172903 CEST	443	49799	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.100384951 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.100431919 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.100610018 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.100673914 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.100688934 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.548208952 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.548279047 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.548743963 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.548779011 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.548823118 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.548852921 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.549211979 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.549217939 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.549305916 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.549313068 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.584997892 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.585395098 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.585417986 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.585781097 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.585786104 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.646481991 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.646565914 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.646621943 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.646771908 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.646800041 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.646821976 CEST	49801	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.646830082 CEST	443	49801	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649388075 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649475098 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649478912 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649552107 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649673939 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649699926 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649734974 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649735928 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649837017 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649863958 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.649878979 CEST	49800	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.649888039 CEST	443	49800	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.651631117 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.651652098 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.651717901 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.651838064 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.651850939 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.690515041 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.690597057 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.690654993 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.690756083 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.690776110 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.690789938 CEST	49802	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.690795898 CEST	443	49802	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.692706108 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.692800999 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.692889929 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.693011045 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.693064928 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.734544039 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.734611988 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.755338907 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.755403042 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.755790949 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.755796909 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.756064892 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.756098986 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.756407022 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.756413937 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.851232052 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.851442099 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.851509094 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.851589918 CEST	49804	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.851634026 CEST	443	49804	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.855221987 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.855458021 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.855521917 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.856815100 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.856832981 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.856846094 CEST	49803	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.856853962 CEST	443	49803	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.864957094 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.865048885 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.865119934 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.866146088 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.866183996 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.866240978 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.866889954 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.866908073 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:02.866944075 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:02.867026091 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.292090893 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.292737007 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.292817116 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.293050051 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.293064117 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.309963942 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.310285091 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.310312986 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.310647011 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.310656071 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.344626904 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.345067024 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.345155954 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.345459938 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.345514059 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.391777992 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.391941071 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.392026901 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.392106056 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.392106056 CEST	49806	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.392148972 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.392174959 CEST	443	49806	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.394582987 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.394618034 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.394695997 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.394831896 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.394840002 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.410104036 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.410252094 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.410362005 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.410389900 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.410403013 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.410449982 CEST	49805	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.410464048 CEST	443	49805	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.412395954 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.412488937 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.412589073 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.412672043 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.412693977 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.445406914 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.445472002 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.445537090 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.445638895 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.445687056 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.445718050 CEST	49807	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.445735931 CEST	443	49807	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.448086977 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.448177099 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.448260069 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.448369980 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.448405981 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.517471075 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.517939091 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.518026114 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.518345118 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.518359900 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.527439117 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.527734041 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.527756929 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.528142929 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.528148890 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.617305994 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.617480040 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.617680073 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.617680073 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.617680073 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.619435072 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.619524956 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.619607925 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.619721889 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.619750023 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.637217045 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.637420893 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.637489080 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.637615919 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.637629986 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.637665033 CEST	49809	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.637671947 CEST	443	49809	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.639848948 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.639872074 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.639949083 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.640068054 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.640094042 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:03.930052042 CEST	49808	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:03.930119991 CEST	443	49808	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.044328928 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.059300900 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.059323072 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.062886000 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.062892914 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.079308033 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.085088015 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.085149050 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.085510969 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.085524082 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.095043898 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.096147060 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.096204996 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.096576929 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.096590042 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.159554958 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.159722090 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.159799099 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.160034895 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.160057068 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.160069942 CEST	49810	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.160079956 CEST	443	49810	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.163965940 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.164026022 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.164227962 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.164787054 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.164829969 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.185022116 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.185200930 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.185260057 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.186002970 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.186002970 CEST	49811	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.186045885 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.186074972 CEST	443	49811	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.188257933 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.188344955 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.189126968 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.189255953 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.189289093 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.196814060 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.196885109 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.196952105 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.197067976 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.197088957 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.197134972 CEST	49812	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.197148085 CEST	443	49812	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.198843956 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.198904037 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.199027061 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.199140072 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.199176073 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.259449959 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.262309074 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.262387037 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.262706995 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.262721062 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.280865908 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.283324003 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.283354998 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.283725023 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.283735991 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.358079910 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.358247995 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.358324051 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.358397007 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.358397007 CEST	49813	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.358433962 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.358458996 CEST	443	49813	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.360615015 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.360702991 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.360785961 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.360893011 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.360914946 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.379801035 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.379951954 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.380019903 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.380058050 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.380058050 CEST	49814	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.380072117 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.380089998 CEST	443	49814	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.381836891 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.381916046 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.381993055 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.382119894 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.382153034 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.804922104 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.809169054 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.809217930 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.809647083 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.809659958 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.828488111 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.828838110 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.828880072 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.829211950 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.829226017 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.848696947 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.849122047 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.849174023 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.849476099 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.849487066 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.905313969 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.905463934 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.905659914 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.905661106 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.905661106 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.908478975 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.908571959 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.908648968 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.908796072 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.908824921 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.928282976 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.928431988 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.928499937 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.928550959 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.928550959 CEST	49816	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.928577900 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.928592920 CEST	443	49816	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.930891991 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.930932045 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.930999994 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.931171894 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.931188107 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.950006008 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.950145006 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.950225115 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.950225115 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.950225115 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.952565908 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.952591896 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:04.952644110 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.952951908 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:04.952967882 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.012567997 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.013088942 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.013144016 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.013519049 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.013531923 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.049721003 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.050137997 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.050196886 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.050458908 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.050472021 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.112879992 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.113015890 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.113168001 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.113205910 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.113235950 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.113284111 CEST	49818	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.113298893 CEST	443	49818	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.115158081 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.115248919 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.115356922 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.115477085 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.115497112 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.153275967 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.153425932 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.153484106 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.153702974 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.153738022 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.153764963 CEST	49819	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.153795004 CEST	443	49819	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.156143904 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.156176090 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.156240940 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.156393051 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.156405926 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.216193914 CEST	49815	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.216237068 CEST	443	49815	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.262957096 CEST	49817	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.262990952 CEST	443	49817	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.567332029 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.567869902 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.567953110 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.568315029 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.568330050 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.576540947 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.576831102 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.576860905 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.577162027 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.577171087 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.614684105 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.615073919 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.615108967 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.615437984 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.615444899 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.665651083 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.665791035 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.665870905 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.666016102 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.666064024 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.666101933 CEST	49820	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.666119099 CEST	443	49820	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.668818951 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.668852091 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.669014931 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.669109106 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.669116974 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.690671921 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.690826893 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.690882921 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.691090107 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.691099882 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.691113949 CEST	49821	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.691118956 CEST	443	49821	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.693240881 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.693327904 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.693420887 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.693569899 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.693597078 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.717681885 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.717809916 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.717868090 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.717914104 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.717921972 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.717953920 CEST	49822	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.717957973 CEST	443	49822	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.719744921 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.719847918 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.719934940 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.720051050 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.720081091 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.754323006 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.754796028 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.754879951 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.755129099 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.755143881 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.823010921 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.823354959 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.823376894 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.823724985 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.823729038 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.892837048 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.893012047 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.893394947 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.893394947 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.893394947 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.896053076 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.896164894 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.896384001 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.896450043 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.896467924 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.926599979 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.926739931 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.926795006 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.926853895 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.926875114 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.926903009 CEST	49825	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.926908970 CEST	443	49825	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.928899050 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.928924084 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:05.928992033 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.929136992 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:05.929152966 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.200392962 CEST	49823	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.200464964 CEST	443	49823	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.339792967 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.344219923 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.345707893 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.345733881 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.346779108 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.346782923 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.347116947 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.347141981 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.347470045 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.347476959 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.355463028 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.355710983 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.355732918 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.356020927 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.356026888 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.443046093 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.443176031 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.443236113 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.444365025 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.444390059 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.444405079 CEST	49827	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.444412947 CEST	443	49827	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.446074009 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.446212053 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.446270943 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.454545021 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.454603910 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.454641104 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.455421925 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.455421925 CEST	49826	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.455461025 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.455485106 CEST	443	49826	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.467478991 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.467495918 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.467509031 CEST	49828	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.467515945 CEST	443	49828	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.471204042 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.471242905 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.471297026 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.472352028 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.472398043 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.472445965 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.472656965 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.472673893 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.472733021 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.472749949 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.473666906 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.473709106 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.473757029 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.473850012 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.473867893 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.530890942 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.531621933 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.531656981 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.532200098 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.532206059 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.576239109 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.578105927 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.578119993 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.578490973 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.578495979 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.629626989 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.629690886 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.629731894 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.629920959 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.629940033 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.629952908 CEST	49829	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.629960060 CEST	443	49829	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.632694006 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.632740021 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.632790089 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.632910967 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.632925034 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.677247047 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.677309990 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.677445889 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.677577972 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.677598953 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.677615881 CEST	49830	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.677623034 CEST	443	49830	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.679519892 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.679563046 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:06.679631948 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.679752111 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:06.679765940 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.113682985 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.114170074 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.114206076 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.114588022 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.114599943 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.137188911 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.137537003 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.137567997 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.137897968 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.137908936 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.151077032 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.151408911 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.151469946 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.151747942 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.151762009 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.211827040 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.211961985 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.212023973 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.212131023 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.212131023 CEST	49831	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.212167978 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.212192059 CEST	443	49831	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.215820074 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.215873957 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.215945005 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.216099024 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.216113091 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.240541935 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.240598917 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.240663052 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.240740061 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.240787029 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.240816116 CEST	49833	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.240833044 CEST	443	49833	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.242671967 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.242706060 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.242759943 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.242887020 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.242897034 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.254971981 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.255115986 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.255172014 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.255243063 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.255244017 CEST	49832	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.255280018 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.255305052 CEST	443	49832	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.257009029 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.257016897 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.257067919 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.257210970 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.257220030 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.282490969 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.282823086 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.282865047 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.283195972 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.283210039 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.322895050 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.323559999 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.323641062 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.323911905 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.323965073 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.421266079 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.421427965 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.421660900 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.422157049 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.422157049 CEST	49835	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.422224998 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.422259092 CEST	443	49835	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.423264980 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.423355103 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.423446894 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.423785925 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.423867941 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.667743921 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.667898893 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.668071985 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.668176889 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.668225050 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.668255091 CEST	49834	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.668272018 CEST	443	49834	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.671195984 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.671291113 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.671371937 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.671502113 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.671521902 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.860104084 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.860786915 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.860848904 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.861452103 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.861505985 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.907767057 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.908261061 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.908284903 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.908690929 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.908695936 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.911658049 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.911895037 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.911912918 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.912169933 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.912173986 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.960254908 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.960410118 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.960479975 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.960587025 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.960587025 CEST	49836	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.960632086 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.960658073 CEST	443	49836	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.963124990 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.963234901 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:07.963311911 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.963452101 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:07.963473082 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011157036 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011203051 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011240959 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.011373997 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.011392117 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011404037 CEST	49837	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.011409998 CEST	443	49837	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011840105 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.011981964 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.012036085 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.012072086 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.012075901 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.012084961 CEST	49838	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.012088060 CEST	443	49838	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.013593912 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.013629913 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.013695955 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.013875008 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.013902903 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.014728069 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.014816999 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.014899015 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.015065908 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.015105963 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.091480970 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.091955900 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.092036963 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.092204094 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.092231035 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.194227934 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.194391012 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.194725037 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.194866896 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.194866896 CEST	49839	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.194919109 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.194956064 CEST	443	49839	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.196532011 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.196562052 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.196768045 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.196768045 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.196810007 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.349647045 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.350265026 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.350326061 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.350732088 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.350785017 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.455259085 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.455467939 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.455857038 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.456614971 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.456615925 CEST	49840	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.456681967 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.456717014 CEST	443	49840	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.458466053 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.458559036 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.459012985 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.459012985 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.459140062 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.630644083 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.631146908 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.631192923 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.631635904 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.631643057 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.682096004 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.682614088 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.682674885 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.682730913 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.683031082 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.683084965 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.683526993 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.683562040 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.683876991 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.683888912 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.732630014 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.732779026 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.732851028 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.733510017 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.733530998 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.733545065 CEST	49841	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.733551979 CEST	443	49841	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.736705065 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.736799002 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.736882925 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.736988068 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.737009048 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.784929037 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.785085917 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.785187006 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.786940098 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.787000895 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.787194967 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.832426071 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.832458973 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.832519054 CEST	49842	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.832525969 CEST	443	49842	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.833704948 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.833704948 CEST	49843	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.833774090 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.833808899 CEST	443	49843	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.836237907 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.836286068 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.836471081 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.836767912 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.836824894 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.836874962 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.836940050 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.836971045 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.837021112 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.837033033 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.889960051 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.933765888 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.961559057 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.961570978 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:08.962290049 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:08.962295055 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.071429968 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.071508884 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.071552038 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.071715117 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.071734905 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.071748972 CEST	49844	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.071754932 CEST	443	49844	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.074361086 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.074450016 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.074522018 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.074651003 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.074671030 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.139266968 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.139698982 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.139760971 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.140113115 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.140125990 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.243690968 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.243825912 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.243995905 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.243995905 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.243995905 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.246186972 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.246287107 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.246376991 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.246498108 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.246519089 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.370527029 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.371120930 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.371160030 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.371604919 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.371613979 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.469533920 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.469679117 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.469755888 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.469861031 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.469883919 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.469897032 CEST	49846	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.469903946 CEST	443	49846	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.470925093 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.471251011 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.471268892 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.471652031 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.471656084 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.472568035 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.472592115 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.472660065 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.472799063 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.472804070 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.491214991 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.491514921 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.491559029 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.491878986 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.491885900 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.544378042 CEST	49845	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.544389009 CEST	443	49845	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.591710091 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.591869116 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.591922998 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.591969967 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.591969967 CEST	49847	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.591989040 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.592000008 CEST	443	49847	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.594074965 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.594158888 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.594237089 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.594336033 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.594358921 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.603909969 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.603955984 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.603997946 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.604074001 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.604087114 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.604096889 CEST	49848	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.604101896 CEST	443	49848	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.605792046 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.605884075 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.605988979 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.606339931 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.606420040 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.748946905 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.749525070 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.749629021 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.749983072 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.750036955 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.826956034 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:09.827044964 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:09.827219963 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:09.827438116 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:09.827478886 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:09.853884935 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.853955984 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.854134083 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.854218006 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.854218960 CEST	49849	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.854262114 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.854293108 CEST	443	49849	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.856631041 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.856689930 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.856775999 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.856977940 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.857003927 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.897496939 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.897850990 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.897927999 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.898231983 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:09.898245096 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.998862982 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.999023914 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:09.999228001 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.000168085 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.000168085 CEST	49850	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.000236034 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.000271082 CEST	443	49850	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.003791094 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.003817081 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.003875971 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.004131079 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.004138947 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.113609076 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.114173889 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.114187956 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.114613056 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.114617109 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.212585926 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.212752104 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.212807894 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.212843895 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.212857962 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.212869883 CEST	49851	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.212874889 CEST	443	49851	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.215477943 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.215569973 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.215670109 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.215780973 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.215807915 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.259378910 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.259737968 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.259773016 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.260159969 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.260170937 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.266961098 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.267343998 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.267405033 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.267822027 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.267874956 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370492935 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370563984 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370618105 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.370735884 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.370735884 CEST	49852	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.370762110 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370786905 CEST	443	49852	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370810032 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370852947 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.370891094 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.370981932 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.371007919 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.371023893 CEST	49853	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.371032000 CEST	443	49853	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.374162912 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374253035 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.374392986 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374646902 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374680042 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.374730110 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374914885 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374974966 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.374985933 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.375020027 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.450939894 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 4, 2024 05:32:10.456768990 CEST	80	49724	93.184.221.240	192.168.2.4
Oct 4, 2024 05:32:10.456882954 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 4, 2024 05:32:10.462817907 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:10.463239908 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:10.463304996 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:10.464467049 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:10.464771032 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:10.464956999 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:10.493289948 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.493798018 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.493843079 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.494227886 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.494239092 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.513262987 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:10.591653109 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.591809988 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.591886044 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.592097044 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.592116117 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.592171907 CEST	49855	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.592185974 CEST	443	49855	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.594861984 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.594897985 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.594980955 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.595154047 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.595168114 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.687778950 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.688206911 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.688221931 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.688570023 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.688574076 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.793872118 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.794039011 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.794089079 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.794307947 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.794327021 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.794337988 CEST	49856	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.794343948 CEST	443	49856	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.797064066 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.797161102 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.797252893 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.797384977 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.797409058 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.857198000 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.857697010 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.857785940 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.858104944 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.858159065 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.956695080 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.956856966 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.957158089 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.957246065 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.957287073 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.957336903 CEST	49857	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.957355022 CEST	443	49857	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.959882975 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.959974051 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:10.960283995 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.960284948 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:10.960412979 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.019799948 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.020138025 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.020232916 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.020603895 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.020617962 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.020906925 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.021183968 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.021202087 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.021522045 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.021526098 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.120385885 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.120543003 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.120628119 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.120727062 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.120774984 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.120806932 CEST	49858	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.120824099 CEST	443	49858	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.121902943 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.121958017 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.122001886 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.122467041 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.122487068 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.122495890 CEST	49859	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.122499943 CEST	443	49859	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.124254942 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.124350071 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.124473095 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.124660969 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.124682903 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.125467062 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.125559092 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.125649929 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.125729084 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.125762939 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.235249996 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.235752106 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.235802889 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.239097118 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.239109993 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.334510088 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.334671974 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.334839106 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.335875988 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.335912943 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.335938931 CEST	49860	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.335954905 CEST	443	49860	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.360719919 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.360830069 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.360918999 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.364021063 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.364057064 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.477952957 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.478559017 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.478617907 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.478883028 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.478899956 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.582684040 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.582839966 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.582997084 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.583172083 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.583172083 CEST	49861	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.583205938 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.583230972 CEST	443	49861	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.585640907 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.585762024 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.586126089 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.586126089 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.586258888 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.614684105 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.615179062 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.615288019 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.615679979 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.615732908 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.714797020 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.714932919 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.715264082 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.716192961 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.716192961 CEST	49862	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.716259956 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.716295004 CEST	443	49862	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.718127966 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.718214989 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.718328953 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.718463898 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.718502998 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.764502048 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.765033007 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.765091896 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.765436888 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.765449047 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.788150072 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.788667917 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.788755894 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.789058924 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.789113045 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.862370014 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.862396002 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.862456083 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.862463951 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.862504005 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.862761021 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.862793922 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.862817049 CEST	49863	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.862831116 CEST	443	49863	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.865685940 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.865735054 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.865904093 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.866039038 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.866067886 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.891695976 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.891745090 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.891944885 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.892239094 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.892239094 CEST	49864	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.892309904 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.892344952 CEST	443	49864	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.894265890 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.894349098 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:11.894448996 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.894615889 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:11.894649982 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.005894899 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.006325006 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.006398916 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.006706953 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.006720066 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.106307983 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.106466055 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.106538057 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.106676102 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.106676102 CEST	49865	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.106714010 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.106738091 CEST	443	49865	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.110361099 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.110466957 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.112073898 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.113467932 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.113503933 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.222999096 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.223443985 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.223467112 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.223855019 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.223867893 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.320636034 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.320688963 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.320820093 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.320924044 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.321043968 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.321090937 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.321120024 CEST	49866	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.321135998 CEST	443	49866	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.324218035 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.324268103 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.324354887 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.324585915 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.324605942 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.386080027 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.386658907 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.386722088 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.386993885 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.387008905 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.489906073 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.489962101 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.490094900 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.490278006 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.490278006 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.490381956 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.490381956 CEST	49867	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.490426064 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.490454912 CEST	443	49867	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.493771076 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.493860960 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.493978024 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.494204044 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.494240999 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.527476072 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.530785084 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.530858994 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.531224966 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.531238079 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.541595936 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.542397976 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.542427063 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.542706966 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.542712927 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.643165112 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.643325090 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.643421888 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.643605947 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.643621922 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.643668890 CEST	49869	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.643676043 CEST	443	49869	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644172907 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644227982 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644299984 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.644320965 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644359112 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644423962 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.644748926 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.644748926 CEST	49868	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.644768000 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.644779921 CEST	443	49868	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.647562981 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.647651911 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.647726059 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.647819042 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.647839069 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.648000956 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.648040056 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.648062944 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.648176908 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.648200989 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.785288095 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.785845041 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.785872936 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.786226988 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.786238909 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.877010107 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.877439976 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.877470970 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.877820969 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.877829075 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.889194965 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.889349937 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.889436007 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.889599085 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.889628887 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.889659882 CEST	49870	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.889672995 CEST	443	49870	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.893368959 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.893460989 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.893703938 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.893822908 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.893853903 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.977317095 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.977494001 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.977557898 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.977871895 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.977895021 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.977909088 CEST	49871	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.977916002 CEST	443	49871	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.984987974 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.985076904 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:12.985162973 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.985714912 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:12.985749960 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.147097111 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.147701025 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.147723913 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.148130894 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.148133993 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.247112989 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.247243881 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.247452974 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.247544050 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.247544050 CEST	49872	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.247591019 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.247627020 CEST	443	49872	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.250380993 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.250418901 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.250504971 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.250602007 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.250610113 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.287837982 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.288305998 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.288367033 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.288969040 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.288980961 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.312567949 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.312971115 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.313005924 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.313325882 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.313337088 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.387249947 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.387449980 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.387557983 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.387885094 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.387929916 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.387960911 CEST	49873	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.387978077 CEST	443	49873	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.391294003 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.391324043 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.391554117 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.391724110 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.391733885 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.414427042 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.414566994 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.414638042 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.414758921 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.414791107 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.414819956 CEST	49874	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.414832115 CEST	443	49874	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.417514086 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.417606115 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.417714119 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.417877913 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.417911053 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.535254955 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.536257029 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.536286116 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.536827087 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.536880016 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.633846998 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.634001017 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.634193897 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.634314060 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.634365082 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.634396076 CEST	49875	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.634412050 CEST	443	49875	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.636521101 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.637204885 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.637278080 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.637873888 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.637887001 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.639096022 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.639194965 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.639281034 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.639486074 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.639509916 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.736954927 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.737123013 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.737318993 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.749878883 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.749947071 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.750005007 CEST	49876	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.750025034 CEST	443	49876	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.825196981 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.825258970 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.825452089 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.857599020 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.857640028 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.918118954 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.925095081 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.925111055 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:13.929792881 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:13.929797888 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.030711889 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.030862093 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.030930996 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.040023088 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.040045977 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.040060997 CEST	49877	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.040069103 CEST	443	49877	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.045555115 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.073954105 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.073971033 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.085155964 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.085165024 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.090333939 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.090380907 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.090454102 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.090620995 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.090641022 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.097291946 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.098033905 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.098098040 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.099111080 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.099164009 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.182260990 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.182426929 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.182492971 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.182648897 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.182672977 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.182684898 CEST	49878	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.182692051 CEST	443	49878	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.185911894 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.186007023 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.186099052 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.186393976 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.186428070 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.201869011 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.201936007 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.202007055 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.202085018 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.202120066 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.202188015 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.202229977 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.202270031 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.202296019 CEST	49879	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.202311039 CEST	443	49879	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.204204082 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.204260111 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.204340935 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.204487085 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.204513073 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.306534052 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.307151079 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.307173967 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.307590961 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.307601929 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.408802986 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.409020901 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.409101963 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.409285069 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.409316063 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.409342051 CEST	49880	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.409357071 CEST	443	49880	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.411936045 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.412029982 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.412136078 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.412327051 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.412368059 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.537098885 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.537693024 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.537724018 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.538180113 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.538187027 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643012047 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643090010 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643143892 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.643176079 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643204927 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643259048 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.643455982 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.643476963 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.643491030 CEST	49881	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.643497944 CEST	443	49881	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.647645950 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.647737026 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.647830963 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.647985935 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.648015976 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.757802963 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.758501053 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.758533955 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.758775949 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.758784056 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.830173016 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.835282087 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.835316896 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.836018085 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.836025000 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.840497971 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.843194008 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.843213081 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.843657017 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.843662024 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.867996931 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.868117094 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.868187904 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.868412971 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.868439913 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.868455887 CEST	49882	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.868463039 CEST	443	49882	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.871803999 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.871876955 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.871984005 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.872147083 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.872172117 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.938549042 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.938668013 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.938734055 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.938997984 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.939018011 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.939033985 CEST	49883	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.939042091 CEST	443	49883	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.942198038 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.942228079 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.942316055 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.942468882 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.942478895 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.944217920 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.944370031 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.944437981 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.944488049 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.944498062 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.944515944 CEST	49884	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.944521904 CEST	443	49884	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.946583986 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.946630001 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:14.946712017 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.946818113 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:14.946837902 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.056566954 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.057260036 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.057324886 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.057768106 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.057781935 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.154539108 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.154622078 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.154735088 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.154820919 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.154820919 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.155085087 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.155138016 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.155170918 CEST	49885	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.155186892 CEST	443	49885	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.158085108 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.158134937 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.158230066 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.158363104 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.158382893 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.295562983 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.296272039 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.296317101 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.296899080 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.296909094 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.394300938 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.394658089 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.394721985 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.394773006 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.394792080 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.394808054 CEST	49886	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.394814968 CEST	443	49886	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.397999048 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.398076057 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.398174047 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.398349047 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.398382902 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.524529934 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.525182009 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.525234938 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.525681973 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.525697947 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.578689098 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.579288960 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.579365969 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.579701900 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.579715014 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.625371933 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.625529051 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.625694036 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.625776052 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.625812054 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.625838041 CEST	49887	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.625854015 CEST	443	49887	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.627455950 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.627937078 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.628027916 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.628272057 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.628325939 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.629151106 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.629213095 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.629304886 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.629502058 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.629528999 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.678251982 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.678409100 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.678493023 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.678658009 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.678658009 CEST	49888	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.678694010 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.678716898 CEST	443	49888	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.681238890 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.681289911 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.681515932 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.681515932 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.681579113 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.733315945 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.733375072 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.733475924 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.733593941 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.733594894 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.733594894 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.733686924 CEST	49889	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.733725071 CEST	443	49889	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.736237049 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.736278057 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.736370087 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.736490011 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.736505032 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.799894094 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.800314903 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.800390005 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.800678968 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.800692081 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.898319006 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.898458958 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.898530006 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.900801897 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.900801897 CEST	49890	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.900835037 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.900857925 CEST	443	49890	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.906362057 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.906431913 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:15.906524897 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.906637907 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:15.906655073 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.038011074 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.038424969 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.038446903 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.038825989 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.038834095 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.137907028 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.137932062 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.137969017 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.138019085 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.138051033 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.138205051 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.138226986 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.138240099 CEST	49891	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.138247013 CEST	443	49891	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.140652895 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.140748978 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.140850067 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.140988111 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.141020060 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.285463095 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.285932064 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.285950899 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.286385059 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.286391020 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.326419115 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.326961994 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.327006102 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.327112913 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.327121973 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.386580944 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.386629105 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.386707067 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.386881113 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.386910915 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.386936903 CEST	49892	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.386950970 CEST	443	49892	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.391051054 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.391088009 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.391155958 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.391311884 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.391324997 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.407582045 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.407998085 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.408042908 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.408252001 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.408261061 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.426646948 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.426810026 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.427032948 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.427088022 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.427088022 CEST	49893	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.427112103 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.427128077 CEST	443	49893	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.429009914 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.429023027 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.429089069 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.429243088 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.429255009 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.510010004 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.510243893 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.510305882 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.510395050 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.510413885 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.510431051 CEST	49894	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.510437965 CEST	443	49894	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.513364077 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.513412952 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.513624907 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.513624907 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.513684034 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.559335947 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.563297033 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.563329935 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.563724995 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.563736916 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663039923 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663116932 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663177967 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.663199902 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663235903 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663292885 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.663418055 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.663418055 CEST	49895	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.663444996 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.663466930 CEST	443	49895	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.665714979 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.665807009 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.665899992 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.666032076 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.666057110 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.786276102 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.786705971 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.786786079 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.787116051 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.787128925 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.884577990 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.885215998 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.885377884 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.885379076 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.885379076 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.888458967 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.888547897 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:16.888648987 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.888799906 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:16.888823986 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.027774096 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.028342962 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.028366089 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.028839111 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.028845072 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.067778111 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.068157911 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.068186045 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.068628073 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.068634033 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.127746105 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.127973080 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.128036022 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.128068924 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.128068924 CEST	49897	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.128084898 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.128094912 CEST	443	49897	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.131145000 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.131237030 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.131321907 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.131643057 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.131722927 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.164352894 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.166625977 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.166712046 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.167032003 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.167083979 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.167453051 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.167614937 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.167674065 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.167699099 CEST	49898	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.167706966 CEST	443	49898	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.170027971 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.170066118 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.170212984 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.170340061 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.170355082 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.200887918 CEST	49896	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.200949907 CEST	443	49896	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.264646053 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.264715910 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.264816999 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.264920950 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.265089989 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.265089989 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.265141010 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.265208960 CEST	49900	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.265225887 CEST	443	49900	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.267654896 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.267693996 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.268012047 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.268157005 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.268165112 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.308759928 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.309495926 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.309556961 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.309921026 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.309973955 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.408662081 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.408798933 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.409008980 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.409008980 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.409089088 CEST	49901	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.409125090 CEST	443	49901	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.411529064 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.411592960 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.411663055 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.411796093 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.411827087 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.527301073 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.527951956 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.528038025 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.528465033 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.528548956 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.627340078 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.627548933 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.627634048 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.627717972 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.627717972 CEST	49902	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.627762079 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.627788067 CEST	443	49902	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.630332947 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.630378008 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.630444050 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.630594969 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.630604982 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.779000998 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.779432058 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.779494047 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.779850960 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.779865026 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.848830938 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.849169970 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.849200964 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.849514008 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.849529982 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.878717899 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.878921032 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.879120111 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.879120111 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.879120111 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.881468058 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.881557941 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.881639957 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.881750107 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.881769896 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.948831081 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.949364901 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.949440002 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.949754953 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.949768066 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954365015 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954435110 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954482079 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.954504013 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954541922 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954587936 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.954617977 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.954631090 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.954641104 CEST	49904	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.954646111 CEST	443	49904	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.957233906 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.957283020 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:17.957361937 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.957509995 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:17.957520008 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.052702904 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.052994013 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.053071976 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.053152084 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.053152084 CEST	49905	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.053195000 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.053220987 CEST	443	49905	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.055526972 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.055569887 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.055623055 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.055752993 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.055763006 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.090593100 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.090986013 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.091021061 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.091530085 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.091542006 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.184987068 CEST	49903	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.185038090 CEST	443	49903	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.196027040 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.196212053 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.196289062 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.196369886 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.196369886 CEST	49906	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.196413040 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.196438074 CEST	443	49906	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.198662996 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.198751926 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.198837042 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.198961973 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.198983908 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.268040895 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.309978008 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.318664074 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.318681002 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.319396973 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.319408894 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.415249109 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.415476084 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.415541887 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.419255018 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.419284105 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.419296980 CEST	49907	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.419302940 CEST	443	49907	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.428746939 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.428848982 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.428924084 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.429140091 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.429174900 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.516273975 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.532553911 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.532597065 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:18.532651901 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.532916069 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.532932997 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:18.543279886 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.543319941 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.543725967 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.543740988 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.639739990 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.639842033 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.639908075 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.639925957 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.639978886 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.641244888 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.641244888 CEST	49908	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.641280890 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.641303062 CEST	443	49908	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.642303944 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.648538113 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.648595095 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.649050951 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.649068117 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.650243044 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.650336981 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.650435925 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.650561094 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.650588036 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.694251060 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.694626093 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.694658995 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.694983006 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.694993973 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.749289989 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.749474049 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.749550104 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.749600887 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.749634981 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.749660969 CEST	49909	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.749675989 CEST	443	49909	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.751756907 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.751820087 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.751898050 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.752007008 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.752027988 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.797723055 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.797833920 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.797892094 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.797924042 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.797951937 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.798002005 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.798037052 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.798053980 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.798074961 CEST	49910	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.798085928 CEST	443	49910	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.799758911 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.799788952 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.799854994 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.799969912 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.799984932 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.841630936 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.842178106 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.842231035 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.842561960 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.842573881 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.939492941 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.939568996 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.939640999 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.939718008 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.939754963 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.939780951 CEST	49911	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.939795017 CEST	443	49911	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.941819906 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.941911936 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.942004919 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.942114115 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:18.942142963 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:18.981590033 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.981632948 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:18.981709003 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.982223988 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:18.982254028 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.088392019 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.088829041 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.088855982 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.089284897 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.089291096 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.187860966 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.187885046 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.187920094 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.187935114 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.187989950 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.188227892 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.188262939 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.188287973 CEST	49912	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.188302994 CEST	443	49912	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.191085100 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.191123009 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.191190958 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.191307068 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.191315889 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.229140997 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.229610920 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.229629993 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.230885029 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.231163979 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.231312990 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.231317997 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.231332064 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.231339931 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.275398970 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.278731108 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.332473040 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.332988024 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.333029032 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.333441973 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.333456039 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.427670002 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.428088903 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.428169012 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.428445101 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.428458929 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.434015989 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.434212923 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.434272051 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.434304953 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.434324026 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.434335947 CEST	49914	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.434340954 CEST	443	49914	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.436989069 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.437031984 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.437112093 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.437233925 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.437252998 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.514749050 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.515010118 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.515069962 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.515450001 CEST	49913	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.515459061 CEST	443	49913	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.517117023 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.517431021 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.517468929 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.517719030 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.517725945 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.528759956 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.528826952 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.528919935 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.529059887 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.529061079 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.529061079 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.529061079 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.531153917 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.531241894 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.531339884 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.531465054 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.531483889 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.592668056 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.593204021 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.593286037 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.593470097 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.593483925 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.622864008 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.623058081 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.623121977 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.623151064 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.623172045 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.623184919 CEST	49916	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.623192072 CEST	443	49916	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.625176907 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.625260115 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.625353098 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.625480890 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.625505924 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.654679060 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.654949903 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.655009031 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.655556917 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.656526089 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.656629086 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.656709909 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.656745911 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.656760931 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.691411018 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.691519022 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.691601992 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.691621065 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.691684961 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.691787004 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.691831112 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.691859961 CEST	49917	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.691875935 CEST	443	49917	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.694448948 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.694480896 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.694559097 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.694710970 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.694720030 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.828242064 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.828629017 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.828648090 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.829041004 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.829047918 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.841229916 CEST	49915	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.841293097 CEST	443	49915	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.928682089 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.928842068 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.928950071 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.929074049 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.929095030 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.929109097 CEST	49919	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.929116964 CEST	443	49919	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.931551933 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.931655884 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.931761980 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.931899071 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:19.931921959 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:19.934777975 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.934926033 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:19.934984922 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.935584068 CEST	49918	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:19.935617924 CEST	443	49918	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:20.072351933 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.072871923 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.072954893 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.073471069 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.073484898 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.171195030 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.171278954 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.171420097 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.171493053 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.171514034 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.171526909 CEST	49920	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.171533108 CEST	443	49920	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.174303055 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.174335003 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.174410105 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.174474001 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.174577951 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.174587011 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.174818993 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.174880028 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.175211906 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.175226927 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.265420914 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.265794992 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.265853882 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.266108990 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.266123056 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.272731066 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.272878885 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.273238897 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.273238897 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.273238897 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.275377035 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.275423050 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.275495052 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.275623083 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.275634050 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.364126921 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:20.364193916 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:20.364259958 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:20.364860058 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.364926100 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.364979029 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.365017891 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.365053892 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.365101099 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.365196943 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.365232944 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.365279913 CEST	49922	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.365294933 CEST	443	49922	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.370738029 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.370805979 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.370898962 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.371036053 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.371072054 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.373836040 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.374564886 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.374638081 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.374816895 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.374830961 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.477108955 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.477247953 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.477535009 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.477535009 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.477535009 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.479541063 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.479625940 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.479717970 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.479852915 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.479886055 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.575674057 CEST	49921	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.575748920 CEST	443	49921	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.582720995 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.583230972 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.583307981 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.583604097 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.583617926 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.684305906 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.684379101 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.684483051 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.684607029 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.684607029 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.684931993 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.684931993 CEST	49924	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.685034990 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.685075045 CEST	443	49924	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.688285112 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.688318968 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.688395023 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.688688993 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.688703060 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.778870106 CEST	49923	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.778932095 CEST	443	49923	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.812243938 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.843036890 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.843056917 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.843481064 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.843487978 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.915731907 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.940386057 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.940469980 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.940524101 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.956041098 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.956048965 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.956468105 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.956473112 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.956790924 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.956806898 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.956820965 CEST	49925	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.956826925 CEST	443	49925	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.965256929 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.965293884 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:20.965347052 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.968204021 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:20.968234062 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.051033020 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.051577091 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.051640034 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.051992893 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.052006006 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.052061081 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.052221060 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.052279949 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.052315950 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.052334070 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.052349091 CEST	49926	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.052356005 CEST	443	49926	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.055083990 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.055169106 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.055254936 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.055351019 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.055376053 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.154514074 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.154702902 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.154778957 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.154836893 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.154836893 CEST	49927	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.154870033 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.154892921 CEST	443	49927	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.156936884 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.157027960 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.157123089 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.157238960 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.157263041 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.161537886 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.161876917 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.161921024 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.162259102 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.162270069 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.264597893 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.264657974 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.264750957 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.264833927 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.264833927 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.264894962 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.264894962 CEST	49928	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.264920950 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.264941931 CEST	443	49928	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.266745090 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.266834021 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.266918898 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.267019987 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.267051935 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.327271938 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.328679085 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.328722000 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.329080105 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.329094887 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.426045895 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.426250935 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.426321030 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.426486969 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.426487923 CEST	49929	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.426506996 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.426517963 CEST	443	49929	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.428997040 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.429084063 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.429179907 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.429342985 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.429367065 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.618141890 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.618500948 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.618534088 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.618937016 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.618944883 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.696208000 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.696554899 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.696635008 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.696979046 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.696993113 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.719085932 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.719145060 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.719188929 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.719201088 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.719240904 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.722129107 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.722152948 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.722167969 CEST	49930	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.722173929 CEST	443	49930	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.724930048 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.725023985 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.725100040 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.725238085 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.725260973 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.794625998 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.794780970 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.794971943 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.794972897 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.794972897 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.796674967 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.796715975 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.796895981 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.796895981 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.796933889 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.809286118 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.809814930 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.809890985 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.810285091 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.810298920 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.905813932 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.906380892 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.906465054 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.906711102 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.906719923 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.909403086 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.909576893 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.909758091 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.909836054 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.909837008 CEST	49932	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.909878969 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.909904003 CEST	443	49932	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.911587000 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.911675930 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:21.911765099 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.911866903 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:21.911890030 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.004491091 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.004640102 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.004822016 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.004822016 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.004822016 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.006544113 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.006635904 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.006726980 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.006819963 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.006850004 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.095951080 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.096359015 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.096406937 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.096817970 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.096829891 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.107871056 CEST	49931	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.107939959 CEST	443	49931	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.198009014 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.198177099 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.198246956 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.198359966 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.198360920 CEST	49934	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.198406935 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.198432922 CEST	443	49934	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.202033997 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.202069998 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.202133894 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.202272892 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.202285051 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.311480999 CEST	49933	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.311502934 CEST	443	49933	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.361530066 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.361979008 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.362052917 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.362371922 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.362385035 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.463891983 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.463972092 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.464035034 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.464173079 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.464210987 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.464236975 CEST	49935	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.464251995 CEST	443	49935	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.468355894 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.468439102 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.468523026 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.468621016 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.468657017 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.488066912 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.488415956 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.488428116 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.488908052 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.488914967 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.589700937 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.590095997 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.590190887 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.590446949 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.590461969 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.594760895 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.594921112 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.594985962 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.595026970 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.595042944 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.595055103 CEST	49936	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.595062017 CEST	443	49936	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.597111940 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.597151995 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.597243071 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.597368956 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.597392082 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.659467936 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.659827948 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.659858942 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.660164118 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.660173893 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.694546938 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.694700003 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.694780111 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.694829941 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.694859028 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.694919109 CEST	49937	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.694933891 CEST	443	49937	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.696712017 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.696759939 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.696841002 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.696945906 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.696958065 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.759701014 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.759763956 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.759821892 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.759850025 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.759882927 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.759932041 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.760252953 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.760273933 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.760298014 CEST	49938	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.760309935 CEST	443	49938	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.763616085 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.763683081 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.763748884 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.765189886 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.765219927 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.854348898 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.854707003 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.854732037 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.855228901 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.855235100 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.954020977 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.954190016 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.954256058 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.954405069 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.954421043 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.954436064 CEST	49939	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.954442024 CEST	443	49939	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.957045078 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.957155943 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:22.957247019 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.957390070 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:22.957422972 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.143147945 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.181967020 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.182049036 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.182569027 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.182583094 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.257010937 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.257472038 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.257508039 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.258107901 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.258111954 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.283646107 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.283726931 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.283994913 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.289573908 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.289573908 CEST	49940	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.289613008 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.289638042 CEST	443	49940	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.300415993 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.300512075 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.300589085 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.300967932 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.301004887 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.340424061 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.356736898 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.356909990 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.356972933 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.392385960 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.433120966 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.480725050 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.480777025 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.481121063 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.481137991 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.481317997 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.481359959 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.481389999 CEST	49941	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.481405973 CEST	443	49941	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.481580973 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.482985973 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.483006001 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.483330011 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.483342886 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.500070095 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.500127077 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.500211000 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.500343084 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.500365973 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576245070 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576292992 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576359034 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.576421022 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576459885 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576517105 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.576622963 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.576622963 CEST	49942	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.576654911 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.576678038 CEST	443	49942	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.579761028 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.579869032 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.579941034 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.580228090 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.580265999 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.583117962 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.583185911 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.583246946 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.583286047 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.583317995 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.583374977 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.583374977 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.583374977 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.585124016 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.585150957 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.585221052 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.585308075 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.585315943 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.644434929 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.644836903 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.644856930 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.645205975 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.645215988 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.748650074 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.748749018 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.748821020 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.748852968 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.748904943 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.748960018 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.748960018 CEST	49944	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.749003887 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.749030113 CEST	443	49944	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.751116991 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.751156092 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.751213074 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.751333952 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.751347065 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.887862921 CEST	49943	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.887897968 CEST	443	49943	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.933790922 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.934560061 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.934648037 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:23.934905052 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:23.934921026 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.033250093 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.033308029 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.033658981 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.033659935 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.033740044 CEST	49945	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.033776045 CEST	443	49945	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.036251068 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.036338091 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.036436081 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.036570072 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.036598921 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.161634922 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.162214041 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.162275076 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.162682056 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.162694931 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.221599102 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.222028971 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.222045898 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.222384930 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.222388983 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.248969078 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.249258041 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.249315977 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.249623060 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.249635935 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.262557983 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.262748003 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.262852907 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.262876034 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.262911081 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.263015985 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.263015985 CEST	49946	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.263050079 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.263071060 CEST	443	49946	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.265646935 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.265672922 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.265737057 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.265841961 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.265846014 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.320858002 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.320908070 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.321023941 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.321038008 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.321190119 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.321233034 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.321233034 CEST	49948	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.321249008 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.321258068 CEST	443	49948	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.323374987 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.323393106 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.323467970 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.323601007 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.323609114 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.351974010 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.352365971 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.352581024 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.352581024 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.352581024 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.354757071 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.354790926 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.354863882 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.354974031 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.354983091 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.386312008 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.386658907 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.386677027 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.387193918 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.387198925 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.484374046 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.484442949 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.484513044 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.484569073 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.484613895 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.490961075 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.490979910 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.490997076 CEST	49949	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.491002083 CEST	443	49949	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.493505955 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.493525028 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.493591070 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.493705034 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.493710041 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:24.653593063 CEST	49947	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:24.653657913 CEST	443	49947	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.619259119 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.620546103 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.620589018 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.620970964 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.620978117 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.722270012 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.722328901 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.722390890 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.722436905 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.722670078 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.722670078 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.724005938 CEST	49950	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.724026918 CEST	443	49950	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.725394011 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.725430012 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.725660086 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.725660086 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.725708961 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.806350946 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.809400082 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.813325882 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.817663908 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.819281101 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.819325924 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.822304964 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.822310925 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.822773933 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.822796106 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.823250055 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.823267937 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.823421001 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.823429108 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.823904991 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.823909998 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.824161053 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.824172020 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.824604034 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.824608088 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.917695999 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.917843103 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.917922020 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.919720888 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.919821024 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.919938087 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.919980049 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.919996977 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.920008898 CEST	49953	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.920008898 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.920017958 CEST	443	49953	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.921422005 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.921588898 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.921654940 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.922285080 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.922403097 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.922462940 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.927769899 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.927784920 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.927797079 CEST	49951	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.927802086 CEST	443	49951	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.936079025 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.936088085 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.936098099 CEST	49952	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.936100960 CEST	443	49952	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.947338104 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.947348118 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.947381020 CEST	49954	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.947392941 CEST	443	49954	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.966253042 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.966341972 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.966423988 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.967133045 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.967223883 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.967932940 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.967957973 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.967982054 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.968391895 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.968417883 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.968430042 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.968523026 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.968556881 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.968723059 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.968746901 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.969387054 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.969408035 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:25.972006083 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.972086906 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:25.972100973 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.360470057 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.361053944 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.361082077 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.361699104 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.361705065 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.460715055 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.460772038 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.460942984 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.461086035 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.461117983 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.461137056 CEST	49955	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.461144924 CEST	443	49955	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.464471102 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.464561939 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.464660883 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.464867115 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.464903116 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.609971046 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.612514019 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.612574100 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.613127947 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.613142014 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.613992929 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.614428997 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.614447117 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.614535093 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.614794970 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.614805937 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.615243912 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.615274906 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.615545034 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.615551949 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.636688948 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.637062073 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.637078047 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.637438059 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.637443066 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.709784031 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.709943056 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.710110903 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.710159063 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.710192919 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.710217953 CEST	49957	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.710232019 CEST	443	49957	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712012053 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712074041 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712162971 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.712168932 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712271929 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.712271929 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.712294102 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712320089 CEST	49958	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.712328911 CEST	443	49958	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.712886095 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.713036060 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.713108063 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.713722944 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.713794947 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.713867903 CEST	49959	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.713882923 CEST	443	49959	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.713934898 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.714049101 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.714076042 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.714123964 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.714148998 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.714173079 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.714286089 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.714308977 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.716366053 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.716455936 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.716561079 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.716789961 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.716823101 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.739597082 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.739662886 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.739763021 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.739878893 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.739880085 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.740109921 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.740115881 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.740147114 CEST	49956	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.740154028 CEST	443	49956	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.742130041 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.742156982 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:26.742235899 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.742398977 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:26.742410898 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.145418882 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.145986080 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.146064997 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.146399975 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.146413088 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.249344110 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.249521971 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.249586105 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.249768972 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.249809980 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.249836922 CEST	49960	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.249850988 CEST	443	49960	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.253432035 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.253487110 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.253566027 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.253669977 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.253678083 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.356949091 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.356976032 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.357603073 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.357625008 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.357836962 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.357846975 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.358016014 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.358021975 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.358438015 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.358444929 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.398029089 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.398437977 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.398485899 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.398768902 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.398781061 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.407407045 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.407795906 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.407810926 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.408123016 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.408128023 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.457568884 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.457724094 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.457796097 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.457819939 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.457912922 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.457938910 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.457956076 CEST	49962	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.457962990 CEST	443	49962	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.458002090 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.458053112 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.458075047 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.458081007 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.458092928 CEST	49961	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.458097935 CEST	443	49961	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.460382938 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460428953 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.460535049 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460614920 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460623026 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.460654020 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460675001 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.460730076 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460804939 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.460809946 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.502372026 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.502511978 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.502599001 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.502697945 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.502726078 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.502749920 CEST	49963	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.502762079 CEST	443	49963	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.505019903 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.505062103 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.505146027 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.505311012 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.505321026 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.510859013 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.510929108 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.510987043 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.510994911 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.511037111 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.511085033 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.511110067 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.511116982 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.511126041 CEST	49964	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.511128902 CEST	443	49964	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.513438940 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.513524055 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.513612032 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.513804913 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.513844013 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.922216892 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.922846079 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.922887087 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:27.923280001 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:27.923286915 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.024585962 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.024736881 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.024806976 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.024955034 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.024976969 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.024991989 CEST	49965	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.024997950 CEST	443	49965	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.028084993 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.028177977 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.028284073 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.028397083 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.028422117 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.102440119 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.102875948 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.102897882 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.103611946 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.103617907 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.128878117 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.129201889 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.129247904 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.129875898 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.129887104 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.157454967 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.157757044 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.157804966 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.158076048 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.158087969 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.171178102 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.171487093 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.171516895 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.172063112 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.172068119 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.200829029 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.201050043 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.201112986 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.201159000 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.201176882 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.201188087 CEST	49967	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.201194048 CEST	443	49967	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.204569101 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.204601049 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.204688072 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.204794884 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.204802036 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.231051922 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.231086016 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.231134892 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.231163979 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.231216908 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.231374979 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.231374979 CEST	49966	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.231416941 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.231437922 CEST	443	49966	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.234740973 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.234797001 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.234878063 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.234960079 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.234975100 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.259819031 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.259965897 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.260040045 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.260164022 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.260195971 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.260242939 CEST	49969	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.260260105 CEST	443	49969	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.263053894 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.263097048 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.263175011 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.263336897 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.263355017 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320312023 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320389986 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320451021 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.320467949 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320486069 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320547104 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.320708990 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.320733070 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.320744038 CEST	49968	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.320749998 CEST	443	49968	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.322808027 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.322823048 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.322916031 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.323021889 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.323030949 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.676161051 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.676810980 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.676877975 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.677233934 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.677241087 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.776707888 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.777407885 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.777489901 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.777513981 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.777587891 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.777647018 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.777693033 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.777723074 CEST	49970	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.777739048 CEST	443	49970	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.782139063 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.782232046 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.782320976 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.782500029 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.782531023 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.857785940 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.858247995 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.858299971 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.858648062 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.858660936 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.887212038 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.887706041 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.887744904 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.888425112 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.888436079 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.906596899 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.907005072 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.907040119 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.907330036 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.907336950 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.961901903 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.962100029 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.962182999 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.962304115 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.962336063 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.962361097 CEST	49971	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.962376118 CEST	443	49971	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.965078115 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.965168953 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.965276957 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.965399027 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.965420961 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.982059002 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.982391119 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.982439995 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.982781887 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.982789993 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.990725994 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.990776062 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.990842104 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.990864038 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.990938902 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.990993977 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.991122007 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.991147995 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.991172075 CEST	49972	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.991184950 CEST	443	49972	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.993535995 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.993562937 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:28.993629932 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.993735075 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:28.993741035 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008101940 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008157015 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008225918 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.008254051 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008320093 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008374929 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.008397102 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.008414030 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.008425951 CEST	49973	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.008431911 CEST	443	49973	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.010627031 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.010634899 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.010700941 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.010864019 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.010870934 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080329895 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080404997 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080461025 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.080482960 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080516100 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080568075 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.080677032 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.080691099 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.080703974 CEST	49974	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.080710888 CEST	443	49974	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.083451033 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.083537102 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.083851099 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.083851099 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.083982944 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.426199913 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.427537918 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.427618027 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.427937031 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.427990913 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.524458885 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.524650097 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.524719954 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.524815083 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.524840117 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.524852991 CEST	49975	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.524861097 CEST	443	49975	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.528304100 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.528398991 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.528732061 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.528733015 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.528867006 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.635894060 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.636404991 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.636466026 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.636851072 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.636863947 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.653693914 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.653960943 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.653978109 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.654275894 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.654280901 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.662162066 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.662501097 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.662507057 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.662803888 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.662806988 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.739120007 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.739195108 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.739288092 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.739362955 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.739795923 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.739797115 CEST	49976	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.739864111 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.739897966 CEST	443	49976	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.742186069 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.742278099 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.742372036 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.742503881 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.742525101 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.751652956 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.751802921 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.751874924 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.751938105 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.751945972 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.751985073 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.752018929 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.752068043 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.752110958 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.752131939 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.752144098 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.752152920 CEST	49978	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.752157927 CEST	443	49978	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.752393007 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.752408981 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.754184961 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.754205942 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.754283905 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.754426003 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.754451990 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.764163017 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.764378071 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.764430046 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.764451981 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.764456034 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.764463902 CEST	49977	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.764467001 CEST	443	49977	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.766231060 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.766314983 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.766403913 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.766510010 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.766535997 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.853399038 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.853537083 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.853741884 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.853741884 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.853743076 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.855882883 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.855942965 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:29.856043100 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.856184959 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:29.856215954 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.168370962 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.168934107 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.168998957 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.169087887 CEST	49979	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.169156075 CEST	443	49979	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.169688940 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.169704914 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.267561913 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.267635107 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.267740011 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.267741919 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.267972946 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.267973900 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.267973900 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.268028021 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.271672964 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.271704912 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.271776915 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.271982908 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.271995068 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.400202036 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.406910896 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.408752918 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.408817053 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.409209967 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.409229040 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.419905901 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.423732996 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.423748016 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.426482916 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.426493883 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.429779053 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.429840088 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.432365894 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.432382107 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.481679916 CEST	49980	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.481748104 CEST	443	49980	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.505182028 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.505260944 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.505359888 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.505381107 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.505424023 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.510536909 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.510570049 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.510601044 CEST	49982	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.510616064 CEST	443	49982	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.518162966 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.518189907 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.518270016 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.518479109 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.518490076 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.526906967 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527040958 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527092934 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.527218103 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.527219057 CEST	49981	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.527237892 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527260065 CEST	443	49981	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527631044 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527793884 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.527988911 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.527988911 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.527988911 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.529625893 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.529686928 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.529840946 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.529866934 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.529930115 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.529958963 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.529979944 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.530002117 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.530085087 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.530107021 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.535911083 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.536819935 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.536854029 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.537235975 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.537246943 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.640002966 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.640444994 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.640537024 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.640674114 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.640696049 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.640743971 CEST	49984	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.640758038 CEST	443	49984	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.642901897 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.642993927 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.643068075 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.643213034 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.643245935 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.828198910 CEST	49983	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.828268051 CEST	443	49983	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.924928904 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.925405979 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.925421000 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:30.925837040 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:30.925842047 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025058031 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025135994 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025238991 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.025259018 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025310993 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025424957 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.025497913 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.025497913 CEST	49985	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.025517941 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.025530100 CEST	443	49985	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.028655052 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.028708935 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.028770924 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.029016972 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.029032946 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.171952963 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.172513962 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.172600985 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.172904968 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.172919989 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.186686039 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.187011957 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.187025070 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.187390089 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.187396049 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.198143005 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.198441982 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.198462963 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.198839903 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.198853016 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.270695925 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.270757914 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.270849943 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.270854950 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.270915031 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.271173954 CEST	49988	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.271215916 CEST	443	49988	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.273905039 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.273953915 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.274032116 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.274168015 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.274187088 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.284323931 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.284636021 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.284682989 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.284977913 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.284992933 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.288655043 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.288852930 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.288913965 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.288949966 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.288963079 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.289001942 CEST	49986	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.289009094 CEST	443	49986	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.290659904 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.290744066 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.290822029 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.290924072 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.290945053 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.300700903 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.300828934 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.300906897 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.300908089 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.300971031 CEST	49987	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.300993919 CEST	443	49987	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.302552938 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.302654982 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.302742004 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.302844048 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.302870035 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.383038044 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.383183002 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.383245945 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.383307934 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.383307934 CEST	49989	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.383339882 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.383362055 CEST	443	49989	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.385888100 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.385927916 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.386004925 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.386126995 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.386151075 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.676690102 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.677356958 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.677412033 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.677978039 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.677994967 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.776499033 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.776568890 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.776690006 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.776709080 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.776774883 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.776974916 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.777020931 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.777050018 CEST	49990	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.777065992 CEST	443	49990	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.779846907 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.779939890 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.780034065 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.780194998 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.780214071 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.935782909 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.936701059 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.936786890 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.937146902 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.937201023 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.962148905 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.962547064 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.962630033 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.962893009 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.962907076 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.983289003 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.983869076 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.983947039 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:31.984185934 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:31.984200954 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.035183907 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.035332918 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.035444021 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.035780907 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.035780907 CEST	49992	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.035849094 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.035885096 CEST	443	49992	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.038374901 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.038464069 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.038568974 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.038705111 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.038722038 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.073172092 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.073297977 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.073486090 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.073565006 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.073606968 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.073750019 CEST	49991	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.073766947 CEST	443	49991	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.075577021 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.075589895 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.075619936 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.075699091 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.075788975 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.075795889 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.076009989 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.076087952 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.076368093 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.076383114 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.087376118 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.087469101 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.087572098 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.087600946 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.087635040 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.087773085 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.087774038 CEST	49993	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.087805986 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.087830067 CEST	443	49993	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.089579105 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.089589119 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.089662075 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.089783907 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.089799881 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.178848028 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.178992033 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.179053068 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.179100990 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.179100990 CEST	49994	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.179124117 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.179146051 CEST	443	49994	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.181057930 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.181140900 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.181214094 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.181334972 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.181356907 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.437160015 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.437702894 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.437783003 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.438113928 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.438127995 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.538625956 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.538778067 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.538852930 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.538978100 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.538978100 CEST	49995	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.539000034 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.539011002 CEST	443	49995	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.541698933 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.541812897 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.541908026 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.542064905 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.542088032 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.710273981 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.716202974 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.732650995 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.740660906 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.740722895 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.741091013 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.741103888 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.741303921 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.741334915 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.741610050 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.741616011 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.741781950 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.741790056 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.742069960 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.742077112 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.825205088 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.827192068 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.827230930 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.831912041 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.831922054 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.836678028 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.838828087 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.838897943 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839062929 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839123011 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839145899 CEST	49997	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839167118 CEST	443	49997	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839179993 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839189053 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839262962 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839313030 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839437008 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839437008 CEST	49998	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.839445114 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.839453936 CEST	443	49998	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.840805054 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.840871096 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.840926886 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.840945959 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.840981960 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.841025114 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.849081039 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.849116087 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.849142075 CEST	49996	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.849157095 CEST	443	49996	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.904913902 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.905004978 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.905097961 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.914699078 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.914721966 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.914788008 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917013884 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917081118 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.917191029 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917242050 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917275906 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.917499065 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917526007 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.917654991 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.917701006 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.929143906 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.929342031 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.929397106 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.929435968 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.929447889 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.929474115 CEST	49999	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.929485083 CEST	443	49999	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.931705952 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.931741953 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.931801081 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.932157993 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:32.932173967 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:32.951864004 CEST	49854	443	192.168.2.4	142.250.186.164
Oct 4, 2024 05:32:32.951911926 CEST	443	49854	142.250.186.164	192.168.2.4
Oct 4, 2024 05:32:33.204073906 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.204567909 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.204602003 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.204988003 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.204998970 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.315213919 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.315294027 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.315349102 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.315515995 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.315515995 CEST	50000	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.315546036 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.315571070 CEST	443	50000	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.318126917 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.318200111 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.318295956 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.318413973 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.318430901 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.554378986 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.555084944 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.555150032 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.555526972 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.555543900 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.558826923 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.559119940 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.559174061 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.559417009 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.559428930 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.584076881 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.584381104 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.584408045 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.584739923 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.584752083 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.597259998 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.599519014 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.599540949 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.599848032 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.599853992 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.654393911 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.654457092 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.654557943 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.654628038 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.654628038 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.654722929 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.654722929 CEST	50001	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.654768944 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.654798985 CEST	443	50001	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.657054901 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.657125950 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.657262087 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.657382011 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.657407999 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.658695936 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.658847094 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.658907890 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.658961058 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.658961058 CEST	50003	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.659007072 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.659029961 CEST	443	50003	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.660769939 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.660815001 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.660871983 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.660968065 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.660975933 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.685713053 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.685867071 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.686053038 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.700931072 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.701075077 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.701127052 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.701139927 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.701175928 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.701215982 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.721863985 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.721864939 CEST	50002	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.721935034 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.721971035 CEST	443	50002	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.723170996 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.723198891 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.723215103 CEST	50004	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.723222017 CEST	443	50004	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.725594044 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.725634098 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.725708008 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.726656914 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.726771116 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.726773024 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.726789951 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.726838112 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.726927042 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.726953030 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.983701944 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.984155893 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.984210014 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:33.984591961 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:33.984606028 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.085971117 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.086123943 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.086190939 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.086294889 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.086294889 CEST	50005	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.086327076 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.086349010 CEST	443	50005	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.088852882 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.088952065 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.089029074 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.089173079 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.089195013 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.297941923 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.298397064 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.298414946 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.298804045 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.298810959 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.300278902 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.300551891 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.300566912 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.300868034 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.300873995 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396600008 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396675110 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396764994 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.396799088 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396862984 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396915913 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.396960974 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.396991968 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.396991968 CEST	50006	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.397012949 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.397031069 CEST	443	50006	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399288893 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399455070 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399507046 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399570942 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399591923 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399601936 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399624109 CEST	50007	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399631977 CEST	443	50007	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399655104 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.399719000 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399853945 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.399873018 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.401735067 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.401840925 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.401926041 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.402019978 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.402040005 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.407305956 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.407624006 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.407682896 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.408003092 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.408018112 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.512437105 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.512636900 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.512799978 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.512799978 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.514909983 CEST	50009	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.514942884 CEST	443	50009	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.516355991 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.516448021 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.516525984 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.516649961 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.516670942 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.756524086 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.773773909 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.773835897 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.774178028 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.774189949 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874063969 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874133110 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874191999 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.874217033 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874245882 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874301910 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.874423027 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.874448061 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.874471903 CEST	50010	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.874485970 CEST	443	50010	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.876725912 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.876787901 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:34.876914978 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.877057076 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:34.877094030 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.046055079 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.046593904 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.046650887 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.047125101 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.047137022 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.056519985 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.056770086 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.056806087 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.057071924 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.057077885 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.145598888 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.145786047 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.145857096 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.156285048 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.156465054 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.156542063 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.167572021 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.204222918 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.204262018 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.204283953 CEST	50012	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.204293013 CEST	443	50012	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.209475040 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.209507942 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.209523916 CEST	50011	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.209532976 CEST	443	50011	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.210514069 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.210596085 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.210920095 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.210932970 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.249460936 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249550104 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.249578953 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249629021 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249649048 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.249705076 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249881029 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249903917 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.249907970 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.249922991 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.308588028 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.308753014 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.308825016 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.366390944 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.366427898 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.366456985 CEST	50013	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.366471052 CEST	443	50013	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.391257048 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.391292095 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.391365051 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.391694069 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.391716003 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.532645941 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.533225060 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.533277035 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.533638000 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.533648968 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.632673025 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.632849932 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.632935047 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.633012056 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.633044958 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.633070946 CEST	50015	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.633085012 CEST	443	50015	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.635823965 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.635859013 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.635945082 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.636100054 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.636127949 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.886702061 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.887451887 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.887496948 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.887770891 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.887779951 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.920171976 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.921155930 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.921243906 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:35.921303034 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:35.921317101 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.004153967 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.004211903 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.004360914 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.004582882 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.004610062 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.004636049 CEST	50016	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.004647970 CEST	443	50016	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.007428885 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.007467985 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.007538080 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.007643938 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.007653952 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.024384975 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.024604082 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.024676085 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.024761915 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.024761915 CEST	50017	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.024807930 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.024836063 CEST	443	50017	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.027266026 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.027369022 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.027575970 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.027687073 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.027724028 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.034120083 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.034385920 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.034421921 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.034719944 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.034732103 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.129744053 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.130130053 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.130222082 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.130307913 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.130307913 CEST	50018	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.130357027 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.130382061 CEST	443	50018	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.133352995 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.133441925 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.133536100 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.133697033 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.133718014 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.281795025 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.282461882 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.282540083 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.283056974 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.283070087 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381165028 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381263018 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381345987 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.381370068 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381400108 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381472111 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.381519079 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381548882 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.381550074 CEST	50019	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.381568909 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.381591082 CEST	443	50019	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.384838104 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.384886980 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.384977102 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.385165930 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.385179996 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.552548885 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.553422928 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.553440094 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.553944111 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.553950071 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.654635906 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.654970884 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.655067921 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.655168056 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.655181885 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.655196905 CEST	50008	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.655205011 CEST	443	50008	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.657170057 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.658097029 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.658113956 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.658659935 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.658664942 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.659007072 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.659040928 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.659106016 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.659312010 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.659323931 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.706192970 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.706741095 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.706819057 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.707317114 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.707331896 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.757320881 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.757462025 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.757524967 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.757601023 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.757610083 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.757622957 CEST	50020	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.757630110 CEST	443	50020	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.760642052 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.760710955 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.760818005 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.761025906 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.761046886 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.809967995 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.810029030 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.810117006 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.810133934 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.810210943 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.810314894 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.810367107 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.810396910 CEST	50021	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.810411930 CEST	443	50021	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.811058998 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.812151909 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.812211037 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.812731981 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.812746048 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.814630032 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.814696074 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.814779043 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.814944983 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.814965963 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.915528059 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.915616989 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.915697098 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.915949106 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.915949106 CEST	50022	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.915973902 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.915988922 CEST	443	50022	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.918773890 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.918804884 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:36.918876886 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.919642925 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:36.919655085 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.025144100 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.025715113 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.025746107 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.026382923 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.026391029 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.125654936 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.125777960 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.125842094 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.125878096 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.125901937 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.125967979 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.126060009 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.126060009 CEST	50023	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.126080990 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.126091957 CEST	443	50023	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.129419088 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.129509926 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.129614115 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.129801035 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.129822016 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.299633980 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.300420046 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.300437927 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.301629066 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.301634073 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.400022984 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.400674105 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.400769949 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.400818110 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.400840998 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.400855064 CEST	50024	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.400861979 CEST	443	50024	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.405002117 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.405102015 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.405221939 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.405369043 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.405400991 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.416043043 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.418334007 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.418353081 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.418955088 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.418962002 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.496174097 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.496682882 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.496697903 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.497284889 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.497294903 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.516855001 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.516921997 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.517071009 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.517602921 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.517602921 CEST	50025	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.517637014 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.517668009 CEST	443	50025	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.520649910 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.520740986 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.520940065 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.521116972 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.521152973 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.587053061 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.587696075 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.587745905 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.588366032 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.588372946 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.605237961 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.605329037 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.605529070 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.607439041 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.607475042 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.607505083 CEST	50026	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.607520103 CEST	443	50026	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.610310078 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.610367060 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.610584974 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.642188072 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.642234087 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.689558029 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.689635992 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.689786911 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.689862967 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.692079067 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.692794085 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.692819118 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.692833900 CEST	50027	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.692842007 CEST	443	50027	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.729496956 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.729599953 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.729984999 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.757716894 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.757801056 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.801954985 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.805951118 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.805994034 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.811424971 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:37.811450005 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.920005083 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.920572042 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:37.920706987 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.018203974 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.018233061 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.018268108 CEST	50028	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.018275976 CEST	443	50028	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.025122881 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.025181055 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.025369883 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.025540113 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.025551081 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.076680899 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.077200890 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.077286005 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.077795982 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.077810049 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.179941893 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.180125952 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.180206060 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.180294037 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.180294037 CEST	50029	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.180340052 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.180376053 CEST	443	50029	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.183535099 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.183558941 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.183634996 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.183821917 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.183830023 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.187160969 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.187542915 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.187563896 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.188114882 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.188126087 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.282589912 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.283202887 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.283263922 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.283746958 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.283755064 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.289647102 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.289695024 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.289818048 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.289881945 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.289881945 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.289973974 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.289973974 CEST	50030	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.290019035 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.290056944 CEST	443	50030	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.292865038 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.292960882 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.293087959 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.293354034 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.293435097 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.382235050 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.382405996 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.382544041 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.382723093 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.382772923 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.382827997 CEST	50031	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.382844925 CEST	443	50031	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.385808945 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.385901928 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.386008024 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.386240959 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.386276007 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.398869991 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.399447918 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.399523020 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.399918079 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.399971008 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.498352051 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.498378038 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.498433113 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.498884916 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.498886108 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.498886108 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.501780987 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.501882076 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.501997948 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.502214909 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.502238035 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.703403950 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.703887939 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.703906059 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.704314947 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.704320908 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.807780027 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.807811022 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.807904959 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.807920933 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.807976007 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.808311939 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.808334112 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.808355093 CEST	50033	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.808360100 CEST	443	50033	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.811857939 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.811916113 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.812025070 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.812235117 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.812254906 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.813707113 CEST	50032	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.813740969 CEST	443	50032	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.832169056 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.832688093 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.832705975 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.833101034 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.833105087 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.934628963 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.934688091 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.934777975 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.934806108 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.935050011 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.935066938 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.935075998 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.935429096 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.935504913 CEST	443	50034	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.935559034 CEST	50034	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.938369036 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.938420057 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.938502073 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.938774109 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.938807964 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.939884901 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.940296888 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.940380096 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:38.940700054 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:38.940713882 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041416883 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041435957 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041527033 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.041590929 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041657925 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041719913 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.041874886 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.041908979 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.041955948 CEST	50035	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.041970968 CEST	443	50035	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.045492887 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.045587063 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.045855045 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.045855999 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.045986891 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.053689003 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.054148912 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.054228067 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.054528952 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.054543972 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.320477009 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.320633888 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.320704937 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.320921898 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.320944071 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.320971966 CEST	50036	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.320980072 CEST	443	50036	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.322534084 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.322962999 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.323005915 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.323595047 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.323601961 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.323950052 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.324038029 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.324129105 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.324234962 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.324256897 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.422487974 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.422641993 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.422735929 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.422904968 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.422926903 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.422945023 CEST	50037	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.422954082 CEST	443	50037	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.426208973 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.426261902 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.426348925 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.426484108 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.426500082 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.511311054 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.511878014 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.511957884 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.512542963 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.512558937 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.574683905 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.575505972 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.575562954 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.576111078 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.576165915 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.611675024 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.611851931 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.611987114 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.612162113 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.612162113 CEST	50038	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.612195015 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.612268925 CEST	443	50038	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.614789009 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.614878893 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.614993095 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.615170002 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.615195036 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.674205065 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.674386024 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.674475908 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.674544096 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.674572945 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.674599886 CEST	50039	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.674612999 CEST	443	50039	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.677195072 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.677272081 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.677369118 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.677592993 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.677644014 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.710978031 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.711483002 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.711565018 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.712174892 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.712188959 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.815433025 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.815485001 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.815602064 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.815876961 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.815877914 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.816076994 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.816076994 CEST	50040	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.816119909 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.816148996 CEST	443	50040	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.819417000 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.819467068 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.819833994 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.819833994 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.819899082 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.986176014 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.987016916 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.987106085 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:39.987365007 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:39.987448931 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.086985111 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.087054968 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.087163925 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.087203979 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.087454081 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.087464094 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.087479115 CEST	50041	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.087534904 CEST	443	50041	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.090214968 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.090260983 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.090361118 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.090487957 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.090502024 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.097609043 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.098067999 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.098099947 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.098462105 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.098473072 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.202472925 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.202538013 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.202588081 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.202620983 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.202651024 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.202683926 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.202712059 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.271215916 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.271657944 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.271744967 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.272002935 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.272017956 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.291081905 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.291189909 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.291213989 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.291240931 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.291240931 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.291297913 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.291337967 CEST	50042	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.291354895 CEST	443	50042	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.293709040 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.293780088 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.293894053 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.293999910 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.294035912 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.320605040 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.321147919 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.321176052 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.321476936 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.321487904 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.395060062 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.395111084 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.395292997 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.395307064 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.395395041 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.395504951 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.395551920 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.395582914 CEST	50043	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.395597935 CEST	443	50043	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.398300886 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.398360014 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.398459911 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.398587942 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.398616076 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.487329006 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.487812996 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.487839937 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.488205910 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.488214970 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.569068909 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.569138050 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.569180965 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.569233894 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.569293976 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.569328070 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.569356918 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.587898970 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.587948084 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.588013887 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.588027000 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.588072062 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.588098049 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.588149071 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.588247061 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.588274956 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.588285923 CEST	50045	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.588293076 CEST	443	50045	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.592403889 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.592447996 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.592538118 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.592641115 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.592653036 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.654676914 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.654733896 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.654803038 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.654839039 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.654874086 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.654887915 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.654913902 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.654943943 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.654943943 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.654980898 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.655015945 CEST	50044	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.655031919 CEST	443	50044	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.658287048 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.658318996 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.658391953 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.658552885 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.658567905 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.779356956 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.780245066 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.780267954 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.781470060 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.781476021 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.883590937 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.883620977 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.883677006 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.883713007 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.883779049 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.884030104 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.884054899 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.884066105 CEST	50046	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.884073019 CEST	443	50046	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.887717009 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.887773037 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.887881994 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.888185024 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.888216972 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.938060999 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.938622952 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.938676119 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:40.939013958 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:40.939029932 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.202297926 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.202508926 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.202584982 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.203022003 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.203056097 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.203083038 CEST	50047	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.203097105 CEST	443	50047	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.206290007 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.206330061 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.206409931 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.206542015 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.206569910 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.208406925 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.209136963 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.209137917 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.209218979 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.209254980 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.316838026 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.316997051 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.317126989 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.317322016 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.317361116 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.317385912 CEST	50048	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.317401886 CEST	443	50048	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.320489883 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.320538998 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.320627928 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.320792913 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.320810080 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.389355898 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.389790058 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.389868975 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.390373945 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.390388012 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.391376019 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.391645908 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.391674995 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.392093897 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.392105103 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.489001989 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.489151001 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.489226103 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.489294052 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.489330053 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.489355087 CEST	50050	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.489371061 CEST	443	50050	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.490034103 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.490228891 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.490294933 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.490365028 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.490365028 CEST	50049	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.490381956 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.490401983 CEST	443	50049	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.492300987 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492350101 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.492434978 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492573023 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492589951 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.492650032 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492675066 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.492733002 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492810011 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.492820024 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.561580896 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.562043905 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.562087059 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.562455893 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.562467098 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.665203094 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.665267944 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.665353060 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.665395021 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.665421963 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.665608883 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.665608883 CEST	50051	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.665631056 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.665652037 CEST	443	50051	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.853880882 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.854557991 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.854574919 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.855101109 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.855106115 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.960063934 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.963485003 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.963593006 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.964617968 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.964617968 CEST	50052	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.964627028 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.964653969 CEST	443	50052	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.998243093 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.998703003 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.998763084 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:41.999304056 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:41.999317884 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.099525928 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.099720001 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.099862099 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.127880096 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.127926111 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.127975941 CEST	50053	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.127995014 CEST	443	50053	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.147744894 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.148200035 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.148252010 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.148277044 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.148571014 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.148582935 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.148761034 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.148791075 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.149066925 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.149070978 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246258020 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246436119 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246486902 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.246661901 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246682882 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.246699095 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246710062 CEST	50055	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.246714115 CEST	443	50055	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246815920 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.246932030 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.249088049 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.249088049 CEST	50054	443	192.168.2.4	13.107.246.60
Oct 4, 2024 05:32:42.249125004 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:42.249147892 CEST	443	50054	13.107.246.60	192.168.2.4
Oct 4, 2024 05:32:48.611895084 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:48.611998081 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:48.612086058 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:48.612338066 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:48.612370968 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.267002106 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.267292023 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.267349005 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.267882109 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.268143892 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.268234015 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.268307924 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.268307924 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.268349886 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.546471119 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.546802044 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:49.546885014 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.546993971 CEST	50056	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:49.547034025 CEST	443	50056	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:50.931369066 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:50.931482077 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:50.931583881 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:50.931840897 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:50.931879997 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.580037117 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.580331087 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.580403090 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.581640005 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.581948042 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.582093000 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.582117081 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.582140923 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.582144022 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.622220039 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.622235060 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.865423918 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.865763903 CEST	443	50057	142.250.184.238	192.168.2.4
Oct 4, 2024 05:32:51.865839958 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.865947962 CEST	50057	443	192.168.2.4	142.250.184.238
Oct 4, 2024 05:32:51.865976095 CEST	443	50057	142.250.184.238	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 05:31:05.545448065 CEST	53	62743	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:05.597006083 CEST	63111	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:05.597224951 CEST	57831	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:05.603781939 CEST	53	63111	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:05.604120016 CEST	53	57831	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:05.615166903 CEST	53	65017	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:06.533432007 CEST	64377	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:06.533610106 CEST	50788	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:06.540198088 CEST	53	50788	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:06.540685892 CEST	53	64377	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:06.681143999 CEST	53	61779	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:09.764400005 CEST	58714	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:09.764571905 CEST	53290	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:09.771768093 CEST	53	53290	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:09.772597075 CEST	53	58714	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:11.878222942 CEST	53	49190	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:14.459148884 CEST	61170	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:14.459325075 CEST	51635	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:14.465888023 CEST	53	51635	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:14.465923071 CEST	53	61170	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:15.855751038 CEST	53499	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:15.855869055 CEST	49979	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:31:15.862783909 CEST	53	49979	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:15.862804890 CEST	53	53499	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:17.833638906 CEST	53	49961	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:22.023374081 CEST	138	138	192.168.2.4	192.168.2.255
Oct 4, 2024 05:31:23.802561045 CEST	53	61468	1.1.1.1	192.168.2.4
Oct 4, 2024 05:31:42.509500027 CEST	53	60142	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:05.133733988 CEST	53	52745	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:05.568041086 CEST	53	55475	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:16.496267080 CEST	53	53188	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:18.521670103 CEST	60113	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:32:18.525095940 CEST	61604	53	192.168.2.4	1.1.1.1
Oct 4, 2024 05:32:18.528559923 CEST	53	60113	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:18.531879902 CEST	53	61604	1.1.1.1	192.168.2.4
Oct 4, 2024 05:32:32.961463928 CEST	53	58227	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 4, 2024 05:31:05.597006083 CEST	192.168.2.4	1.1.1.1	0x251c	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:05.597224951 CEST	192.168.2.4	1.1.1.1	0xe550	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 4, 2024 05:31:06.533432007 CEST	192.168.2.4	1.1.1.1	0x26f1	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.533610106 CEST	192.168.2.4	1.1.1.1	0x8c06	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 4, 2024 05:31:09.764400005 CEST	192.168.2.4	1.1.1.1	0xd850	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:09.764571905 CEST	192.168.2.4	1.1.1.1	0x7963	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 4, 2024 05:31:14.459148884 CEST	192.168.2.4	1.1.1.1	0xa021	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:14.459325075 CEST	192.168.2.4	1.1.1.1	0x7066	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 4, 2024 05:31:15.855751038 CEST	192.168.2.4	1.1.1.1	0x6fb3	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:15.855869055 CEST	192.168.2.4	1.1.1.1	0x4a5	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 4, 2024 05:32:18.521670103 CEST	192.168.2.4	1.1.1.1	0x7196	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:32:18.525095940 CEST	192.168.2.4	1.1.1.1	0x2ea0	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 4, 2024 05:31:05.603781939 CEST	1.1.1.1	192.168.2.4	0x251c	No error (0)	youtube.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:05.604120016 CEST	1.1.1.1	192.168.2.4	0xe550	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 4, 2024 05:31:06.540198088 CEST	1.1.1.1	192.168.2.4	0x8c06	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540198088 CEST	1.1.1.1	192.168.2.4	0x8c06	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:06.540685892 CEST	1.1.1.1	192.168.2.4	0x26f1	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:09.771768093 CEST	1.1.1.1	192.168.2.4	0x7963	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 4, 2024 05:31:09.772597075 CEST	1.1.1.1	192.168.2.4	0xd850	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:14.465888023 CEST	1.1.1.1	192.168.2.4	0x7066	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 05:31:14.465923071 CEST	1.1.1.1	192.168.2.4	0xa021	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 05:31:14.465923071 CEST	1.1.1.1	192.168.2.4	0xa021	No error (0)	www3.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:31:15.862804890 CEST	1.1.1.1	192.168.2.4	0x6fb3	No error (0)	play.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Oct 4, 2024 05:32:18.528559923 CEST	1.1.1.1	192.168.2.4	0x7196	No error (0)	play.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	142.250.186.174	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:06 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:06 UTC	1919	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Fri, 04 Oct 2024 03:31:06 GMT Date: Fri, 04 Oct 2024 03:31:06 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Content-Security-Policy: require-trusted-types-for 'script' Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: YSC=KNf6Bnwwh64; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	216.58.212.142	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:07 UTC	894	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: YSC=KNf6Bnwwh64
2024-10-04 03:31:07 UTC	2530	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 04 Oct 2024 03:31:07 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Content-Security-Policy: require-trusted-types-for 'script' Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 04-Oct-2024 04:01:07 GMT; Path=/; Secure; HttpOnly Set-Cookie: VISITOR_INFO1_LIVE=Uty1_PrYP1A; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 03:31:07 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgYw%3D%3D; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 03:31:07 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-04 03:31:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=220442 Date: Fri, 04 Oct 2024 03:31:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-04 03:31:12 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=220516 Date: Fri, 04 Oct 2024 03:31:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-04 03:31:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	142.250.184.238	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:15 UTC	1215	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=214798233&timestamp=1728012673477 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:15 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-CZd_4qXJOJ6hFDZR8kBsMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 04 Oct 2024 03:31:15 GMT Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw1JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh6P58N_tbAI_fl-ayqikl5RfGJ-ZkppXkllSmZKfm5iZl5yfn52ZWlycWlSWWhRvZGBkYmBpZKlnYBFfYAAA-mwuDA" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 37 36 31 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 43 5a 64 5f 34 71 58 4a 4f 4a 36 68 46 44 5a 52 38 6b 42 73 4d 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7615<html><head><script nonce="CZd_4qXJOJ6hFDZR8kBsMA">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-04 03:31:15 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49760	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:16 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:16 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:16 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49761	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:16 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:16 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:16 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49764	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:17 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:17 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 36 37 34 35 39 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012674590",null,null,null
2024-10-04 03:31:17 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=0CJVxcqzZo0GFcNhiHWr3EqRnmVg-J4n0GB5lErkz9_848XMcDnHg_T0-W35F2munT1OXfozsFuSsG5h9l4OM10lqaCEDR-lAGLU7fM-QqtvG89j1wDEIyDp_riyXTKjF02VxYDiRVxDOxnxKfpy8v4ckHUjeiqgNnnG2__PHvs0pQSTIlQ; expires=Sat, 05-Apr-2025 03:31:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:17 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 03:31:17 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:17 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49765	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:17 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 03:31:17 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 36 37 34 39 32 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012674925",null,null,null
2024-10-04 03:31:17 UTC	933	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=B_zICH9liEG0_A5dcm8XXX4j1Vlqcq6hAH4B5UGBOtDJ95RxfvtQ8-jlSwf4qRzaLjKitcnMm9SYRPgSjOoQGfFAIOFnTCoL-D4AoiQlrQZClGTWL7aEgHF6BVCZHnyrwkw0gM0Q05h0ik7Dm29qu_OGbVzkespVPBZRNtQCZ-OeBtjfz-c; expires=Sat, 05-Apr-2025 03:31:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:17 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 03:31:17 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:17 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49741	142.250.186.164	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:18 UTC	1214	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=B_zICH9liEG0_A5dcm8XXX4j1Vlqcq6hAH4B5UGBOtDJ95RxfvtQ8-jlSwf4qRzaLjKitcnMm9SYRPgSjOoQGfFAIOFnTCoL-D4AoiQlrQZClGTWL7aEgHF6BVCZHnyrwkw0gM0Q05h0ik7Dm29qu_OGbVzkespVPBZRNtQCZ-OeBtjfz-c
2024-10-04 03:31:18 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 04 Oct 2024 02:29:19 GMT Expires: Sat, 12 Oct 2024 02:29:19 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 3719 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-04 03:31:18 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-04 03:31:18 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-04 03:31:18 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-04 03:31:18 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-04 03:31:18 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49766	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oKcpLspDuRys95K&MD=2AyAgdWU HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 03:31:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 969123e2-a491-4688-80ac-397b94fe7e2c MS-RequestId: 7e3d4940-6997-439a-b315-da46402ad149 MS-CV: ppi9UlyTxkqvmqhI.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 03:31:18 GMT Connection: close Content-Length: 24490
2024-10-04 03:31:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-04 03:31:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49780	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:24 UTC	1299	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1224 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=B_zICH9liEG0_A5dcm8XXX4j1Vlqcq6hAH4B5UGBOtDJ95RxfvtQ8-jlSwf4qRzaLjKitcnMm9SYRPgSjOoQGfFAIOFnTCoL-D4AoiQlrQZClGTWL7aEgHF6BVCZHnyrwkw0gM0Q05h0ik7Dm29qu_OGbVzkespVPBZRNtQCZ-OeBtjfz-c
2024-10-04 03:31:24 UTC	1224	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 30 31 32 36 37 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728012672000",null,null,null,
2024-10-04 03:31:24 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA; expires=Sat, 05-Apr-2025 03:31:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:24 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 03:31:24 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:24 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49781	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:47 UTC	1330	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1198 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA
2024-10-04 03:31:47 UTC	1198	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 37 30 35 33 35 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012705351",null,null,null
2024-10-04 03:31:47 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:47 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:47 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49782	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:48 UTC	1330	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1205 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA
2024-10-04 03:31:48 UTC	1205	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 37 30 36 39 37 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012706975",null,null,null
2024-10-04 03:31:48 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:48 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:48 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49783	216.58.206.78	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:48 UTC	1290	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1067 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA
2024-10-04 03:31:48 UTC	1067	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-04 03:31:48 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:31:48 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:31:48 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:31:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49784	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:57 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oKcpLspDuRys95K&MD=2AyAgdWU HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 03:31:57 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 580e3e14-9b32-45a0-aeef-420db89026e1 MS-RequestId: b027395b-f4ff-4cfc-83cf-eb2318939a2b MS-CV: cjMh3DZJb0Ge1UcO.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 03:31:57 GMT Connection: close Content-Length: 30005
2024-10-04 03:31:57 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-04 03:31:57 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49785	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:31:59 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:31:59 UTC	540	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:31:59 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT ETag: "0x8DCE1521DF74B57" x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033159Z-15767c5fc55w69c2zvnrz0gmgw0000000c70000000006dma x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:31:59 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-04 03:31:59 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49786	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc554wklc0x4mc5pq0w0000000cb0000000004nv4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49789	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc55v7j95gq2uzq37a00000000c2000000000n4us x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49787	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc55ncqdn59ub6rndq00000000brg000000001aqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49790	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc554w2fgapsyvy8ua00000000bhg000000002mdf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49792	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc55gs96cphvgp5f5vc0000000bv000000000bbbp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49793	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc55d6fcl6x6bw8cpdc0000000bw000000000828u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49794	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:00 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:00 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033200Z-15767c5fc55qkvj6n60pxm9mbw000000013g00000000aatw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49788	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc55jdxmppy6cmd24bn000000043000000000gxhn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49791	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc55jdxmppy6cmd24bn00000004a00000000004hc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49796	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc554wklc0x4mc5pq0w0000000c8000000000c60z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49797	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc5546rn6ch9zv310e000000004zg000000004a97 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49795	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc55gq5fmm10nm5qqr80000000c30000000008wpv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:01 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49798	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033201Z-15767c5fc554w2fgapsyvy8ua00000000bcg00000000g15d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49799	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:01 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc55lghvzbxktxfqntw0000000bp00000000091e7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49801	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:02 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc55472x4k7dmphmadg0000000bm000000000bus8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49800	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:02 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc55kg97hfq5uqyxxaw0000000by000000000agu3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49802	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:02 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc55kg97hfq5uqyxxaw0000000bv000000000m3zs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49803	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:02 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc5546rn6ch9zv310e000000004vg00000000fpdp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49804	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:02 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:02 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033202Z-15767c5fc55tsfp92w7yna557w0000000c2g000000000p9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:02 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49806	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:03 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033203Z-15767c5fc55fdfx81a30vtr1fw0000000cc0000000002mp0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49805	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:03 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:03 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 79ade187-001e-0065-788c-150b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033203Z-15767c5fc55gq5fmm10nm5qqr80000000bz000000000gtcs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:03 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49807	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:03 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:03 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033203Z-15767c5fc55w69c2zvnrz0gmgw0000000c4g00000000ce6k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:03 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49808	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:03 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033203Z-15767c5fc55v7j95gq2uzq37a00000000c8g0000000033vy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49809	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:03 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:03 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033203Z-15767c5fc55qkvj6n60pxm9mbw000000011000000000gfpz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49810	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55gs96cphvgp5f5vc0000000bu000000000dv7p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49811	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55kg97hfq5uqyxxaw0000000c00000000005t9z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49812	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55gq5fmm10nm5qqr80000000c40000000004y9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49813	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc554w2fgapsyvy8ua00000000beg000000009y2d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49814	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc5546rn6ch9zv310e000000004xg000000009nmg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49815	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55rv8zjq9dg0musxg0000000bvg00000000gk5c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49816	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55dtdv4d4saq7t47n0000000bt0000000006mk8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49817	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:04 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033204Z-15767c5fc55xsgnlxyxy40f4m00000000byg0000000024cd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:04 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49818	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc554l9xf959gp9cb1s000000067g00000000135p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49819	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc55w69c2zvnrz0gmgw0000000c90000000001qr7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49820	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc554wklc0x4mc5pq0w0000000c7g00000000es7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49821	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc55lghvzbxktxfqntw0000000bk000000000hr06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49822	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc55qdcd62bsn50hd6s0000000bv0000000001v0u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49823	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc554w2fgapsyvy8ua00000000bb000000000nd1b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49825	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:05 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:05 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033205Z-15767c5fc55xsgnlxyxy40f4m00000000bx0000000005emf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:05 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49826	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:06 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:06 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033206Z-15767c5fc554wklc0x4mc5pq0w0000000cc0000000002ews x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:06 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49827	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:06 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:06 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033206Z-15767c5fc55qkvj6n60pxm9mbw0000000170000000001dsu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:06 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49828	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:06 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033206Z-15767c5fc55sdcjq8ksxt4n9mc00000001c00000000013d3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49829	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:06 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:06 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033206Z-15767c5fc55dtdv4d4saq7t47n0000000br000000000aqya x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:06 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49830	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:06 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:06 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033206Z-15767c5fc55852fxfeh7csa2dn0000000bw0000000008cvk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:06 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49831	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 75858473-001e-000b-318c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55kg97hfq5uqyxxaw0000000bx000000000dd9n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49833	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55n4msds84xh4z67w00000005ng00000000a7xz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49832	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55gq5fmm10nm5qqr80000000c3g000000005u5y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49834	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55qkvj6n60pxm9mbw000000017g000000000by0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49835	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc552g4w83buhsr3htc0000000c2g000000000uvw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49836	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc554l9xf959gp9cb1s000000063000000000c24h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:07 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49837	13.107.246.60	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55jdxmppy6cmd24bn000000046g00000000808r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49838	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:07 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033207Z-15767c5fc55whfstvfw43u8fp40000000bzg00000000kfdp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49839	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc55fdfx81a30vtr1fw0000000cbg000000003p3n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49840	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc552g4w83buhsr3htc0000000bzg000000007ss5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49841	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: cce0beff-001e-0082-398c-155880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc55sdcjq8ksxt4n9mc000000015g00000000n0ka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49843	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc55n4msds84xh4z67w00000005s0000000001xzx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49842	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc55852fxfeh7csa2dn0000000bx0000000005py6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:08 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49844	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:08 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:08 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033208Z-15767c5fc55d6fcl6x6bw8cpdc0000000by0000000002vqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49845	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc554w2fgapsyvy8ua00000000bf0000000008see x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49846	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc55rv8zjq9dg0musxg0000000c2g000000000r3v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49848	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	471	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: c0f539ba-f01e-005d-330d-1613ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc5546rn6ch9zv310e000000004zg000000004amp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49847	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc55dtdv4d4saq7t47n0000000bng00000000kt35 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49849	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 04c46130-501e-0064-028c-151f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc55rv8zjq9dg0musxg0000000byg000000009bhv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49850	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:09 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:09 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033209Z-15767c5fc55dtdv4d4saq7t47n0000000bqg00000000bz0h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:09 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49851	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc55xsgnlxyxy40f4m00000000bs000000000kz9n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49852	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc554wklc0x4mc5pq0w0000000cb0000000004p7k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49853	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc55v7j95gq2uzq37a00000000c5000000000b1nz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49855	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc554w2fgapsyvy8ua00000000bk0000000001r3g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49856	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc55xsgnlxyxy40f4m00000000bxg000000003zsa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49857	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:10 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:10 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033210Z-15767c5fc55852fxfeh7csa2dn0000000bwg000000007m1r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:10 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49858	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc55jdxmppy6cmd24bn0000000480000000003zx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49859	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc55v7j95gq2uzq37a00000000c80000000003gwg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49860	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: d59d44fd-601e-003e-698c-153248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc554l9xf959gp9cb1s000000062g00000000dr6q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49861	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc55gs96cphvgp5f5vc0000000bz000000000186m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49862	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc55v7j95gq2uzq37a00000000c3g00000000fxxs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49863	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc55w69c2zvnrz0gmgw0000000c8g000000002ta3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49864	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:11 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:11 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033211Z-15767c5fc554wklc0x4mc5pq0w0000000cd0000000000bmp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:11 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49865	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55jdxmppy6cmd24bn0000000480000000003zy1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49866	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55kg97hfq5uqyxxaw0000000bvg00000000k070 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49867	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55jdxmppy6cmd24bn0000000470000000006d81 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49869	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55gs96cphvgp5f5vc0000000btg00000000g3z2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49868	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55gq5fmm10nm5qqr80000000c200000000090ez x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49870	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55d6fcl6x6bw8cpdc0000000bt000000000g13g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49871	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:12 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:12 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:12 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 7afec079-601e-000d-468c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033212Z-15767c5fc55gq5fmm10nm5qqr80000000c50000000002qw2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:12 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49872	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:13 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55ncqdn59ub6rndq00000000bkg00000000dpyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:13 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49873	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:13 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55rv8zjq9dg0musxg0000000bxg00000000dfb8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:13 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49874	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:13 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55852fxfeh7csa2dn0000000bw0000000008d1q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:13 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49875	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:13 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55v7j95gq2uzq37a00000000c80000000003gyn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:13 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49876	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:13 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55kg97hfq5uqyxxaw0000000c1g000000002u5m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:13 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49877	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:13 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:13 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033213Z-15767c5fc55whfstvfw43u8fp40000000c1g00000000ct9h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49878	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55ncqdn59ub6rndq00000000bpg000000006atk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49879	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55472x4k7dmphmadg0000000bng000000008nwr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49880	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55d6fcl6x6bw8cpdc0000000bug00000000bpke x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49881	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc554l9xf959gp9cb1s000000064g0000000085m2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49882	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55whfstvfw43u8fp40000000c1g00000000ctap x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49883	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55jdxmppy6cmd24bn000000043g00000000ghe9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49884	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:14 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:14 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033214Z-15767c5fc55dtdv4d4saq7t47n0000000brg00000000a5nr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49885	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55w69c2zvnrz0gmgw0000000c90000000001rdb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49886	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55qdcd62bsn50hd6s0000000br000000000c3dv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49887	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55rv8zjq9dg0musxg0000000by000000000bxn8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49888	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55n4msds84xh4z67w00000005pg000000007u31 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49889	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55852fxfeh7csa2dn0000000by00000000032rd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49890	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:15 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:15 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:15 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033215Z-15767c5fc55qkvj6n60pxm9mbw000000012000000000dke0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:15 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49891	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc55d6fcl6x6bw8cpdc0000000bw00000000082rc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49892	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc55n4msds84xh4z67w00000005qg000000004na4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49893	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc55472x4k7dmphmadg0000000bk000000000g7ap x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49894	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc55whfstvfw43u8fp40000000c0g00000000gu9d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49895	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc554wklc0x4mc5pq0w0000000c90000000009tgw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49896	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:16 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:16 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033216Z-15767c5fc55fdfx81a30vtr1fw0000000c6000000000mt2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49897	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55qkvj6n60pxm9mbw0000000170000000001e3p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49898	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55qkvj6n60pxm9mbw000000013000000000aztq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49900	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 89fd357a-501e-008f-758c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55v7j95gq2uzq37a00000000c4g00000000dnmc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49901	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: a7582d38-101e-0028-528c-158f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55gq5fmm10nm5qqr80000000bz000000000gtwr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49902	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55v7j95gq2uzq37a00000000c3g00000000fy1s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49903	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc5546rn6ch9zv310e000000004z0000000005rwm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49904	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:17 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc554wklc0x4mc5pq0w0000000c6g00000000gta9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49905	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:17 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033217Z-15767c5fc55lghvzbxktxfqntw0000000bk000000000hraf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49906	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55dtdv4d4saq7t47n0000000bv0000000001a0d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49907	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55d6fcl6x6bw8cpdc0000000brg00000000n3vr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49908	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55dtdv4d4saq7t47n0000000brg00000000a5qp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49909	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55rv8zjq9dg0musxg0000000by000000000bxqx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49910	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55jdxmppy6cmd24bn0000000480000000004043 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49911	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:18 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:18 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033218Z-15767c5fc55dtdv4d4saq7t47n0000000bq000000000dpp5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49912	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55tsfp92w7yna557w0000000by000000000bqc7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	49913	142.250.184.238	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	1330	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1304 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA
2024-10-04 03:32:19 UTC	1304	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 37 33 37 35 31 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012737513",null,null,null
2024-10-04 03:32:19 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:32:19 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:32:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:32:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49914	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55n4msds84xh4z67w00000005rg000000002q4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49915	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55whfstvfw43u8fp40000000c1000000000e56m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49916	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: b612907a-401e-008c-278c-1586c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55d6fcl6x6bw8cpdc0000000bs000000000m1f7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49917	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55v7j95gq2uzq37a00000000c4000000000ea3z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	49918	142.250.184.238	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	1330	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1334 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=UMyTg8vS69D0gYHA3clpZW2IksC__bks30xTMPIhas2foZACIxQidZaVBnvxiT7NDPR2pWdkrvRm5rPTedJbjzePBpcSoH6VdqV6akicn2eYL5_rWB0KXM-SX5_WQbtxo-XsMDc1necGYM0pPrOaOqUgFUx98GgGQIABgv2hb3W45uK8-JttKAB98KA
2024-10-04 03:32:19 UTC	1334	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 31 32 37 33 38 30 30 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728012738005",null,null,null
2024-10-04 03:32:19 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 03:32:19 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 03:32:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 03:32:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49919	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:19 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:19 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:19 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033219Z-15767c5fc55qdcd62bsn50hd6s0000000bs0000000008wh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:19 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49920	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:20 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:20 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:20 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033220Z-15767c5fc55kg97hfq5uqyxxaw0000000c10000000003qdk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:20 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49921	13.107.246.60	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 03:32:20 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 03:32:20 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 03:32:20 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: e360128a-801e-0083-498c-15f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T033220Z-15767c5fc55v7j95gq2uzq37a00000000c2000000000n5nn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 03:32:20 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Target ID:	0
Start time:	23:31:00
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x9d0000
File size:	919'040 bytes
MD5 hash:	1A7DBCFC4C8A85127DB62A70E3A6635A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000002.2935303809.0000000000B88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	23:31:00
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x630000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	23:31:00
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x630000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x630000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x630000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x630000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	23:31:01
Start date:	03/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	23:31:03
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	23:31:03
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	23:31:14
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3188 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	23:31:14
Start date:	03/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=2060,i,1955067534087792105,7040593399643175823,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1534
Total number of Limit Nodes:	44

Executed Functions

Function 009D42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 009D430D

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

GetCurrentProcess.KERNEL32(?,00A6CB64,00000000,?,?), ref: 009D4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 009D4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 009D4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 009D4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 009D4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 009D447B
GetSystemInfo.KERNEL32(?,?,?), ref: 009D44A0

Strings

kernel32.dll, xrefs: 009D444F
GetNativeSystemInfo, xrefs: 009D4460
|O, xrefs: 00A136F8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 623e3441ac6397fc8fb1c4753f8db3148327e9ac787b9da19cefab4d2739a826
Instruction ID: 1b11a899006ae0dd0469176f662f37282baf3072b99e507cabfe2dac6edff111
Opcode Fuzzy Hash: 623e3441ac6397fc8fb1c4753f8db3148327e9ac787b9da19cefab4d2739a826
Instruction Fuzzy Hash: 14A1426690E2D2FFCF52CFE968411A57EE46B27340F088C9AD0819B7A1D774454BDB31

Function 009D42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,009D50AA,?,?,00000000,00000000), ref: 009D42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,009D50AA,?,?,00000000,00000000), ref: 009D42C9
LoadResource.KERNEL32(?,00000000,?,?,009D50AA,?,?,00000000,00000000,?,?,?,?,?,?,009D4F20), ref: 00A135BE
SizeofResource.KERNEL32(?,00000000,?,?,009D50AA,?,?,00000000,00000000,?,?,?,?,?,?,009D4F20), ref: 00A135D3
LockResource.KERNEL32(009D50AA,?,?,009D50AA,?,?,00000000,00000000,?,?,?,?,?,?,009D4F20,?), ref: 00A135E6

Strings

SCRIPT, xrefs: 009D42BF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 54d2a52c8edba6acc6063db68a10ee019e2cda1830510de1d0c3f6c4cee39b89
Instruction ID: b616434a808f836a727153b73c23e38307a8e8117500fd3c94a29931a25574e2
Opcode Fuzzy Hash: 54d2a52c8edba6acc6063db68a10ee019e2cda1830510de1d0c3f6c4cee39b89
Instruction Fuzzy Hash: 7A11CE70240300BFEB219BA5DC48F677BBEEBC5B61F10816AF956C6250DBB1DC008670

Function 00A12BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 009D2B6B

Part of subcall function 009D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AA1418,?,009D2E7F,?,?,?,00000000), ref: 009D3A78

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00A92224), ref: 00A12C10
ShellExecuteW.SHELL32(00000000,?,?,00A92224), ref: 00A12C17

Strings

runas, xrefs: 00A12C0B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 90bc51bbcd206bf8cfee93c37f61538b6280d583fef27bfabec7a94ac432ece9
Instruction ID: b0275264a132d8e70d29edfab751e83d178f4de4bc93a3dc6b52b18a8ffab14b
Opcode Fuzzy Hash: 90bc51bbcd206bf8cfee93c37f61538b6280d583fef27bfabec7a94ac432ece9
Instruction Fuzzy Hash: 2111D2312882016AC704FF74D852BBEBBA4ABE6751F44C42FF082432A2CF64894A8712

Function 00A5A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A5A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00A5A6BA

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Process32NextW.KERNEL32(00000000,?), ref: 00A5A79C
CloseHandle.KERNELBASE(00000000), ref: 00A5A7AB

Part of subcall function 009ECE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A13303,?), ref: 009ECE8A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 1685e4c72ab9410462859b7a6359da5098b8ccb05208031691bf844b563f71d0
Instruction ID: e12547d8c432cb6fbea477a09bb21a6d1071e289cf53788b80fd20edd79ec6ec
Opcode Fuzzy Hash: 1685e4c72ab9410462859b7a6359da5098b8ccb05208031691bf844b563f71d0
Instruction Fuzzy Hash: B7515D716083009FD710EF64D886A6BBBE8FFD9754F00891EF99597291EB70D904CB92

Function 00A3DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00A15222), ref: 00A3DBCE
GetFileAttributesW.KERNELBASE(?), ref: 00A3DBDD
FindFirstFileW.KERNEL32(?,?), ref: 00A3DBEE
FindClose.KERNEL32(00000000), ref: 00A3DBFA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 52ddaf145f449a47accb6aded2c196268b916028913c72bab499083ef9cae872
Instruction ID: 823b42bcb0855ac337edac0b86add32fcdf634b527baed500563ea0edbda67aa
Opcode Fuzzy Hash: 52ddaf145f449a47accb6aded2c196268b916028913c72bab499083ef9cae872
Instruction Fuzzy Hash: 94F03071824914A7C220ABB8AD0D8BAB77C9E42335F545706F8B6C21E0EBF099568695

Function 00A5AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00A5B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A5B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A5B1D4
_wcslen.LIBCMT ref: 00A5B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A5B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A5B236
_wcslen.LIBCMT ref: 00A5B332

Part of subcall function 00A405A7: GetStdHandle.KERNEL32(000000F6), ref: 00A405C6

_wcslen.LIBCMT ref: 00A5B34B
_wcslen.LIBCMT ref: 00A5B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A5B3B6
GetLastError.KERNEL32(00000000), ref: 00A5B407
CloseHandle.KERNEL32(?), ref: 00A5B439
CloseHandle.KERNEL32(00000000), ref: 00A5B44A
CloseHandle.KERNEL32(00000000), ref: 00A5B45C
CloseHandle.KERNEL32(00000000), ref: 00A5B46E
CloseHandle.KERNEL32(?), ref: 00A5B4E3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: d134f4a6b5009f5f95a784e74d24d17b68b704f947a0f50a46feba7dc75229bf
Instruction ID: 5bb144315fd592f97f09a7cf672b917b44ca5a9c14b80c49952a3738552bcc5c
Opcode Fuzzy Hash: d134f4a6b5009f5f95a784e74d24d17b68b704f947a0f50a46feba7dc75229bf
Instruction Fuzzy Hash: D1F1AC316143409FC724EF24C891B6EBBE1BF85315F14855EF8999B2A2DB31EC49CB62

Function 009DD730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 009DD807
timeGetTime.WINMM ref: 009DDA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009DDB28
TranslateMessage.USER32(?), ref: 009DDB7B
DispatchMessageW.USER32(?), ref: 009DDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009DDB9F
Sleep.KERNELBASE(0000000A), ref: 009DDBB1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 7a11c1c93581871a6871e8d85793a31e64356a156d47c13b7e4708ae43263340
Instruction ID: 78a2004c34427f73c6e064cf1905e71d3d7c3dbab3c24f8a96c3b94b57f42641
Opcode Fuzzy Hash: 7a11c1c93581871a6871e8d85793a31e64356a156d47c13b7e4708ae43263340
Instruction Fuzzy Hash: 73420330689342EFD729CF28D894B6AB7F4BF86304F14892EE49587391D775E844CB92

Function 009D2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 009D2D07
RegisterClassExW.USER32(00000030), ref: 009D2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 009D2D42
InitCommonControlsEx.COMCTL32(?), ref: 009D2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009D2D6F
LoadIconW.USER32(000000A9), ref: 009D2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009D2D94

Strings

+, xrefs: 009D2CF0
AutoIt v3 GUI, xrefs: 009D2D23
0, xrefs: 009D2CE9
TaskbarCreated, xrefs: 009D2D37

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 9b9f0355a354eca11399290f2b97171bb51710fe25a792e63fa3ca1b109d5821
Instruction ID: a312fd06d9d674fbe1c51e6cf491d487e49fff4c2272fb34d81471ed87d29f7b
Opcode Fuzzy Hash: 9b9f0355a354eca11399290f2b97171bb51710fe25a792e63fa3ca1b109d5821
Instruction Fuzzy Hash: E321F2B5901319AFDB00DFE4EC89BEEBBB4FB09724F00811AF551A62A0D7B10546CFA1

Function 00A1065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A1039A: CreateFileW.KERNELBASE(00000000,00000000,?,00A10704,?,?,00000000,?,00A10704,00000000,0000000C), ref: 00A103B7

GetLastError.KERNEL32 ref: 00A1076F
__dosmaperr.LIBCMT ref: 00A10776
GetFileType.KERNELBASE(00000000), ref: 00A10782
GetLastError.KERNEL32 ref: 00A1078C
__dosmaperr.LIBCMT ref: 00A10795
CloseHandle.KERNEL32(00000000), ref: 00A107B5
CloseHandle.KERNEL32(?), ref: 00A108FF
GetLastError.KERNEL32 ref: 00A10931
__dosmaperr.LIBCMT ref: 00A10938

Strings

H, xrefs: 00A108BD

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 63a8a2b06a6be7c2d4e9bf9f60079099db8a96474f3deade18f7cb06cdcd0c4e
Instruction ID: 400021aa10b49139be3d9f890703f4cd99285975c6832a7a791403ce7e1fe78e
Opcode Fuzzy Hash: 63a8a2b06a6be7c2d4e9bf9f60079099db8a96474f3deade18f7cb06cdcd0c4e
Instruction Fuzzy Hash: 64A10232A041098FDF19EFA8D861BEE7BB1AB46320F140159F815AF2D1D7B59893CB91

Function 009D344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 009D3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AA1418,?,009D2E7F,?,?,?,00000000), ref: 009D3A78

Part of subcall function 009D3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 009D3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 009D356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A1318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A131CE
RegCloseKey.ADVAPI32(?), ref: 00A13210
_wcslen.LIBCMT ref: 00A13277
_wcslen.LIBCMT ref: 00A13286

Strings

\Include\, xrefs: 009D3527
\, xrefs: 00A1328C
Software\AutoIt v3\AutoIt, xrefs: 009D3560
Include, xrefs: 00A13184, 00A131C5

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 878913ddf0ee02c0dfc5501b3be6e921a3d7f76490347710cfb8f19991d65842
Instruction ID: d9a19326f08243750ec079e891281d4798236e3048a3acdac429f08530f59d9c
Opcode Fuzzy Hash: 878913ddf0ee02c0dfc5501b3be6e921a3d7f76490347710cfb8f19991d65842
Instruction Fuzzy Hash: E671D8715443019ECB04EFA9DC41AABB7F8FFD6740F40482EF5858B2A0EB759A49CB61

Function 009D2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 009D2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 009D2B9D
LoadIconW.USER32(00000063), ref: 009D2BB3
LoadIconW.USER32(000000A4), ref: 009D2BC5
LoadIconW.USER32(000000A2), ref: 009D2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 009D2BEF
RegisterClassExW.USER32(?), ref: 009D2C40

Part of subcall function 009D2CD4: GetSysColorBrush.USER32(0000000F), ref: 009D2D07
Part of subcall function 009D2CD4: RegisterClassExW.USER32(00000030), ref: 009D2D31
Part of subcall function 009D2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 009D2D42
Part of subcall function 009D2CD4: InitCommonControlsEx.COMCTL32(?), ref: 009D2D5F
Part of subcall function 009D2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 009D2D6F
Part of subcall function 009D2CD4: LoadIconW.USER32(000000A9), ref: 009D2D85
Part of subcall function 009D2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 009D2D94

Strings

AutoIt v3, xrefs: 009D2C2F
#, xrefs: 009D2C16
0, xrefs: 009D2C0F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 2ca670785317473e1edacda5ec87ce7b0b9f5f0478a25f55dc9ece53426ceb19
Instruction ID: 73f668e3758abdd3bb606678b8403f614cfd731e627a98656b29fd75ab1fac98
Opcode Fuzzy Hash: 2ca670785317473e1edacda5ec87ce7b0b9f5f0478a25f55dc9ece53426ceb19
Instruction Fuzzy Hash: 9E21F575A40329BFDB50DFE5EC59AA97FF4FB49B64F00401AE504AA6E0D7B105428FA0

Function 009D3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,009D316A,?,?), ref: 009D31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,009D316A,?,?), ref: 009D3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 009D3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,009D316A,?,?), ref: 009D3232
CreatePopupMenu.USER32 ref: 009D3246
PostQuitMessage.USER32(00000000), ref: 009D3267

Strings

TaskbarCreated, xrefs: 009D322D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 415203a7487044f3efe93af9d78fb0e35096ea34f729ec8b2d847ca4cd798887
Instruction ID: d0222f5ddf5c73175dac1a2da158d4b21d7b3322f42f82f7fc2fe4a4d98645b3
Opcode Fuzzy Hash: 415203a7487044f3efe93af9d78fb0e35096ea34f729ec8b2d847ca4cd798887
Instruction Fuzzy Hash: FC4158356C4202BBDF149FB8EC09BBA3A29E746352F04C127F661863E1D7A5CA41D763

Function 009D2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 009D2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 009D2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,009D1CAD,?), ref: 009D2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,009D1CAD,?), ref: 009D2CCF

Strings

AutoIt v3, xrefs: 009D2C89, 009D2C8E, 009D2C8F
edit, xrefs: 009D2CAC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: aa1a02af9a7d855817427844831fa47102de40232a9c661f845c20d599020916
Instruction ID: 42a3bd6ad19b1af8dfc94cf9ce344990aa8424ef10a8b0af42710c789568c610
Opcode Fuzzy Hash: aa1a02af9a7d855817427844831fa47102de40232a9c661f845c20d599020916
Instruction Fuzzy Hash: 77F0DA7A5402A17AEB719B97AC0CE772EBDD7C7F60F00005EF900AA5A0D7A51852DAB0

Function 009D3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,009D3B0F,SwapMouseButtons,00000004,?), ref: 009D3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,009D3B0F,SwapMouseButtons,00000004,?), ref: 009D3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,009D3B0F,SwapMouseButtons,00000004,?), ref: 009D3B83

Strings

Control Panel\Mouse, xrefs: 009D3B3E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: dc6f5645feda488995542f3f4012de583b5b3fdf09aed5c9dcce20317eb117cd
Instruction ID: 68d3c6df7618543080b7c5be605e05b974b4431522375751560c2215d8c64951
Opcode Fuzzy Hash: dc6f5645feda488995542f3f4012de583b5b3fdf09aed5c9dcce20317eb117cd
Instruction Fuzzy Hash: 8F1157B5650208FFDB20CFA4DC84ABEBBBCEF00751B10C96BE801D7210E2759E409BA0

Function 009D3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A133A2

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 009D3A04

Strings

Line: , xrefs: 00A133EB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 9353894deb4ecc5e27ce6c30a0ff061db2fb0dc3ea7db55b5ea1c3573a8a689a
Instruction ID: 81299b67a750f6820bf96def102821a689cd55ec768a288d3b0334968923cef5
Opcode Fuzzy Hash: 9353894deb4ecc5e27ce6c30a0ff061db2fb0dc3ea7db55b5ea1c3573a8a689a
Instruction Fuzzy Hash: 7C31E371588304AAC720EF60DC45BEBB3E8AB81710F00C92BF599872D1DB749A49C7D3

Function 009EFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 009F0668

Part of subcall function 009F32A4: RaiseException.KERNEL32(?,?,?,009F068A,?,00AA1444,?,?,?,?,?,?,009F068A,009D1129,00A98738,009D1129), ref: 009F3304

__CxxThrowException@8.LIBVCRUNTIME ref: 009F0685

Strings

Unknown exception, xrefs: 009F0692

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 61ff65544d5cd98e60c769a8003c3a57cdbd043605594b9c1c98339e02241a18
Instruction ID: 628404d2c3bcd70e09eabfd890ba07b2de63fcc05f3d2e4ff1c9206dea61d114
Opcode Fuzzy Hash: 61ff65544d5cd98e60c769a8003c3a57cdbd043605594b9c1c98339e02241a18
Instruction Fuzzy Hash: DBF0C83490020D778F00B665DC56EBE7B6C6EC0350B604531BB24D55D2EF75DA65C780

Function 009D10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 009D1BF4
Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 009D1BFC
Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 009D1C07
Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 009D1C12
Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 009D1C1A
Part of subcall function 009D1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 009D1C22

Part of subcall function 009D1B4A: RegisterWindowMessageW.USER32(00000004,?,009D12C4), ref: 009D1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 009D136A
OleInitialize.OLE32 ref: 009D1388
CloseHandle.KERNEL32(00000000,00000000), ref: 00A124AB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 4b3ac93e66f7cc1499650b4630310dc8de42ccce6c379b98391bb97621aa1e75
Instruction ID: eb65c2f07cb1fb7135861011b2f7b26511d535af2e175924c58be8e682340e95
Opcode Fuzzy Hash: 4b3ac93e66f7cc1499650b4630310dc8de42ccce6c379b98391bb97621aa1e75
Instruction Fuzzy Hash: 95719AB9D11213AFC388EFB9A9556657AE0FB8F394F54822AD04AC73E1EB344442CF44

Function 00A3C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 009D3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A3C259
KillTimer.USER32(?,00000001,?,?), ref: 00A3C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A3C270

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 42ef857a27c128ca515b07e5958ecaff33c77bb81f5df78ed1d561e057c2d3af
Instruction ID: a7851c9a54fa4f88fc6afd88e18504748a6b79693a3288c08788c4fb4ae20bee
Opcode Fuzzy Hash: 42ef857a27c128ca515b07e5958ecaff33c77bb81f5df78ed1d561e057c2d3af
Instruction Fuzzy Hash: AD31C370904354AFEB22DFA48C55BE7BBFC9B06314F00049AE2DAA7241C7745A85CB51

Function 00A086AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00A085CC,?,00A98CC8,0000000C), ref: 00A08704
GetLastError.KERNEL32(?,00A085CC,?,00A98CC8,0000000C), ref: 00A0870E
__dosmaperr.LIBCMT ref: 00A08739

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 050cf3ae7886eb5e2e9041036446019406955b58a9ccc94a2d791ebdb4977680
Instruction ID: 7adb56165f1acd9328f16006dcacd7945315916301087fb03d32a0ca5417f18c
Opcode Fuzzy Hash: 050cf3ae7886eb5e2e9041036446019406955b58a9ccc94a2d791ebdb4977680
Instruction Fuzzy Hash: 6B01CE32E0022C1AC620A334B965B7F6B584B93774F3A0119F8449F1D3DFAACC818249

Function 009DDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 009DDB7B
DispatchMessageW.USER32(?), ref: 009DDB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009DDB9F
Sleep.KERNELBASE(0000000A), ref: 009DDBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00A21CC9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: 599a1317f7de7f4bb6684225c27ea87b3f8d8a7c71e44be8b3cccae74b42eada
Instruction ID: a5e92b7fb75b1f43b91916236197ac1a86ddfb780927d76fd2040dfd704a50e5
Opcode Fuzzy Hash: 599a1317f7de7f4bb6684225c27ea87b3f8d8a7c71e44be8b3cccae74b42eada
Instruction Fuzzy Hash: 75F082306853409BE730CBA0DC89FEA73BCEB89310F10892AE64AC31C0DB749489DB15

Function 009E1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009E17F6

Strings

CALL, xrefs: 009E17C6

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: b74240eb23a85fd95b41caa0501f036fc0a9a2209245ffaacc918596f2ec38b7
Instruction ID: 741731edb976257dddbc65e8775230ec38d481f580fd0b4e5c755597c9a63b06
Opcode Fuzzy Hash: b74240eb23a85fd95b41caa0501f036fc0a9a2209245ffaacc918596f2ec38b7
Instruction Fuzzy Hash: 78228A706082819FC715DF19C490B2ABBF5BF89314F24896DF4968B3A2D735EC41CB82

Function 009D2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00A12C8C

Part of subcall function 009D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009D3A97,?,?,009D2E7F,?,?,?,00000000), ref: 009D3AC2

Part of subcall function 009D2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 009D2DC4

Strings

X, xrefs: 00A12C5A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: a11e8628bffae6ed58c8bc9e2b43dda33c406ab0053a1d322e4fdf93c5817c6e
Instruction ID: def4142afd0bd842e9e0138178f8237c67c17d7b7e5829179c159a42cd95ff2b
Opcode Fuzzy Hash: a11e8628bffae6ed58c8bc9e2b43dda33c406ab0053a1d322e4fdf93c5817c6e
Instruction Fuzzy Hash: 5521A571A402589FCF41EF94C845BEE7BFCAF89315F00805AE505B7341DBB89A898FA1

Function 009D3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 009D3908

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 57f2e4a1cdbb6ef900b75971a05bf30d3d0d4dccbfb20f55af582045ed3ecf0e
Instruction ID: 995f07d8a36cd8fabc07274ebb39d874c0590f196a10c35985b89cc12f4bf3da
Opcode Fuzzy Hash: 57f2e4a1cdbb6ef900b75971a05bf30d3d0d4dccbfb20f55af582045ed3ecf0e
Instruction Fuzzy Hash: 503181705043019FD760DF64D884797BBE8FB49719F00492EF59997380E7B1AA44CB52

Function 009EF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 009EF661

Part of subcall function 009DD730: GetInputState.USER32 ref: 009DD807

Sleep.KERNEL32(00000000), ref: 00A2F2DE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: ce5a65b443f32a701280f59ca12bedb811995b2c66727119c33195b14e1439ea
Instruction ID: fe62aa546ac3112d65978f87cc03baf6cff72b3d06a25a4c7277989c445654a1
Opcode Fuzzy Hash: ce5a65b443f32a701280f59ca12bedb811995b2c66727119c33195b14e1439ea
Instruction Fuzzy Hash: F0F08C312802159FD310EF69E449B6AB7F8EF867A0F00402AF859C7360DBB0A800CB90

Function 009DB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 009DBB4E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: e7ac095a89f3f9c3aa277503bd14d011263ae43ca9f075187457f1a400bf3d3e
Instruction ID: bac33023f51724dcafa59ed67f10811ffe7547f1a8f45be08495ff1c42b69fa2
Opcode Fuzzy Hash: e7ac095a89f3f9c3aa277503bd14d011263ae43ca9f075187457f1a400bf3d3e
Instruction Fuzzy Hash: 38329C34A4021ADFDB14CF58C894FBAB7B9EF45304F16806AE915AB392C778ED41CB91

Function 009D4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 009D4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,009D4EDD,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E9C
Part of subcall function 009D4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 009D4EAE
Part of subcall function 009D4E90: FreeLibrary.KERNEL32(00000000,?,?,009D4EDD,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4EFD

Part of subcall function 009D4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A13CDE,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E62
Part of subcall function 009D4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 009D4E74
Part of subcall function 009D4E59: FreeLibrary.KERNEL32(00000000,?,?,00A13CDE,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E87

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 83a41498ba908083b017c1e862531595f64c988000e7d8bebbd1d9debea626ed
Instruction ID: 28fc6c73fdb6d92016237b47bdc4bbece17c294a8f3be6fba811a76f495d4d50
Opcode Fuzzy Hash: 83a41498ba908083b017c1e862531595f64c988000e7d8bebbd1d9debea626ed
Instruction Fuzzy Hash: 4011E732680205ABCF14FFA4DC06FAD77A5AF90710F10C42FF542A62E1DE749A459B60

Function 00A08402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00A08440

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: dde20e58d66e2f97b142c56e449b40ffbe6192ae537809771722fbd59c8e5edc
Instruction ID: 9239f410f3b7e5e81130410683fc82ec223e6aafea8cdfd11a481c027ef60441
Opcode Fuzzy Hash: dde20e58d66e2f97b142c56e449b40ffbe6192ae537809771722fbd59c8e5edc
Instruction Fuzzy Hash: 5811187590410EAFCB05DF58E9419DE7BF5EF48314F104059F808AB352DB31DA11CBA9

Function 00A05000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A04C7D: RtlAllocateHeap.NTDLL(00000008,009D1129,00000000,?,00A02E29,00000001,00000364,?,?,?,009FF2DE,00A03863,00AA1444,?,009EFDF5,?), ref: 00A04CBE

_free.LIBCMT ref: 00A0506C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: 45db50952e4e08adce72f291972dada64dfd141a1506dc9852d15bbd2a802511
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: 0A012B726047085FE3218F65E885A5AFBECFB89370F25052DE184832C0E6306905CB74

Function 00A629BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00A614B5,?), ref: 00A62A01

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: cc5f1d9f3703e68ff3bff71d9fdfdd6a03b250302caa7154a265c64c183fbeaa
Instruction ID: d134c62e11ba686be91bf7902b1d10619e040144e00d84f60f2392c9c6a3c653
Opcode Fuzzy Hash: cc5f1d9f3703e68ff3bff71d9fdfdd6a03b250302caa7154a265c64c183fbeaa
Instruction Fuzzy Hash: 57019E36300E829FD334CB6CC454B2237B2EBD5358F298468C0878B291DB72EC42C7A0

Function 009FE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 89e0899754d7d2e83d438d7526da46ca3de78d654633f515fae2982fb8d4b310
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 3AF0F432511A1C96DA323E69AD09B7A339C9F92334F100B15F661D61E2DF74980187A9

Function 00A04C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,009D1129,00000000,?,00A02E29,00000001,00000364,?,?,?,009FF2DE,00A03863,00AA1444,?,009EFDF5,?), ref: 00A04CBE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0f071f518bc62feac34f0acf706fcddb3a4db14bfb01e763c6a600bc28ef083b
Instruction ID: 2b68915e14f1d5bab47bd7a59e1a25029d8443660612e1af8cc5cb11f6631995
Opcode Fuzzy Hash: 0f071f518bc62feac34f0acf706fcddb3a4db14bfb01e763c6a600bc28ef083b
Instruction Fuzzy Hash: 9AF0B47160622C77FB215F62BC09B6B3798BF857B0F144111FA1AAA1C0CA70D80147E0

Function 00A03820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6,?,009D1129), ref: 00A03852

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 115e51088316c9d4b46de5dd66e56be61a8271e46ed0ede8f616823b3e02859a
Instruction ID: 9138971ce14c8dfe97f50f366622c6d92082adab060641e94b12c6e68d478885
Opcode Fuzzy Hash: 115e51088316c9d4b46de5dd66e56be61a8271e46ed0ede8f616823b3e02859a
Instruction Fuzzy Hash: 0FE0E53350122C66DF212FB7BC00BAB365CAF827B0F0581A0FD15964C0CB11DE0583E0

Function 009D4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4F6D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: e20d3faf44ba82a7bb93bf570331b745738c5c6ec38adf8d556e5674a559b648
Instruction ID: 1331b190435004993aa7e88665a654820fba10aeaf469517d51f6692b9a713b2
Opcode Fuzzy Hash: e20d3faf44ba82a7bb93bf570331b745738c5c6ec38adf8d556e5674a559b648
Instruction Fuzzy Hash: 53F01571145752CFDB349F68D490822BBF8AF24329320CA6FE2EA82621CB359844DB50

Function 00A62A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A62A66

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 53457df0b18a49e3c4f52ec545aa99efb1ecb37d6f6b755f06589698c533becf
Instruction ID: 3f7d879154331a7466eac5f0c1f41ee148d46f64271351e288933c7615c43704
Opcode Fuzzy Hash: 53457df0b18a49e3c4f52ec545aa99efb1ecb37d6f6b755f06589698c533becf
Instruction Fuzzy Hash: 8EE0863A754516AAC714EB70DC80AFE777CEF643D5B104536FC26C2100DB74999587E0

Function 009D2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 009D2DC4

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 2500b591fcee16eccfcd10fad436adf8169dcaa215117d9e31841fa89ffc160c
Instruction ID: d21005359b155e9a4695ec876ddd8c484268354f7b3f645ff7891ecfb7b55d41
Opcode Fuzzy Hash: 2500b591fcee16eccfcd10fad436adf8169dcaa215117d9e31841fa89ffc160c
Instruction Fuzzy Hash: 40E0CD726041245BC710E2989C05FEA77EDDFC8790F044072FD09D7248D964AD818550

Function 009D2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 009D3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 009D3908

Part of subcall function 009DD730: GetInputState.USER32 ref: 009DD807

SetCurrentDirectoryW.KERNEL32(?), ref: 009D2B6B

Part of subcall function 009D30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 009D314E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: 0a5eac8ad5c9eb00e7c88b7f18ec9c947073d2843a08e4c4eb1168a93f5c366b
Instruction ID: 04d92d8682551ba442d7a90e75a64979616eea17b3d4e94c9c940d45b4fea195
Opcode Fuzzy Hash: 0a5eac8ad5c9eb00e7c88b7f18ec9c947073d2843a08e4c4eb1168a93f5c366b
Instruction Fuzzy Hash: 95E0266138020413C604BBB4A81267DA7598BE6352F00C43FF042833A2CF6449464212

Function 00A1039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00A10704,?,?,00000000,?,00A10704,00000000,0000000C), ref: 00A103B7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c6c91a6f412dcb1ed2363f89ba2a13501c6e3abacc452e5a9c303475be2d30ee
Instruction ID: 5a5568707c8de4f5630ebbb6624174a6c9fa92cbd4454a2d0e603da209bf77b1
Opcode Fuzzy Hash: c6c91a6f412dcb1ed2363f89ba2a13501c6e3abacc452e5a9c303475be2d30ee
Instruction Fuzzy Hash: 1DD06C3204010DBBDF028F84DD06EDA3BAAFB48714F014100FE5856020C772E822AB90

Function 009D1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 009D1CBC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: e526d8cceae8a913e68aa06fd33628e4409dc0674aca29706e71a5dd347c781c
Instruction ID: 50c07819302c23813dc11a00ad4994c611a1a2e669c46cba1ff8c572ca3a36cc
Opcode Fuzzy Hash: e526d8cceae8a913e68aa06fd33628e4409dc0674aca29706e71a5dd347c781c
Instruction Fuzzy Hash: 9EC09B352C0306AFF614CBC4BC4EF107764B349F14F044001F649595E3C3E21421DB50

Non-executed Functions

Function 00A69576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00A6961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A6965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00A6969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A696C9
SendMessageW.USER32 ref: 00A696F2
GetKeyState.USER32(00000011), ref: 00A6978B
GetKeyState.USER32(00000009), ref: 00A69798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A697AE
GetKeyState.USER32(00000010), ref: 00A697B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A697E9
SendMessageW.USER32 ref: 00A69810
SendMessageW.USER32(?,00001030,?,00A67E95), ref: 00A69918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00A6992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00A69941
SetCapture.USER32(?), ref: 00A6994A
ClientToScreen.USER32(?,?), ref: 00A699AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00A699BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A699D6
ReleaseCapture.USER32 ref: 00A699E1
GetCursorPos.USER32(?), ref: 00A69A19
ScreenToClient.USER32(?,?), ref: 00A69A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00A69A80
SendMessageW.USER32 ref: 00A69AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00A69AEB
SendMessageW.USER32 ref: 00A69B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00A69B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00A69B4A
GetCursorPos.USER32(?), ref: 00A69B68
ScreenToClient.USER32(?,?), ref: 00A69B75
GetParent.USER32(?), ref: 00A69B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00A69BFA
SendMessageW.USER32 ref: 00A69C2B
ClientToScreen.USER32(?,?), ref: 00A69C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A69CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00A69CDE
SendMessageW.USER32 ref: 00A69D01
ClientToScreen.USER32(?,?), ref: 00A69D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00A69D82

Part of subcall function 009E9944: GetWindowLongW.USER32(?,000000EB), ref: 009E9952

GetWindowLongW.USER32(?,000000F0), ref: 00A69E05

Strings

@GUI_DRAGID, xrefs: 00A6997D
F, xrefs: 00A69D07

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: a674ff33a5460529ecfeb6ca634b9e82d0a0fbb8d151f4ca96c55d403d5ebc46
Instruction ID: abd45b1ab449af1052bf4d45470ecddcb71f3fa7f5e955116a5687ca24ba51fa
Opcode Fuzzy Hash: a674ff33a5460529ecfeb6ca634b9e82d0a0fbb8d151f4ca96c55d403d5ebc46
Instruction Fuzzy Hash: 86428C38204341AFDB25CF68CC84AABBBF9FF89320F144619F699872A1D771E855CB51

Function 00A64873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00A648F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00A64908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00A64927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00A6494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00A6495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00A6497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00A649AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00A649D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00A64A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A64A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A64A7E
IsMenu.USER32(?), ref: 00A64A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A64AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A64B20
GetWindowLongW.USER32(?,000000F0), ref: 00A64B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00A64BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00A64C82
wsprintfW.USER32 ref: 00A64CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A64CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00A64CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00A64D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A64D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00A64D5A

Strings

%d/%02d/%02d, xrefs: 00A64CA8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 1040641871e2311fbcb6cd1b1021d886da499b75a1e8072cf766125cf4a45d0b
Instruction ID: 72f585566fde3da8fc2413f4cbf96fc5e6cf3a7a213fb49bd4bf720535330c82
Opcode Fuzzy Hash: 1040641871e2311fbcb6cd1b1021d886da499b75a1e8072cf766125cf4a45d0b
Instruction Fuzzy Hash: 0F121171600254ABEB258F68DC49FBE7BF8EF89710F104129F516EB2E1DBB89941CB50

Function 009EF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 009EF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A2F474
IsIconic.USER32(00000000), ref: 00A2F47D
ShowWindow.USER32(00000000,00000009), ref: 00A2F48A
SetForegroundWindow.USER32(00000000), ref: 00A2F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A2F4AA
GetCurrentThreadId.KERNEL32 ref: 00A2F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A2F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00A2F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00A2F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A2F4DE
SetForegroundWindow.USER32(00000000), ref: 00A2F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A2F4F6
keybd_event.USER32(00000012,00000000), ref: 00A2F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A2F50B
keybd_event.USER32(00000012,00000000), ref: 00A2F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A2F519
keybd_event.USER32(00000012,00000000), ref: 00A2F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A2F528
keybd_event.USER32(00000012,00000000), ref: 00A2F52D
SetForegroundWindow.USER32(00000000), ref: 00A2F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A2F557

Strings

Shell_TrayWnd, xrefs: 00A2F46F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 87a071cc813898233bd11b30f61fd744e2e5323370b76bd4efd2c5caa0031b43
Instruction ID: 3072843c02ebcd1c1fa09fbc13336ffb7ee0f1f1e6787690649137fc4a227961
Opcode Fuzzy Hash: 87a071cc813898233bd11b30f61fd744e2e5323370b76bd4efd2c5caa0031b43
Instruction Fuzzy Hash: 15313271A802287EEB216BF55C49FBF7E7CEB44B60F100076FA41E61D1C6F15D01AA61

Function 00A31201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00A316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A3170D
Part of subcall function 00A316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A3173A
Part of subcall function 00A316C3: GetLastError.KERNEL32 ref: 00A3174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A31286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A312A8
CloseHandle.KERNEL32(?), ref: 00A312B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A312D1
GetProcessWindowStation.USER32 ref: 00A312EA
SetProcessWindowStation.USER32(00000000), ref: 00A312F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A31310

Part of subcall function 00A310BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A311FC), ref: 00A310D4
Part of subcall function 00A310BF: CloseHandle.KERNEL32(?,?,00A311FC), ref: 00A310E9

Strings

winsta0, xrefs: 00A312CC
, xrefs: 00A3125A
default, xrefs: 00A3130B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: f5bd9774022d7b4e22d1d8bd37e10db8119197c7b55275b779ce2795dbef6815
Instruction ID: cd8a400e98ae05ca12512bdbd8d08a00369e99fe60bdae74376020d4f6aad5bb
Opcode Fuzzy Hash: f5bd9774022d7b4e22d1d8bd37e10db8119197c7b55275b779ce2795dbef6815
Instruction Fuzzy Hash: E78179B1A00349ABDF21DFA4DD4AFFE7BB9EF04714F144129FA11A61A0DB758945CB20

Function 00A30B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A31114
Part of subcall function 00A310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31120
Part of subcall function 00A310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A3112F
Part of subcall function 00A310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31136
Part of subcall function 00A310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A3114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A30BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A30C00
GetLengthSid.ADVAPI32(?), ref: 00A30C17
GetAce.ADVAPI32(?,00000000,?), ref: 00A30C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A30C6D
GetLengthSid.ADVAPI32(?), ref: 00A30C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A30C8C
HeapAlloc.KERNEL32(00000000), ref: 00A30C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A30CB4
CopySid.ADVAPI32(00000000), ref: 00A30CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A30CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A30D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A30D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30D45
HeapFree.KERNEL32(00000000), ref: 00A30D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30D55
HeapFree.KERNEL32(00000000), ref: 00A30D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30D65
HeapFree.KERNEL32(00000000), ref: 00A30D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00A30D78
HeapFree.KERNEL32(00000000), ref: 00A30D7F

Part of subcall function 00A31193: GetProcessHeap.KERNEL32(00000008,00A30BB1,?,00000000,?,00A30BB1,?), ref: 00A311A1
Part of subcall function 00A31193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A30BB1,?), ref: 00A311A8
Part of subcall function 00A31193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A30BB1,?), ref: 00A311B7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 9e5a49a83e13a447ed2de7f57d92ba0868889a99bfd9494d84069a8193127123
Instruction ID: 6a47c741e44db2ea6cf0791055a732211192bb96dc407cd6c26db5fc9f351033
Opcode Fuzzy Hash: 9e5a49a83e13a447ed2de7f57d92ba0868889a99bfd9494d84069a8193127123
Instruction Fuzzy Hash: 1B71687290021AABDF11DFE4DC48FAEBBB8BF05350F044655F954A6291D7B1AA06CBA0

Function 00A4EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00A6CC08), ref: 00A4EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00A4EB37
GetClipboardData.USER32(0000000D), ref: 00A4EB43
CloseClipboard.USER32 ref: 00A4EB4F
GlobalLock.KERNEL32(00000000), ref: 00A4EB87
CloseClipboard.USER32 ref: 00A4EB91
GlobalUnlock.KERNEL32(00000000), ref: 00A4EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00A4EBC9
GetClipboardData.USER32(00000001), ref: 00A4EBD1
GlobalLock.KERNEL32(00000000), ref: 00A4EBE2
GlobalUnlock.KERNEL32(00000000), ref: 00A4EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00A4EC38
GetClipboardData.USER32(0000000F), ref: 00A4EC44
GlobalLock.KERNEL32(00000000), ref: 00A4EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A4EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A4EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A4ECD2
GlobalUnlock.KERNEL32(00000000), ref: 00A4ECF3
CountClipboardFormats.USER32 ref: 00A4ED14
CloseClipboard.USER32 ref: 00A4ED59

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: bf7b78bc0d5a2301d3d07d1e34b2456c0be0b1e9d0a4c020eec80ecaafe7e736
Instruction ID: d13c0d18fb06c55bcf3119fd1429e0a31f5decf27fea98709ad367b1b23d4f2e
Opcode Fuzzy Hash: bf7b78bc0d5a2301d3d07d1e34b2456c0be0b1e9d0a4c020eec80ecaafe7e736
Instruction Fuzzy Hash: 60618C39204201AFD300EF64D898F7AB7B4FF84754F14851AF896972A1CB71E946CBA2

Function 00A4698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A469BE
FindClose.KERNEL32(00000000), ref: 00A46A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A46A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A46A75

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00A46AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00A46ADF

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00A46B32
%4d%02d%02d%02d%02d%02d, xrefs: 00A46B6A
%4d, xrefs: 00A46BB1
%02d, xrefs: 00A46C00, 00A46C0A, 00A46C5A, 00A46CAA, 00A46CFA, 00A46D4A
%03d, xrefs: 00A46DA2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 1c426ec32ac22affd516b2d4a92b83377802ae2cb3e1be24c2b16f7cfaae1f7a
Instruction ID: 1902153ffd24bb848c4629cf1bd0418abd71dc2d2aac391a23d4ddf70e43d0b7
Opcode Fuzzy Hash: 1c426ec32ac22affd516b2d4a92b83377802ae2cb3e1be24c2b16f7cfaae1f7a
Instruction Fuzzy Hash: 36D161B1548340AEC710EBA4D891EABB7FCAFC8704F44891EF589D7291EB74DA04C762

Function 00A49642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A49663
GetFileAttributesW.KERNEL32(?), ref: 00A496A1
SetFileAttributesW.KERNEL32(?,?), ref: 00A496BB
FindNextFileW.KERNEL32(00000000,?), ref: 00A496D3
FindClose.KERNEL32(00000000), ref: 00A496DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00A496FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00A4974A
SetCurrentDirectoryW.KERNEL32(00A96B7C), ref: 00A49768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A49772
FindClose.KERNEL32(00000000), ref: 00A4977F
FindClose.KERNEL32(00000000), ref: 00A4978F

Strings

*.*, xrefs: 00A496F5

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 95cafa10f51b3b3c53ec0fac79b493e32b1fe37855fbba6d1878995d0905594f
Instruction ID: 89e92585832d8b8490bd288987ea55f0e828234935ab70498fc7717dda581fac
Opcode Fuzzy Hash: 95cafa10f51b3b3c53ec0fac79b493e32b1fe37855fbba6d1878995d0905594f
Instruction Fuzzy Hash: 9431BC366406197ADB10EFB4DC08AEF77BCAF89330F104166E965E21A0EB70DE518B24

Function 00A4979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A497BE
FindNextFileW.KERNEL32(00000000,?), ref: 00A49819
FindClose.KERNEL32(00000000), ref: 00A49824
FindFirstFileW.KERNEL32(*.*,?), ref: 00A49840
SetCurrentDirectoryW.KERNEL32(?), ref: 00A49890
SetCurrentDirectoryW.KERNEL32(00A96B7C), ref: 00A498AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A498B8
FindClose.KERNEL32(00000000), ref: 00A498C5
FindClose.KERNEL32(00000000), ref: 00A498D5

Part of subcall function 00A3DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A3DB00

Strings

*.*, xrefs: 00A4983B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 5276d7608d7dc38ec7369a09d469cc7a5f69f21a2996b7395b8f653d36863760
Instruction ID: 86dcc4c8df2d2e5816a98d79c8a6638b0cf48f6e811db8ac858a53ae6b8c61b0
Opcode Fuzzy Hash: 5276d7608d7dc38ec7369a09d469cc7a5f69f21a2996b7395b8f653d36863760
Instruction Fuzzy Hash: EB31C336640619BEDF10EFB8EC48AEF77BCAF86330F104556F964A2190EB70D9558B60

Function 00A5BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A5B6AE,?,?), ref: 00A5C9B5
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5C9F1
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA68
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A5BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A5BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00A5BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A5C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A5C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A5C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A5C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A5C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A5C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A5C382
RegCloseKey.ADVAPI32(00000000), ref: 00A5C38F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: b33f69ed83d45cb53bda5f5743f84ab395406a0eb1af45b8ae03b085f2cbeae9
Instruction ID: 422e5166806356c4db10e6e157138da6b4563aa6e3329acd9773a7aecd527f56
Opcode Fuzzy Hash: b33f69ed83d45cb53bda5f5743f84ab395406a0eb1af45b8ae03b085f2cbeae9
Instruction Fuzzy Hash: 0B023B71604200AFD714DF28C895E2ABBE5BF89328F18C49DF84ADB2A6D731ED45CB51

Function 00A48195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A48257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00A48267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A48273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A48310
SetCurrentDirectoryW.KERNEL32(?), ref: 00A48324
SetCurrentDirectoryW.KERNEL32(?), ref: 00A48356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A4838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00A48395

Strings

*.*, xrefs: 00A4839B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 9e6f7d4d51f2554819e2f720da826dbd46ecce17a2dabc92d03efbbdec2c4b1b
Instruction ID: decd8dfdf918bd09bae5830721474d39467b989af18fceb44e02528be28c0f30
Opcode Fuzzy Hash: 9e6f7d4d51f2554819e2f720da826dbd46ecce17a2dabc92d03efbbdec2c4b1b
Instruction Fuzzy Hash: 066168B65043059FCB10EF64D840AAEB3E8FFC9314F04891EF99997251EB35E945CB92

Function 00A3D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 009D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009D3A97,?,?,009D2E7F,?,?,?,00000000), ref: 009D3AC2

Part of subcall function 00A3E199: GetFileAttributesW.KERNEL32(?,00A3CF95), ref: 00A3E19A

FindFirstFileW.KERNEL32(?,?), ref: 00A3D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A3D1DD
MoveFileW.KERNEL32(?,?), ref: 00A3D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A3D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A3D237

Part of subcall function 00A3D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A3D21C,?,?), ref: 00A3D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00A3D253
FindClose.KERNEL32(00000000), ref: 00A3D264

Strings

\*.*, xrefs: 00A3D0CD, 00A3D0D6, 00A3D0EB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 014e2070cfd360be76b7afc60f56f540719473dc9d52b82b054c5026e8507f2b
Instruction ID: 28ee68be3f1dd61557f17c78ab35086cd04fa8f509820964653d54dd7c57e3f8
Opcode Fuzzy Hash: 014e2070cfd360be76b7afc60f56f540719473dc9d52b82b054c5026e8507f2b
Instruction Fuzzy Hash: DD615C3194110DAFCF05EBE0EA92AEEB7B5AF55340F248166F40277291EB306F09DB61

Function 00A4ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00A4ED91
EmptyClipboard.USER32 ref: 00A4ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00A4EDAC
CloseClipboard.USER32 ref: 00A4EEA3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 3576c0861ee07f786802d8ebd3cf77345e1f934aead2c35efbd6b9ed3e727930
Instruction ID: 540d16195b8ffed3812d13a827f0c798725ff2def8ffdef98eac39555e67f964
Opcode Fuzzy Hash: 3576c0861ee07f786802d8ebd3cf77345e1f934aead2c35efbd6b9ed3e727930
Instruction Fuzzy Hash: 8041CE39604611AFD710DF55D889B69BBF5FF84328F14C099E4558B762C7B1EC42CB90

Function 00A3E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00A316C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A3170D
Part of subcall function 00A316C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A3173A
Part of subcall function 00A316C3: GetLastError.KERNEL32 ref: 00A3174A

ExitWindowsEx.USER32(?,00000000), ref: 00A3E932

Strings

, xrefs: 00A3E920
SeShutdownPrivilege, xrefs: 00A3E902
, xrefs: 00A3E95C
@, xrefs: 00A3E925

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 7df19a9498c4459b8651ecee57aefe56dc248fe9dfc791eebc24d06c79cd79a6
Instruction ID: 6a17bdd55564dfbcac9dbed6f628282bc1d9ee9c9d2445538296b5d0e1963101
Opcode Fuzzy Hash: 7df19a9498c4459b8651ecee57aefe56dc248fe9dfc791eebc24d06c79cd79a6
Instruction Fuzzy Hash: 9001F972710211ABEB54A7F49C86FBFB27CAB14760F154822FC13F21D1D6A05C408390

Function 00A51204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00A51276
WSAGetLastError.WSOCK32 ref: 00A51283
bind.WSOCK32(00000000,?,00000010), ref: 00A512BA
WSAGetLastError.WSOCK32 ref: 00A512C5
closesocket.WSOCK32(00000000), ref: 00A512F4
listen.WSOCK32(00000000,00000005), ref: 00A51303
WSAGetLastError.WSOCK32 ref: 00A5130D
closesocket.WSOCK32(00000000), ref: 00A5133C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: e03a50d01676033f4baf036f2f81df4163b051de8f55232ed240c63b36e154bd
Instruction ID: 372900b59660c5fe5b2152510e7f5f6398c8168607510c38dd4c7d4c1b6a8ac0
Opcode Fuzzy Hash: e03a50d01676033f4baf036f2f81df4163b051de8f55232ed240c63b36e154bd
Instruction Fuzzy Hash: 35418E316001019FD720DF64D488B79BBF5BF86329F188199E8569F292C775EC86CBE1

Function 00A3D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 009D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009D3A97,?,?,009D2E7F,?,?,?,00000000), ref: 009D3AC2

Part of subcall function 00A3E199: GetFileAttributesW.KERNEL32(?,00A3CF95), ref: 00A3E19A

FindFirstFileW.KERNEL32(?,?), ref: 00A3D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A3D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A3D481
FindClose.KERNEL32(00000000), ref: 00A3D498
FindClose.KERNEL32(00000000), ref: 00A3D4A1

Strings

\*.*, xrefs: 00A3D3F2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 5d663cb7bebfea67c5b5594f93925a6d431d94bff878b6b0bceac773c0a78cbe
Instruction ID: 301e2000519f4674f60a675fa9f4021d0ec62eed34c61e16bf693a96c84a4af8
Opcode Fuzzy Hash: 5d663cb7bebfea67c5b5594f93925a6d431d94bff878b6b0bceac773c0a78cbe
Instruction Fuzzy Hash: 9B317E71048341AFC301EF64D8919AFB7E8AED1354F448A1EF4E193291EB30AA19D763

Function 00A0E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00A0E645

Strings

1#IND, xrefs: 00A0F83D
1#QNAN, xrefs: 00A0F84B
1#INF, xrefs: 00A0F852
1#SNAN, xrefs: 00A0F844

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: bb0bbe6fff637cf80073ee6ee6be80e714b0d567cf3ae3fd7904208fa6062baa
Instruction ID: f6bfb6013dc298ceda7aaa6d9c44f7590a876f0c47ba68ea300d73a4b5c3f363
Opcode Fuzzy Hash: bb0bbe6fff637cf80073ee6ee6be80e714b0d567cf3ae3fd7904208fa6062baa
Instruction Fuzzy Hash: 7FC22971E0462C8FDB25CF28AD407EAB7B5EB88305F1445EAD84DE7280E775AE859F40

Function 00A4648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A464DC
CoInitialize.OLE32(00000000), ref: 00A46639
CoCreateInstance.OLE32(00A6FCF8,00000000,00000001,00A6FB68,?), ref: 00A46650
CoUninitialize.OLE32 ref: 00A468D4

Strings

.lnk, xrefs: 00A464BA, 00A46524, 00A465E0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: ceb1bd05d5400c0f1a566edb14331e321a92196010211c79f7d2f6c8e4e5e65e
Instruction ID: f47e5c51f72d7c789c499f3ca73de42c978228e6b8b37354d7ae9ac23663c757
Opcode Fuzzy Hash: ceb1bd05d5400c0f1a566edb14331e321a92196010211c79f7d2f6c8e4e5e65e
Instruction Fuzzy Hash: 87D14971648201AFC314EF24C881A6BB7E8FFD5704F50896DF5958B2A1EB70ED05CB92

Function 00A522DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00A522E8

Part of subcall function 00A4E4EC: GetWindowRect.USER32(?,?), ref: 00A4E504

GetDesktopWindow.USER32 ref: 00A52312
GetWindowRect.USER32(00000000), ref: 00A52319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A52355
GetCursorPos.USER32(?), ref: 00A52381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A523DF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 2c6367c50a846f6963faba7ef481988efa0982f71066ce012b8a77d13a9c970f
Instruction ID: bbf96574775c64bdb2b9806ff7b72f0e536ed3883a531a7833d73cc2c09bcf78
Opcode Fuzzy Hash: 2c6367c50a846f6963faba7ef481988efa0982f71066ce012b8a77d13a9c970f
Instruction Fuzzy Hash: E331E072504315AFC720DF54CC49B6BBBA9FF85724F000919F9859B191DB74EA09CB92

Function 00A49B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A49B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A49C8B

Part of subcall function 00A43874: GetInputState.USER32 ref: 00A438CB
Part of subcall function 00A43874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A43966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A49BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A49C75

Strings

*.*, xrefs: 00A49B5D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 53f3ee0d42bf8c74c87b7362a252c74514486925108377b71b419f0bc6b730e7
Instruction ID: ff940831b8860eb9b4024b5eebfdfaebc8b31cb8944e1dda47ef5c3c3e4a8fae
Opcode Fuzzy Hash: 53f3ee0d42bf8c74c87b7362a252c74514486925108377b71b419f0bc6b730e7
Instruction Fuzzy Hash: 0B41927594020AAFCF14EFA4C985AEFBBB4FF85311F208156E815A2291EB309E55CF61

Function 009E997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 009E9A4E
GetSysColor.USER32(0000000F), ref: 009E9B23
SetBkColor.GDI32(?,00000000), ref: 009E9B36

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 524a78ba2cca70f688b09dc967f9ad12fed27e7ea84d7090f2e4f6238da4db74
Instruction ID: 8093d3242986c269a7530f3659a00e87755fd13160b617d6c32a2f0cf69f0341
Opcode Fuzzy Hash: 524a78ba2cca70f688b09dc967f9ad12fed27e7ea84d7090f2e4f6238da4db74
Instruction Fuzzy Hash: 54A119701085A4BEE72ADB3E9C58E7F266DDF86344F140629F502DA6D1CB29DE01D272

Function 00A51806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A5307A
Part of subcall function 00A5304E: _wcslen.LIBCMT ref: 00A5309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A5185D
WSAGetLastError.WSOCK32 ref: 00A51884
bind.WSOCK32(00000000,?,00000010), ref: 00A518DB
WSAGetLastError.WSOCK32 ref: 00A518E6
closesocket.WSOCK32(00000000), ref: 00A51915

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: d46672189a63c461e6feb08e43f0d27c295e2e3d3723c2b004dab48205e2dfa9
Instruction ID: 4f4a797983c42be8199f7cb9d3698d432e9861383325f90e8e378e3a049fa052
Opcode Fuzzy Hash: d46672189a63c461e6feb08e43f0d27c295e2e3d3723c2b004dab48205e2dfa9
Instruction Fuzzy Hash: D351A071A40200AFDB20AF64C886F7AB7E5AB84718F088459F945AF3D3D671AD41CBA1

Function 00A61C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00A61CC0
IsWindowEnabled.USER32 ref: 00A61CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00A61CDB
IsIconic.USER32 ref: 00A61CE9
IsZoomed.USER32 ref: 00A61CF7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 35a14bb57fe8b21e739b23ef07f24412f5ad18c536438959a0abc025f7f81f03
Instruction ID: 6d2607f7270b3c6e10fc19d6f1e4d78019bfbb66c9ac0da7555e5a426b1f400b
Opcode Fuzzy Hash: 35a14bb57fe8b21e739b23ef07f24412f5ad18c536438959a0abc025f7f81f03
Instruction Fuzzy Hash: 4621A1317806119FD7209F2AC884B6A7FF5EF95325B1D8469E886CB351DBB1EC42CB90

Function 009D8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 009D83FA
VUUU, xrefs: 00A15DF0
VUUU, xrefs: 009D83E8
ERCP, xrefs: 009D813C
VUUU, xrefs: 009D843C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 25bd19452b70e6ebfffe43b0a566b9a272e3f5babf3258f575880e92c2e03d0c
Instruction ID: 43216bce54cef42f4f17424bb68abdf796fe05fb2fdcfcf0a8b3893aed4cf438
Opcode Fuzzy Hash: 25bd19452b70e6ebfffe43b0a566b9a272e3f5babf3258f575880e92c2e03d0c
Instruction Fuzzy Hash: DFA26D71E4061ACBDF24CF58C9407EEB7B1BB94310F2485AAE815AB385EB749DC1CB90

Function 00A3AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A3AAAC
SetKeyboardState.USER32(00000080), ref: 00A3AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A3AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A3AB88

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 84c246fa94fcfd7a689b29011e945d7e8a1e6037227fa735770081620cb9b766
Instruction ID: 017d621bb410f30e83962d6194a31aa5d6ba2dad04c81a1b7edeaec269bb104c
Opcode Fuzzy Hash: 84c246fa94fcfd7a689b29011e945d7e8a1e6037227fa735770081620cb9b766
Instruction Fuzzy Hash: 15310531A40268AEEB35CF64CC05BFABBBAAB64320F04421AF1D1961D1D3748D81C763

Function 00A0BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A0BB7F

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

GetTimeZoneInformation.KERNEL32 ref: 00A0BB91
WideCharToMultiByte.KERNEL32(00000000,?,00AA121C,000000FF,?,0000003F,?,?), ref: 00A0BC09
WideCharToMultiByte.KERNEL32(00000000,?,00AA1270,000000FF,?,0000003F,?,?,?,00AA121C,000000FF,?,0000003F,?,?), ref: 00A0BC36

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: b0b171425f845c5b9c94ae36b153106ff9a3f8ee514c6aa8584e04eddcf9907b
Instruction ID: 0cc532727294b835aa8037af37707591bb0851808e335f7ea6ff8151795213e0
Opcode Fuzzy Hash: b0b171425f845c5b9c94ae36b153106ff9a3f8ee514c6aa8584e04eddcf9907b
Instruction Fuzzy Hash: F631D27090424AEFCB11DFA8ED80AB9BBB8FF46750B14466AE060DB2E1D7309D45CB60

Function 00A4CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00A4CE89
GetLastError.KERNEL32(?,00000000), ref: 00A4CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00A4CEFE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 1990c420d8341941b6328541eed5c725f7629fdf1881dd4f7f1527a3f0e4d1b6
Instruction ID: 7fd5cbf3a1a30f4d70fc9982c011d4134d7ee88c18b36116420cea8932b337a4
Opcode Fuzzy Hash: 1990c420d8341941b6328541eed5c725f7629fdf1881dd4f7f1527a3f0e4d1b6
Instruction Fuzzy Hash: 4A21CFB5501305ABDB60DFA5C949BA7B7FCEF80364F10442EE64AD2151E774EE098B50

Function 00A38298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00A382AA

Strings

|, xrefs: 00A382DA
(, xrefs: 00A382F0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 77762756bc2c87998ad205022a11db5438c5d1b59d81b43bc179761440ed31f6
Instruction ID: 9aad9a2012bafa93c2f1fe4ac379c9245f079b48b390a9e6f9d40e58fb1bb770
Opcode Fuzzy Hash: 77762756bc2c87998ad205022a11db5438c5d1b59d81b43bc179761440ed31f6
Instruction Fuzzy Hash: 21323475A007059FCB28CF69C481AAAB7F0FF48710B15856EE49ADB3A1EB74E941CB40

Function 00A45C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A45CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00A45D17
FindClose.KERNEL32(?), ref: 00A45D5F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 8cfa7e81f26c46eb681bec1109d5d71893c06a37b86f664b19b6c806c97478ff
Instruction ID: 4889db78dbb70858afe36a9c572e3aa66c361f2bf2a60260d6afcd36b560bb65
Opcode Fuzzy Hash: 8cfa7e81f26c46eb681bec1109d5d71893c06a37b86f664b19b6c806c97478ff
Instruction Fuzzy Hash: E3517E78A046019FC714DF28C494E96B7E4FF89324F14855EE99A8B3A2DB30ED45CF91

Function 00A02622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00A0271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A02724
UnhandledExceptionFilter.KERNEL32(?), ref: 00A02731

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 5dcbc62589d6fd1931d59d2ab1d348e30a1f67283c51c0215f320b86388d64c0
Instruction ID: a66cde748c51c9d1ff895cf4582a717ce14f79b5d6079cc9763cdf558c3fadd7
Opcode Fuzzy Hash: 5dcbc62589d6fd1931d59d2ab1d348e30a1f67283c51c0215f320b86388d64c0
Instruction Fuzzy Hash: 5931C27491131CABCB21DF68DD89798BBB8BF48310F5041EAE90CA72A1E7709F818F44

Function 00A451CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A451DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00A45238
SetErrorMode.KERNEL32(00000000), ref: 00A452A1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 22dbc450c5f84da60773cf76746802bc273f66b9d26437588f1e986054cb226c
Instruction ID: 41953e7e6e6a39e1032d8e1225b8be20c55ac6b09d646f72f3ade1a7568b3ed6
Opcode Fuzzy Hash: 22dbc450c5f84da60773cf76746802bc273f66b9d26437588f1e986054cb226c
Instruction Fuzzy Hash: 0F314B75A00518DFDB00DFA4D884EEDBBB4FF49314F04809AE845AB362DB71E856CB90

Function 00A316C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 009EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009F0668
Part of subcall function 009EFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009F0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A3170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A3173A
GetLastError.KERNEL32 ref: 00A3174A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: d9022129e1f831abb6cbfca2506732074d03a10cfa85152750775277b6e3fdfe
Instruction ID: cb6b7b082b429d6339df1c847ce313c2a216f8d9b22129c6bdf32b57d35fcbc7
Opcode Fuzzy Hash: d9022129e1f831abb6cbfca2506732074d03a10cfa85152750775277b6e3fdfe
Instruction Fuzzy Hash: CF11C1B2404305AFD718EF54EC86E6ABBBDEB44764B24852EF05657681EB70BC428A60

Function 00A3D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A3D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00A3D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A3D650

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 792d85a4b1b068c669c3110c91d3c1c404a51fb1a1632f0149ea5444af62a0ee
Instruction ID: 29adb7736e4f5855a0e9871849ac912109c38f0dd8f14159189ad39c29b93b3f
Opcode Fuzzy Hash: 792d85a4b1b068c669c3110c91d3c1c404a51fb1a1632f0149ea5444af62a0ee
Instruction Fuzzy Hash: 4F115E75E05228BFDB10CFA5EC45FAFBBBCEB45B60F108115F914E7290D6B05A058BA1

Function 00A31663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A3168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00A316A1
FreeSid.ADVAPI32(?), ref: 00A316B1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 0c319d59c3379eb6b4132eb8b1b2334015bcef1a8ae6c07f86f61aaf0fe640c0
Instruction ID: b4804313222cb2dcd1a39dc7b3178e22a0267360d2ca25df2738273a40eb4d02
Opcode Fuzzy Hash: 0c319d59c3379eb6b4132eb8b1b2334015bcef1a8ae6c07f86f61aaf0fe640c0
Instruction Fuzzy Hash: B2F0F471950309FBDB00DFE49D89AAEBBBCEB08614F504565E601E2181E774AA448A50

Function 009F4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00A028E9,?,009F4CBE,00A028E9,00A988B8,0000000C,009F4E15,00A028E9,00000002,00000000,?,00A028E9), ref: 009F4D09
TerminateProcess.KERNEL32(00000000,?,009F4CBE,00A028E9,00A988B8,0000000C,009F4E15,00A028E9,00000002,00000000,?,00A028E9), ref: 009F4D10
ExitProcess.KERNEL32 ref: 009F4D22

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 9ad3a99d4da82b4fe53ef0715dc53132735081190d59dace118e27146f4657ca
Instruction ID: 9fdd69071627b18cd7ffb96544f059436ccd9f06d938c8c50e766f2caed100d0
Opcode Fuzzy Hash: 9ad3a99d4da82b4fe53ef0715dc53132735081190d59dace118e27146f4657ca
Instruction Fuzzy Hash: 67E0B63100014CABDF11AF94DE09A6A7F7DEB85795F104014FD598A262DB75ED42CB80

Function 00A2D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00A2D28C

Strings

X64, xrefs: 00A2D2A8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 68ec076f855a5768a883301668cd0e632f0bdd3fe25e95639691c576149bb783
Instruction ID: 606a7f7a5a358e06c06b70143f6a135d45633d7073a2631fc48bef7f3255120e
Opcode Fuzzy Hash: 68ec076f855a5768a883301668cd0e632f0bdd3fe25e95639691c576149bb783
Instruction Fuzzy Hash: D1D0C9B480112DEACB95CB90EC88DD9B37CBB04306F100551F106A2000D77495498F20

Function 009FCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: d7531909c508c1026b52dfd409a0dbb02259e4a3be363b2109791a9c4caf14c3
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 03020AB1E0021D9BDF14CFA9C9806ADFBB5EF88314F25856AD919E7380D731AE418B94

Function 00A468EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A46918
FindClose.KERNEL32(00000000), ref: 00A46961

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: a73cbaf4f3a169e3d4267de3a22e35c3074d4b6b3ea70143a009f8876ed2a7c0
Instruction ID: 3e4e7e966f36d0fdc1efb9ceeaf76820a97f2f431ba0c0d9e91666096be405f0
Opcode Fuzzy Hash: a73cbaf4f3a169e3d4267de3a22e35c3074d4b6b3ea70143a009f8876ed2a7c0
Instruction Fuzzy Hash: 2C1190756042019FC710DF69D484A26BBE5FF85328F14C69AF8698F3A2D770EC05CB91

Function 00A437B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A54891,?,?,00000035,?), ref: 00A437E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A54891,?,?,00000035,?), ref: 00A437F4

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: d4e77e90c43671ba0f29a1e97fef9c6c73d81bc60c7bfe30ba2386b4649a510e
Instruction ID: f49982b552f517e2d68b4df0bdc68a84eef8186c7ea5bd21ab07ded331a0ce7b
Opcode Fuzzy Hash: d4e77e90c43671ba0f29a1e97fef9c6c73d81bc60c7bfe30ba2386b4649a510e
Instruction Fuzzy Hash: 8DF055B16002282AEB60A3B68C4DFEB3AAEEFC4770F000122F509D2280C9A08904C6B0

Function 00A3B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A3B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00A3B270

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 40508798b1446898c4ce9fa9d7d63e31886f7638596f78aa4b1f9f46df4369d3
Instruction ID: 642e97b2d93f2fb2afc97ad9d535311ba4ebb396cd866d669b22dfe9c39d864c
Opcode Fuzzy Hash: 40508798b1446898c4ce9fa9d7d63e31886f7638596f78aa4b1f9f46df4369d3
Instruction Fuzzy Hash: B6F01D7181428DABDB05DFA1C806BFE7BB4FF04319F00800AFA65A5192C7B986119FA4

Function 00A310BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A311FC), ref: 00A310D4
CloseHandle.KERNEL32(?,?,00A311FC), ref: 00A310E9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 682f06aed5a4557a3667388391e4c8f1454efafd3b966c990ff452ba218a008b
Instruction ID: a719ac8639c49d3b8df54f887d1a2a0ea72f8a43b579d69ae56b003fb581c8e5
Opcode Fuzzy Hash: 682f06aed5a4557a3667388391e4c8f1454efafd3b966c990ff452ba218a008b
Instruction Fuzzy Hash: DFE0BF72018651AEE7266B52FC05F777BA9EB04320F14882EF5A5844B1DBA26C91DB50

Function 009DCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00A20C40

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 9291e707ead179c224fd058c03346183a48012b56a2a583895b4c6393642dc1a
Instruction ID: 089576bb2ccf7a8b5731a8ede96dca9130fd53eca6dfe93c6ea38c5daf733e5b
Opcode Fuzzy Hash: 9291e707ead179c224fd058c03346183a48012b56a2a583895b4c6393642dc1a
Instruction Fuzzy Hash: 0D329BB4940219DBCF14DF98D980BEDB7B9FF45304F20846AE806AB392D775AE45CB60

Function 00A0676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A06766,?,?,00000008,?,?,00A0FEFE,00000000), ref: 00A06998

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 54645a5869ad040f42aba20d1b288d358d976105a5f4a7251b69a2e3e330a91a
Instruction ID: cb951d06e5b863583457103677bdbb0613b9084e6e37c07987e6c6ef23e35b41
Opcode Fuzzy Hash: 54645a5869ad040f42aba20d1b288d358d976105a5f4a7251b69a2e3e330a91a
Instruction Fuzzy Hash: 05B116316106099FD719CF28D48AB657BE0FF45368F29C658E899CF2E2C335E9A5CB40

Function 009EB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00A2851F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b8543acf7ed1f87a85329bdb2ffc69a1e8003cac59b7c417ae172ed8e324a562
Instruction ID: 748d6557a36813e546b8bf79a58f250d6583a58179d2a30376089451997f281f
Opcode Fuzzy Hash: b8543acf7ed1f87a85329bdb2ffc69a1e8003cac59b7c417ae172ed8e324a562
Instruction Fuzzy Hash: 06127D719012299FCB25CF59D8816EEB7F5FF48710F1081AAE849EB255EB349E81CF90

Function 00A4EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00A4EABD

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 15d96cd31127404eeb97d1841b9f89025ae3d7fe7fe3baf7baf1615a3837267a
Instruction ID: a63404b70badcf75d69e3fcf27ae3c4cdfd34074be349d6296d056a1f699c212
Opcode Fuzzy Hash: 15d96cd31127404eeb97d1841b9f89025ae3d7fe7fe3baf7baf1615a3837267a
Instruction Fuzzy Hash: BEE01A352002059FC710EF59D804E9AB7E9BF987A1F008426FD49D7361DAB0A8418B90

Function 009F09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,009F03EE), ref: 009F09DA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: cc1b104cbf0bb6e40883acf9f7543933b4882cc3439e1ef28ba0a7443b1e8edb
Instruction ID: 57cc2ae823d6d51c8614b6e55260bba2e279cc887d5d852d9c247c06a23f6f86
Opcode Fuzzy Hash: cc1b104cbf0bb6e40883acf9f7543933b4882cc3439e1ef28ba0a7443b1e8edb
Instruction Fuzzy Hash:

Function 009F781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 009F798B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 8ce1ac0f8c7de15b6e37762d0829a3980e10feb96bfe78ea636b006c1df8b4e1
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 32518B7160C70D6BDF3889E888DD7BFE79D9B52384F180909DB82C7282C655DE82D352

Function 00A06DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede86e366b8aced7b4d0f350f45053ae1d66da1b7b6bda3d7e3a5f070ab36c56
Instruction ID: 1abc0a6509fdfaa1ec49dc3ff5116b55add24d2db83180ae529e28c89071f584
Opcode Fuzzy Hash: ede86e366b8aced7b4d0f350f45053ae1d66da1b7b6bda3d7e3a5f070ab36c56
Instruction Fuzzy Hash: D3322422D29F054DD7239634EC22339A689AFB73C5F15D737E81AB59A6EB39D4C34200

Function 009ECC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d0e8fa8a54fed19c65f24cf578b41461e42e37b1a77db44d39debf0f88541
Instruction ID: f5cab4f3078a07f04082c48476eb2cc19a8be7005c44c293b823d39e005301f4
Opcode Fuzzy Hash: a74d0e8fa8a54fed19c65f24cf578b41461e42e37b1a77db44d39debf0f88541
Instruction Fuzzy Hash: A1322872A001A58BDF29CF2DE490A7D77B2EF45360F388576E4C99B291D234DD82DB40

Function 009D7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6fd49a5f8537a0825f26d0e043ad409c7e4c1bf780f7ce12dfef7e654c2311
Instruction ID: 89cdb95be2dc24848988462f8ab8b50a87bd801dc52464052cabd0e2dc3dac11
Opcode Fuzzy Hash: 4d6fd49a5f8537a0825f26d0e043ad409c7e4c1bf780f7ce12dfef7e654c2311
Instruction Fuzzy Hash: 78228F70E04609DFDF14CFA5D941AEEB7B6FF84300F14852AE816AB291EB399D51CB50

Function 009D91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 502a646738ab1881323bb0a0bd06deb01e881e7f88f9eb04e76b67e96210454a
Instruction ID: 5378150c8dfc1caad9a9801410dc5905bc04ed28895b8bf5e1d76a637a6a9a35
Opcode Fuzzy Hash: 502a646738ab1881323bb0a0bd06deb01e881e7f88f9eb04e76b67e96210454a
Instruction Fuzzy Hash: 3F02A4B1E00209EBDB05DF55D881BAEB7B5FF44340F10816AE8169B391EB35AE61CBD1

Function 00A09EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27bd4d3db0404342607060dbbe40ba3b542480a0ec135e292f9dac27746fa685
Instruction ID: c38c9135f20a37a2d82cc976c002461ffbff922ab0951f788c8d09a31c1c6c8a
Opcode Fuzzy Hash: 27bd4d3db0404342607060dbbe40ba3b542480a0ec135e292f9dac27746fa685
Instruction Fuzzy Hash: A5B1F221D2AF414DC62396398C31336B65CAFBB6D5F92D31BFC2A78D62EB2285C35141

Function 009F1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 3671b91a7183bafecde63bdef0eca62aa389d7f736089a33c97449b5ac2bccef
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 4E9186726080A78ADB2D463E857403EFFF55A923B131A0B9ED5F2CA1C5FE24C954D7A0

Function 009F1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: e1bb2978ce5b1b24c7c26f2908e55a07ad6c321a2d9e2b0e6bd126e29d610233
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 6E91547320D0A74ADB29433A857413EFFE59A923B131E079ED6F2CB1C5EE248564E760

Function 009F19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 051e533bed8ac7e1f0c6f54b86c300cfcd76fa9951f99461dc53ce15c036c1bc
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: C891B3322090E7CADB2D427A847403EFFE55A923B231A079ED5F2CA1C5FE24C564D7A0

Function 009F7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bb468fadbdba21fd780c4f361b68b1426f805675ebed094ec2a2672376af0eb
Instruction ID: 9560952bcdbd153b7f8b306c6ab6f05b58c01dcc18d6ade50d509762ed552328
Opcode Fuzzy Hash: 3bb468fadbdba21fd780c4f361b68b1426f805675ebed094ec2a2672376af0eb
Instruction Fuzzy Hash: 6961573120870D96EA349AEC8C95BBFE39CDF82711F100D1AEB82DB281DA55DE42C315

Function 009F7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17a26b97b6300b52376bd9307696e9a4cc293dfd33e63d8ad7e8daf5000604f
Instruction ID: 01a5d74bd978aac1544f33e155074ff8d4762173e84daf9050a6f03d44673c91
Opcode Fuzzy Hash: e17a26b97b6300b52376bd9307696e9a4cc293dfd33e63d8ad7e8daf5000604f
Instruction Fuzzy Hash: 9D618A3160870D67DE384AE85895BBFE38DEF82704FA00D5AEB42CB2D1DA56DD42C315

Function 009F1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 366e9d02b70b22214f67eb16e683007ca79cf5ba59c08333091cd32086f3f44b
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: 5B8186326080E78ADB2D827A853407EFFE55A923B131A079ED5F6CB1C1EE24D554E7A0

Function 00A42046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11349d656394f9e7e25e73b528ebc04a6fc055a65f757aa3f9beeb581d074d18
Instruction ID: 4c3425b3ee1859e88e9d2f88122886608663ac85cffe3c83d0a974040d91b83b
Opcode Fuzzy Hash: 11349d656394f9e7e25e73b528ebc04a6fc055a65f757aa3f9beeb581d074d18
Instruction Fuzzy Hash: 732193326216158BD728CF79C82277E73E5A794310F55862EE4A7C37D0DE35AD04CB80

Function 00A52ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A52B30
DeleteObject.GDI32(00000000), ref: 00A52B43
DestroyWindow.USER32 ref: 00A52B52
GetDesktopWindow.USER32 ref: 00A52B6D
GetWindowRect.USER32(00000000), ref: 00A52B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A52CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A52CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52CF8
GetClientRect.USER32(00000000,?), ref: 00A52D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A52D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52D80
GlobalLock.KERNEL32(00000000), ref: 00A52D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52D98
GlobalUnlock.KERNEL32(00000000), ref: 00A52DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52DA8
GlobalFree.KERNEL32(00000000), ref: 00A52DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A6FC38,00000000), ref: 00A52DDB
GlobalFree.KERNEL32(00000000), ref: 00A52DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A52E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A52E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A52E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A5303F

Strings

, xrefs: 00A52FC5
static, xrefs: 00A52D3A, 00A52E91
AutoIt v3, xrefs: 00A52CF2
DISPLAY, xrefs: 00A52EA2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 43bad085e2d634231e8dbd4b384da03842a355ca6716d76d5efcd67215799a11
Instruction ID: aa2f2a90181ed227b2234dc59b11fd0bc2f9c899f6fa4dc11e30300cd423841f
Opcode Fuzzy Hash: 43bad085e2d634231e8dbd4b384da03842a355ca6716d76d5efcd67215799a11
Instruction Fuzzy Hash: 98029B75A00205EFDB14DFA4DC89EAE7BB9FF49321F008119F915AB2A1DB74AD05CB60

Function 00A670D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00A6712F
GetSysColorBrush.USER32(0000000F), ref: 00A67160
GetSysColor.USER32(0000000F), ref: 00A6716C
SetBkColor.GDI32(?,000000FF), ref: 00A67186
SelectObject.GDI32(?,?), ref: 00A67195
InflateRect.USER32(?,000000FF,000000FF), ref: 00A671C0
GetSysColor.USER32(00000010), ref: 00A671C8
CreateSolidBrush.GDI32(00000000), ref: 00A671CF
FrameRect.USER32(?,?,00000000), ref: 00A671DE
DeleteObject.GDI32(00000000), ref: 00A671E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00A67230
FillRect.USER32(?,?,?), ref: 00A67262
GetWindowLongW.USER32(?,000000F0), ref: 00A67284

Part of subcall function 00A673E8: GetSysColor.USER32(00000012), ref: 00A67421
Part of subcall function 00A673E8: SetTextColor.GDI32(?,?), ref: 00A67425
Part of subcall function 00A673E8: GetSysColorBrush.USER32(0000000F), ref: 00A6743B
Part of subcall function 00A673E8: GetSysColor.USER32(0000000F), ref: 00A67446
Part of subcall function 00A673E8: GetSysColor.USER32(00000011), ref: 00A67463
Part of subcall function 00A673E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A67471
Part of subcall function 00A673E8: SelectObject.GDI32(?,00000000), ref: 00A67482
Part of subcall function 00A673E8: SetBkColor.GDI32(?,00000000), ref: 00A6748B
Part of subcall function 00A673E8: SelectObject.GDI32(?,?), ref: 00A67498
Part of subcall function 00A673E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00A674B7
Part of subcall function 00A673E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A674CE
Part of subcall function 00A673E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00A674DB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 06528b7d10a38dd969613982169efdb84e9c8d1e91bbade85a0efa766760eb71
Instruction ID: 178f2bdb788fd694994e8190c90b84c1064db204a5f7db90eced149532cb65e9
Opcode Fuzzy Hash: 06528b7d10a38dd969613982169efdb84e9c8d1e91bbade85a0efa766760eb71
Instruction Fuzzy Hash: 28A17F72008301AFDB01DFA0DC48A6E7BB9FB89334F100B19F9A2961E1D7B5E945CB51

Function 009E8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 009E8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00A26AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A26AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A26F43

Part of subcall function 009E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,009E8BE8,?,00000000,?,?,?,?,009E8BBA,00000000,?), ref: 009E8FC5

SendMessageW.USER32(?,00001053), ref: 00A26F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A26F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A26FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A26FB7

Strings

0, xrefs: 00A26DCF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: c86f7494a668c757a5784dfb579f2c6397f492c45093b40015c2fd21aeb63e16
Instruction ID: 5b0226eb15be789dc305393cbce168d55c021cc19d1f2ce190111d759b2038bf
Opcode Fuzzy Hash: c86f7494a668c757a5784dfb579f2c6397f492c45093b40015c2fd21aeb63e16
Instruction Fuzzy Hash: B812CE30202261EFDB26DF58E944BAAB7F5FB45310F14846DF4898B2A1CB35EC52DB91

Function 00A52711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00A5273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A5286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A528A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A528B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A52900
GetClientRect.USER32(00000000,?), ref: 00A5290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A52955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A52964
GetStockObject.GDI32(00000011), ref: 00A52974
SelectObject.GDI32(00000000,00000000), ref: 00A52978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A52988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A52991
DeleteDC.GDI32(00000000), ref: 00A5299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A529C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00A529DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A52A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A52A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00A52A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A52A77
GetStockObject.GDI32(00000011), ref: 00A52A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A52A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A52A97

Strings

msctls_progress32, xrefs: 00A52A13
static, xrefs: 00A5294F, 00A52A71
AutoIt v3, xrefs: 00A528F8
DISPLAY, xrefs: 00A5295A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: c763c8048c0cdbcbf4baf2c197311dd5499be281aa77e175be03ca54ae0e8e73
Instruction ID: 22771be28484c87a66a3264b395a6ae971f0f00dcf9255797fdb768d2f437236
Opcode Fuzzy Hash: c763c8048c0cdbcbf4baf2c197311dd5499be281aa77e175be03ca54ae0e8e73
Instruction Fuzzy Hash: BCB14971A40215BFEB14DFA8DC49FAABBB9FB49711F008115F914EB290D7B4AD41CBA0

Function 00A44ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A44AED
GetDriveTypeW.KERNEL32(?,00A6CB68,?,\\.\,00A6CC08), ref: 00A44BCA
SetErrorMode.KERNEL32(00000000,00A6CB68,?,\\.\,00A6CC08), ref: 00A44D36

Strings

RAID, xrefs: 00A44CBB
RAMDisk, xrefs: 00A44BF4
USB, xrefs: 00A44CB4
Unknown, xrefs: 00A44BED, 00A44C83
SATA, xrefs: 00A44CD0
ATA, xrefs: 00A44C98
ATAPI, xrefs: 00A44C91
Virtual, xrefs: 00A44CE5
\\.\, xrefs: 00A44B3F
SSA, xrefs: 00A44CA6
1394, xrefs: 00A44C9F
FileBackedVirtual, xrefs: 00A44CEC
SAS, xrefs: 00A44CC9
SSD, xrefs: 00A44C4A
iSCSI, xrefs: 00A44CC2
Network, xrefs: 00A44C02
SCSI, xrefs: 00A44C8A
CDROM, xrefs: 00A44BFB
Fixed, xrefs: 00A44C09
Fibre, xrefs: 00A44CAD
MMC, xrefs: 00A44CDE
Removable, xrefs: 00A44C10, 00A44C15
PhysicalDrive, xrefs: 00A44B76

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 5497d99a7f8021d94dff78a54882324676af909d2c093735cd0a76f1f7051b93
Instruction ID: 835429ed43b92280fd425f9be3093fec2324ac560e90c91f5dd385073bde972d
Opcode Fuzzy Hash: 5497d99a7f8021d94dff78a54882324676af909d2c093735cd0a76f1f7051b93
Instruction Fuzzy Hash: 2161AE38745506ABCF04DF64CAC2B68B7B0FF8C349B288816F806AB291DB35ED41DB41

Function 00A673E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00A67421
SetTextColor.GDI32(?,?), ref: 00A67425
GetSysColorBrush.USER32(0000000F), ref: 00A6743B
GetSysColor.USER32(0000000F), ref: 00A67446
CreateSolidBrush.GDI32(?), ref: 00A6744B
GetSysColor.USER32(00000011), ref: 00A67463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A67471
SelectObject.GDI32(?,00000000), ref: 00A67482
SetBkColor.GDI32(?,00000000), ref: 00A6748B
SelectObject.GDI32(?,?), ref: 00A67498
InflateRect.USER32(?,000000FF,000000FF), ref: 00A674B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A674CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00A674DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A6752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00A67554
InflateRect.USER32(?,000000FD,000000FD), ref: 00A67572
DrawFocusRect.USER32(?,?), ref: 00A6757D
GetSysColor.USER32(00000011), ref: 00A6758E
SetTextColor.GDI32(?,00000000), ref: 00A67596
DrawTextW.USER32(?,00A670F5,000000FF,?,00000000), ref: 00A675A8
SelectObject.GDI32(?,?), ref: 00A675BF
DeleteObject.GDI32(?), ref: 00A675CA
SelectObject.GDI32(?,?), ref: 00A675D0
DeleteObject.GDI32(?), ref: 00A675D5
SetTextColor.GDI32(?,?), ref: 00A675DB
SetBkColor.GDI32(?,?), ref: 00A675E5

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 5c61793b04315a283e86a2f7340be899e95074dcfb02bf36e1cb7f1677ff507a
Instruction ID: f6f2b4d0fafc4c458f27990f4756828ecfa4b4ce128bf9274de35cdf95965fd4
Opcode Fuzzy Hash: 5c61793b04315a283e86a2f7340be899e95074dcfb02bf36e1cb7f1677ff507a
Instruction Fuzzy Hash: 43615D76900218AFDF01DFA4DC49EAE7FB9EB09320F114225F916AB2A1D7B49941CB90

Function 00A60FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A61128
GetDesktopWindow.USER32 ref: 00A6113D
GetWindowRect.USER32(00000000), ref: 00A61144
GetWindowLongW.USER32(?,000000F0), ref: 00A61199
DestroyWindow.USER32(?), ref: 00A611B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A611ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A6120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A6121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00A61232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A61245
IsWindowVisible.USER32(00000000), ref: 00A612A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A612BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A612D0
GetWindowRect.USER32(00000000,?), ref: 00A612E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00A6130E
GetMonitorInfoW.USER32(00000000,?), ref: 00A61328
CopyRect.USER32(?,?), ref: 00A6133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00A613AA

Strings

tooltips_class32, xrefs: 00A611E6
(, xrefs: 00A6131B
0, xrefs: 00A610D3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: aefaaaaf609bc3cb08b7c85d320c9c7f91d7b000b021ca675a6871c453dd9f46
Instruction ID: b324778575bd9ec2b9c64f449289921829f0f2e607aca980cc060732aabbe9ba
Opcode Fuzzy Hash: aefaaaaf609bc3cb08b7c85d320c9c7f91d7b000b021ca675a6871c453dd9f46
Instruction Fuzzy Hash: 2BB18B71608341AFDB00DF65C884B6ABBF4FF88354F04891DF99A9B2A1D771E845CB92

Function 009E8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 009E8968
GetSystemMetrics.USER32(00000007), ref: 009E8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 009E899B
GetSystemMetrics.USER32(00000008), ref: 009E89A3
GetSystemMetrics.USER32(00000004), ref: 009E89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009E89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009E89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 009E8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 009E8A3C
GetClientRect.USER32(00000000,000000FF), ref: 009E8A5A
GetStockObject.GDI32(00000011), ref: 009E8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 009E8A81

Part of subcall function 009E912D: GetCursorPos.USER32(?), ref: 009E9141
Part of subcall function 009E912D: ScreenToClient.USER32(00000000,?), ref: 009E915E
Part of subcall function 009E912D: GetAsyncKeyState.USER32(00000001), ref: 009E9183
Part of subcall function 009E912D: GetAsyncKeyState.USER32(00000002), ref: 009E919D

SetTimer.USER32(00000000,00000000,00000028,009E90FC), ref: 009E8AA8

Strings

AutoIt v3 GUI, xrefs: 009E8A20

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 762b7a3e4045d11667c6b4366db60ec972d69be4739cff38fe41cd3d5646c5cc
Instruction ID: db079aec5b7c1c12fd833b2e1dad94b32fbe037ee8f7087a16ad3444889d3aba
Opcode Fuzzy Hash: 762b7a3e4045d11667c6b4366db60ec972d69be4739cff38fe41cd3d5646c5cc
Instruction Fuzzy Hash: 66B17B35A4024AAFDB15DFA8DC85BAE3BB5FB48324F104229FA15A72D0DB74E841CB50

Function 00A30D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A310F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A31114
Part of subcall function 00A310F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31120
Part of subcall function 00A310F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A3112F
Part of subcall function 00A310F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31136
Part of subcall function 00A310F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A3114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A30DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A30E29
GetLengthSid.ADVAPI32(?), ref: 00A30E40
GetAce.ADVAPI32(?,00000000,?), ref: 00A30E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A30E96
GetLengthSid.ADVAPI32(?), ref: 00A30EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A30EB5
HeapAlloc.KERNEL32(00000000), ref: 00A30EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A30EDD
CopySid.ADVAPI32(00000000), ref: 00A30EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A30F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A30F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A30F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30F6E
HeapFree.KERNEL32(00000000), ref: 00A30F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30F7E
HeapFree.KERNEL32(00000000), ref: 00A30F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A30F8E
HeapFree.KERNEL32(00000000), ref: 00A30F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00A30FA1
HeapFree.KERNEL32(00000000), ref: 00A30FA8

Part of subcall function 00A31193: GetProcessHeap.KERNEL32(00000008,00A30BB1,?,00000000,?,00A30BB1,?), ref: 00A311A1
Part of subcall function 00A31193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A30BB1,?), ref: 00A311A8
Part of subcall function 00A31193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A30BB1,?), ref: 00A311B7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: ac514760a2156318ed175c9e6e7992026678184f6ff877c14e8f66d1daa522a3
Instruction ID: bc3394c83d284d45fcdcd0b982faac86522a3464f6bfda01a2d88577c1bbf18d
Opcode Fuzzy Hash: ac514760a2156318ed175c9e6e7992026678184f6ff877c14e8f66d1daa522a3
Instruction Fuzzy Hash: 3D71787290021AEBDF20DFA4DD48FEEBBB8BF05310F148215F959E6191D7719A06CBA0

Function 00A5C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A5C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00A6CC08,00000000,?,00000000,?,?), ref: 00A5C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A5C5A4
_wcslen.LIBCMT ref: 00A5C5F4
_wcslen.LIBCMT ref: 00A5C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A5C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A5C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A5C84D
RegCloseKey.ADVAPI32(?), ref: 00A5C881
RegCloseKey.ADVAPI32(00000000), ref: 00A5C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A5C960

Strings

REG_EXPAND_SZ, xrefs: 00A5C5CD
REG_SZ, xrefs: 00A5C644
REG_MULTI_SZ, xrefs: 00A5C6F5
REG_BINARY, xrefs: 00A5C913
REG_QWORD, xrefs: 00A5C8C3
REG_DWORD, xrefs: 00A5C804

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 2c58d81590a18cd7bb71b50126503bde103659ac99fc2b9c69adc0e66c685cac
Instruction ID: 6fc7999de6738bddd4a2f803b1e48259ad67899aef4f5f4ce322c4612ac51a4d
Opcode Fuzzy Hash: 2c58d81590a18cd7bb71b50126503bde103659ac99fc2b9c69adc0e66c685cac
Instruction Fuzzy Hash: BB124775604201AFDB14DF14C891B2AB7E5FF88725F04899DF88A9B3A2DB31ED45CB81

Function 00A6091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A609C6
_wcslen.LIBCMT ref: 00A60A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A60A54
_wcslen.LIBCMT ref: 00A60A8A
_wcslen.LIBCMT ref: 00A60B06
_wcslen.LIBCMT ref: 00A60B81

Part of subcall function 009EF9F2: _wcslen.LIBCMT ref: 009EF9FD

Part of subcall function 00A32BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A32BFA

Strings

COLLAPSE, xrefs: 00A60B01, 00A60B1C
SELECT, xrefs: 00A60D11
EXISTS, xrefs: 00A60B7C, 00A60B97
GETTOTALCOUNT, xrefs: 00A609F2, 00A60A17
GETITEMCOUNT, xrefs: 00A60C1E
CHECK, xrefs: 00A60A85, 00A60AA0
GETSELECTED, xrefs: 00A60C4E
ISCHECKED, xrefs: 00A60CE1
GETTEXT, xrefs: 00A60C97
UNCHECK, xrefs: 00A60D3E
EXPAND, xrefs: 00A60BF8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 17786cdaf5c66bcfa2a5f43e427aeba91f51d85d2e7a9630d3f8bfc5c4756877
Instruction ID: dbe7150580a6889a5b16af70c1ceb8f23ff24b0cbeaead6e07bca898abc6ac44
Opcode Fuzzy Hash: 17786cdaf5c66bcfa2a5f43e427aeba91f51d85d2e7a9630d3f8bfc5c4756877
Instruction Fuzzy Hash: 01E178322087019FCB14DF64C450A2BB7F2BF98354B148A5DF8969B3A2D731ED85CB92

Function 00A5C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A5B6AE,?,?), ref: 00A5C9B5
_wcslen.LIBCMT ref: 00A5C9F1
_wcslen.LIBCMT ref: 00A5CA68
_wcslen.LIBCMT ref: 00A5CA9E
_wcslen.LIBCMT ref: 00A5CAF9
_wcslen.LIBCMT ref: 00A5CB2F
_wcslen.LIBCMT ref: 00A5CB7F

Strings

HKCU, xrefs: 00A5CBCE
HKEY_CURRENT_CONFIG, xrefs: 00A5CB79, 00A5CB7E
HKU, xrefs: 00A5CBF0
HKEY_USERS, xrefs: 00A5CBDF
HKEY_CURRENT_USER, xrefs: 00A5CBBD
HKLM, xrefs: 00A5CA98, 00A5CA9D
HKEY_CLASSES_ROOT, xrefs: 00A5CAF3, 00A5CAF8
HKCR, xrefs: 00A5CB29, 00A5CB2E
HKCC, xrefs: 00A5CBAC
HKEY_LOCAL_MACHINE, xrefs: 00A5CA62, 00A5CA67

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: b9a43efe96f5a81857a1fd5611a7ddcf1e07a28c89797faecfbb49d33086a5e2
Instruction ID: f7c20a0486924d98caf1bc59fe9580dccaaba2adf8ad175ca55ecfa51a0dac89
Opcode Fuzzy Hash: b9a43efe96f5a81857a1fd5611a7ddcf1e07a28c89797faecfbb49d33086a5e2
Instruction Fuzzy Hash: 8B71E63261022A8FCF10DF68CD516BF37A2BBA07B5B154529FD569B289E631CD49C3A0

Function 00A6833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A6835A
_wcslen.LIBCMT ref: 00A6836E
_wcslen.LIBCMT ref: 00A68391
_wcslen.LIBCMT ref: 00A683B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A683F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00A6361A,?), ref: 00A6844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A68487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A684CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A68501
FreeLibrary.KERNEL32(?), ref: 00A6850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A6851D
DestroyIcon.USER32(?), ref: 00A6852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A68549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A68555

Strings

.dll, xrefs: 00A683AB
.exe, xrefs: 00A68388
.icl, xrefs: 00A68368

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 984d05237f93b5afe9a757a749dd15bc96428623990453ca2f4ddce0d2966c6c
Instruction ID: 197f9a5c4d9188e30e23d9d130700aaad67c3f76ab65d368c601f28936fa7c73
Opcode Fuzzy Hash: 984d05237f93b5afe9a757a749dd15bc96428623990453ca2f4ddce0d2966c6c
Instruction Fuzzy Hash: F861BF71540219BAEB14DF64CC45BBE77BCFB44B21F10460AF916DA1D1DFB8AA80C7A0

Function 009D7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

Bad directive syntax error, xrefs: 00A1519A
#cs, xrefs: 009D7873, 009D78C5
', xrefs: 00A15169
#notrayicon, xrefs: 009D77E7
#OnAutoItStartRegister, xrefs: 009D7817
#include-once, xrefs: 009D782F
#include, xrefs: 009D7847
#pragma compile, xrefs: 009D77D3
", xrefs: 00A15153
Unterminated group of comments, xrefs: 00A1528C
#requireadmin, xrefs: 009D77FF
#ce, xrefs: 009D78ED
#comments-end, xrefs: 009D78D9
Cannot parse #include, xrefs: 00A15279
#comments-start, xrefs: 009D785F, 009D78B1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 5d646e67c67e5e2f3e4af29137a8d2117a5109ea8a3e94452503807efcfa99ee
Instruction ID: 9c32443e5cccbdb90c311c077dd8afbaea8b21e7623a8d176498d9b98fef0c5d
Opcode Fuzzy Hash: 5d646e67c67e5e2f3e4af29137a8d2117a5109ea8a3e94452503807efcfa99ee
Instruction Fuzzy Hash: 2E81E971A84205BBDB11BFA0DC42FFF77A8AF95300F048426F905AA296FB70D941C791

Function 00A43E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00A43EF8
_wcslen.LIBCMT ref: 00A43F03
_wcslen.LIBCMT ref: 00A43F5A
_wcslen.LIBCMT ref: 00A43F98
GetDriveTypeW.KERNEL32(?), ref: 00A43FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A4401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A44059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A44087

Strings

open, xrefs: 00A43F54, 00A43F59
wait, xrefs: 00A44044
close cd wait, xrefs: 00A44072
open , xrefs: 00A43FE5
type cdaudio alias cd wait, xrefs: 00A44001
set cd door , xrefs: 00A44028
close, xrefs: 00A43EFE, 00A43F18
closed, xrefs: 00A43F08, 00A43F2D, 00A43F46, 00A43F7E, 00A43F97

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: a183d692f50cbd7fbebbd786ce55a9a6cad656bfe74507d695e9835416c08e66
Instruction ID: a15dc4eccf875d1120f26d42a7adb7e58ddfdfa4e4e70f23da8ee80b957c30ed
Opcode Fuzzy Hash: a183d692f50cbd7fbebbd786ce55a9a6cad656bfe74507d695e9835416c08e66
Instruction Fuzzy Hash: 6471E2766042119FCB10EF24C881A6AB7F4FFD8758F10892EF99697251EB30DD49CB91

Function 00A35A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00A35A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A35A40
SetWindowTextW.USER32(?,?), ref: 00A35A57
GetDlgItem.USER32(?,000003EA), ref: 00A35A6C
SetWindowTextW.USER32(00000000,?), ref: 00A35A72
GetDlgItem.USER32(?,000003E9), ref: 00A35A82
SetWindowTextW.USER32(00000000,?), ref: 00A35A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A35AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A35AC3
GetWindowRect.USER32(?,?), ref: 00A35ACC
_wcslen.LIBCMT ref: 00A35B33
SetWindowTextW.USER32(?,?), ref: 00A35B6F
GetDesktopWindow.USER32 ref: 00A35B75
GetWindowRect.USER32(00000000), ref: 00A35B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A35BD3
GetClientRect.USER32(?,?), ref: 00A35BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00A35C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A35C2F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: cd270590aebefafc2ae26ac4a344098c1b763c74930ee151914aeadd9c2dbd2a
Instruction ID: c626611e3e88ad83c1ed1b7377e300eb5f8bbfd6c5ab2d1bdbe995e4f52c161c
Opcode Fuzzy Hash: cd270590aebefafc2ae26ac4a344098c1b763c74930ee151914aeadd9c2dbd2a
Instruction Fuzzy Hash: 41716B31A00B09AFDB20DFB8CE89AAEBBF5FF48714F104518F582A25A0D775E941CB50

Function 00A4FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00A4FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00A4FE32
LoadCursorW.USER32(00000000,00007F00), ref: 00A4FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00A4FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00A4FE53
LoadCursorW.USER32(00000000,00007F01), ref: 00A4FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00A4FE69
LoadCursorW.USER32(00000000,00007F88), ref: 00A4FE74
LoadCursorW.USER32(00000000,00007F80), ref: 00A4FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00A4FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00A4FE95
LoadCursorW.USER32(00000000,00007F85), ref: 00A4FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00A4FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00A4FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00A4FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00A4FECC
GetCursorInfo.USER32(?), ref: 00A4FEDC
GetLastError.KERNEL32 ref: 00A4FF1E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 37ceb5ea12d59f65ab50676a2a5e393d0d4c1419e3d48af60b6d0088427f112f
Instruction ID: 0db6294783858931839e5ad24452634ae91cf97a52dfb26d265503725fa48a38
Opcode Fuzzy Hash: 37ceb5ea12d59f65ab50676a2a5e393d0d4c1419e3d48af60b6d0088427f112f
Instruction Fuzzy Hash: 494144B0D443196FDB10DFBA8C8585EBFE8FF44754B50852AE11DE7281DB789901CE91

Function 009F00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 009F00C6

Part of subcall function 009F00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00AA070C,00000FA0,78E4ACD0,?,?,?,?,00A123B3,000000FF), ref: 009F011C
Part of subcall function 009F00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A123B3,000000FF), ref: 009F0127
Part of subcall function 009F00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A123B3,000000FF), ref: 009F0138
Part of subcall function 009F00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 009F014E
Part of subcall function 009F00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 009F015C
Part of subcall function 009F00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 009F016A
Part of subcall function 009F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009F0195
Part of subcall function 009F00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009F01A0

___scrt_fastfail.LIBCMT ref: 009F00E7

Part of subcall function 009F00A3: __onexit.LIBCMT ref: 009F00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 009F0122
SleepConditionVariableCS, xrefs: 009F0154
kernel32.dll, xrefs: 009F0133
WakeAllConditionVariable, xrefs: 009F0162
InitializeConditionVariable, xrefs: 009F0148

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 515f7364e75d56571048dbf1299d468045920b33706566c4fbcfdd44de5ee373
Instruction ID: ad49cd1861817099ccb3a440527e5c8e33b37641171415ebb2a607d645a07c28
Opcode Fuzzy Hash: 515f7364e75d56571048dbf1299d468045920b33706566c4fbcfdd44de5ee373
Instruction Fuzzy Hash: 7021C832644715AFD711ABE4AC05B7A36ACFB86B65F00052AF901A7292DBB4AC018B50

Function 00A330F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A3318D
_wcslen.LIBCMT ref: 00A331F8

Strings

TEXT, xrefs: 00A3347C
CLASS, xrefs: 00A33188, 00A331A5
CLASSNN, xrefs: 00A331F3, 00A33204
NAME, xrefs: 00A33335, 00A33346
INSTANCE, xrefs: 00A33453
REGEXPCLASS, xrefs: 00A33255, 00A33266

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 036288730dbf8b7f696403cfb50e953ac650cd252184cb90b097a12f648af38c
Instruction ID: ce2035bf2aeb2de4a08bf7b95ad41af8dbea1f5102f8c06ea6e7115231716042
Opcode Fuzzy Hash: 036288730dbf8b7f696403cfb50e953ac650cd252184cb90b097a12f648af38c
Instruction Fuzzy Hash: 75E1B133A08616ABCF159FB8C4527FEBBB0BF54750F54821AF456E7240EB30AE858790

Function 00A444C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00A6CC08), ref: 00A44527
_wcslen.LIBCMT ref: 00A4453B
_wcslen.LIBCMT ref: 00A44599
_wcslen.LIBCMT ref: 00A445F4
_wcslen.LIBCMT ref: 00A4463F
_wcslen.LIBCMT ref: 00A446A7

Part of subcall function 009EF9F2: _wcslen.LIBCMT ref: 009EF9FD

GetDriveTypeW.KERNEL32(?,00A96BF0,00000061), ref: 00A44743

Strings

fixed, xrefs: 00A44635, 00A4463A
cdrom, xrefs: 00A4458F, 00A44594
unknown, xrefs: 00A44708
network, xrefs: 00A4469D, 00A446A2
removable, xrefs: 00A445EA, 00A445EF
ramdisk, xrefs: 00A446F1
all, xrefs: 00A44531, 00A44536

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: ba497a45c6640483973fff5b11585edf0e858d745d794d939becece4094f760e
Instruction ID: 6599878b3b53235d1896232bc3936c7013ff3eb19a57e79dab3083aa362b6a5a
Opcode Fuzzy Hash: ba497a45c6640483973fff5b11585edf0e858d745d794d939becece4094f760e
Instruction Fuzzy Hash: 93B1AB796083029BC710EF28C891B6AF7E5AFE9764F50891DF496C7291E730DC45CBA2

Function 00A53FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00A6CC08), ref: 00A540BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00A540CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00A6CC08), ref: 00A540F2
FreeLibrary.KERNEL32(00000000,?,00A6CC08), ref: 00A5413E
StringFromGUID2.OLE32(?,?,00000028,?,00A6CC08), ref: 00A541A8
SysFreeString.OLEAUT32(00000009), ref: 00A54262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00A542C8
SysFreeString.OLEAUT32(?), ref: 00A542F2

Strings

kernel32.dll, xrefs: 00A540B6
GetModuleHandleExW, xrefs: 00A540C7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 8bf3677da7ff577d74c29f4f3562ad06fb67aedafb5ad73b00f7122a391d586c
Instruction ID: 7bb4e92d3272e654dfd0ce03f049d8e3e7781d2045f2746910db8cf4b393bc07
Opcode Fuzzy Hash: 8bf3677da7ff577d74c29f4f3562ad06fb67aedafb5ad73b00f7122a391d586c
Instruction Fuzzy Hash: 65124C75A00215EFDB14DF94C884EAEBBB5FF49319F248098F9059B261D731ED86CBA0

Function 009D326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00AA1990), ref: 00A12F8D
GetMenuItemCount.USER32(00AA1990), ref: 00A1303D
GetCursorPos.USER32(?), ref: 00A13081
SetForegroundWindow.USER32(00000000), ref: 00A1308A
TrackPopupMenuEx.USER32(00AA1990,00000000,?,00000000,00000000,00000000), ref: 00A1309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A130A9

Strings

0, xrefs: 009D327D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 647443ba60e99adaf91d9597b17b1609d86243cde3a55087990456bad5b50dad
Instruction ID: e1de515a0b961cb5a142a6fb0afc144af0a15d64edcdc00f929567ab657ee270
Opcode Fuzzy Hash: 647443ba60e99adaf91d9597b17b1609d86243cde3a55087990456bad5b50dad
Instruction Fuzzy Hash: 7F711731680205BEEB259F64CC49FEABF75FF05364F208216F6256A2E0C7B1A960CB51

Function 00A66CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00A66DEB

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A66E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A66E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A66E94
DestroyWindow.USER32(?), ref: 00A66EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,009D0000,00000000), ref: 00A66EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A66EFD
GetDesktopWindow.USER32 ref: 00A66F16
GetWindowRect.USER32(00000000), ref: 00A66F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A66F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A66F4D

Part of subcall function 009E9944: GetWindowLongW.USER32(?,000000EB), ref: 009E9952

Strings

0, xrefs: 00A66D98
tooltips_class32, xrefs: 00A66E58, 00A66EDD

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: 8487a4ed3296ee116755f3d8cf3eaf387058d749f1bcf85a5b985a48d5173622
Instruction ID: ce0db2661924252f5cd86ba96df14855353992d5dc9b7a2b5ad26ae772fa30a3
Opcode Fuzzy Hash: 8487a4ed3296ee116755f3d8cf3eaf387058d749f1bcf85a5b985a48d5173622
Instruction Fuzzy Hash: BE717674104241AFDB21CF68D844FBABBF9FB99304F04481EFA99872A1C775A906CB15

Function 00A6911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

DragQueryPoint.SHELL32(?,?), ref: 00A69147

Part of subcall function 00A67674: ClientToScreen.USER32(?,?), ref: 00A6769A
Part of subcall function 00A67674: GetWindowRect.USER32(?,?), ref: 00A67710
Part of subcall function 00A67674: PtInRect.USER32(?,?,00A68B89), ref: 00A67720

SendMessageW.USER32(?,000000B0,?,?), ref: 00A691B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A691BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A691DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A69225
SendMessageW.USER32(?,000000B0,?,?), ref: 00A6923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00A69255
SendMessageW.USER32(?,000000B1,?,?), ref: 00A69277
DragFinish.SHELL32(?), ref: 00A6927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00A69371

Strings

@GUI_DRAGFILE, xrefs: 00A69320
@GUI_DRAGID, xrefs: 00A692E9
@GUI_DROPID, xrefs: 00A6929E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: ed39b49c5e90c228692fdd3781f9f5bdd2abc9a20bf2bf71daf995317a3ce06c
Instruction ID: 574ebd2d3f5031a7cb4f229a0ad36bc20492b1bff25c1cc9c7f9ffb1e2464e76
Opcode Fuzzy Hash: ed39b49c5e90c228692fdd3781f9f5bdd2abc9a20bf2bf71daf995317a3ce06c
Instruction Fuzzy Hash: 19613971108301AFC701EFA4DC85EAFBBF8EBC9750F00491EF595962A1DB709A49CB52

Function 00A4C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A4C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A4C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A4C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A4C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A4C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A4C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A4C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A4C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A4C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A4C5F0
InternetCloseHandle.WININET(00000000), ref: 00A4C5FB

Strings

, xrefs: 00A4C575

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: ff8642626fe3a2a0aaa32475202392b25c1c2a77096da4674776e8ebd97b48dc
Instruction ID: f121ea1a0788afcddf9b89acd1d3262687b7d2b7598f488efee87bc45a39b6e4
Opcode Fuzzy Hash: ff8642626fe3a2a0aaa32475202392b25c1c2a77096da4674776e8ebd97b48dc
Instruction Fuzzy Hash: 1D517DB4541308BFDB61DFA0C948ABB7BFCFF48764F008419F98A96210DB74E9059B61

Function 00A6856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00A68592
GetFileSize.KERNEL32(00000000,00000000), ref: 00A685A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00A685AD
CloseHandle.KERNEL32(00000000), ref: 00A685BA
GlobalLock.KERNEL32(00000000), ref: 00A685C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00A685D7
GlobalUnlock.KERNEL32(00000000), ref: 00A685E0
CloseHandle.KERNEL32(00000000), ref: 00A685E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00A685F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A6FC38,?), ref: 00A68611
GlobalFree.KERNEL32(00000000), ref: 00A68621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00A68641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00A68671
DeleteObject.GDI32(00000000), ref: 00A68699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A686AF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: fd7bd62cd2969efbce78ada238ec5d1429dda26b6705932567141d9fa53b7e8c
Instruction ID: 93353fbb96a2d9b7416e4f85e353c4de11e3c64ad52f192d4ef8c2cbea0ece33
Opcode Fuzzy Hash: fd7bd62cd2969efbce78ada238ec5d1429dda26b6705932567141d9fa53b7e8c
Instruction Fuzzy Hash: 98411875600208AFDB11DFA5DC48EAA7BBCFF89B21F104159F956EB260DB749902CB60

Function 00A414BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00A41502
VariantCopy.OLEAUT32(?,?), ref: 00A4150B
VariantClear.OLEAUT32(?), ref: 00A41517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00A415FB
VarR8FromDec.OLEAUT32(?,?), ref: 00A41657
VariantInit.OLEAUT32(?), ref: 00A41708
SysFreeString.OLEAUT32(?), ref: 00A4178C
VariantClear.OLEAUT32(?), ref: 00A417D8
VariantClear.OLEAUT32(?), ref: 00A417E7
VariantInit.OLEAUT32(00000000), ref: 00A41823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00A41625
Default, xrefs: 00A416AF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: e97b7b8fc47815ecb37ba2fedde5f937c143cdb9fd0432e73571207dfefce802
Instruction ID: 512eba13f5ce3efa6c5aeb1bc5c0b57780f23e4541a204c7025cf8fef5e7582e
Opcode Fuzzy Hash: e97b7b8fc47815ecb37ba2fedde5f937c143cdb9fd0432e73571207dfefce802
Instruction Fuzzy Hash: 8DD10275A00219EBDB00EF65D889BBDB7B5BFC4700F148056F446AB291DB30EC81DB62

Function 00A5B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A5C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A5B6AE,?,?), ref: 00A5C9B5
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5C9F1
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA68
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A5B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A5B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00A5B80A
RegCloseKey.ADVAPI32(?), ref: 00A5B87E
RegCloseKey.ADVAPI32(?), ref: 00A5B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A5B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A5B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00A5B922
FreeLibrary.KERNEL32(00000000), ref: 00A5B983
RegCloseKey.ADVAPI32(00000000), ref: 00A5B994

Strings

advapi32.dll, xrefs: 00A5B8ED
RegDeleteKeyExW, xrefs: 00A5B8FE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 6704f100f6a922e490b4e57651a8d4a526754a37265fdb6d8f02bc255bc3a15a
Instruction ID: ab8a51796793b9d36ed69b4bc2930b39f3dd88ced77242e202c0c9f95c999a1e
Opcode Fuzzy Hash: 6704f100f6a922e490b4e57651a8d4a526754a37265fdb6d8f02bc255bc3a15a
Instruction Fuzzy Hash: B8C16B30214201EFD710DF14C495B2ABBE5BF84319F14859DF89A8B3A2CB71E84ACBA1

Function 00A5255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A525D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A525E8
CreateCompatibleDC.GDI32(?), ref: 00A525F4
SelectObject.GDI32(00000000,?), ref: 00A52601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A5266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A526AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A526D0
SelectObject.GDI32(?,?), ref: 00A526D8
DeleteObject.GDI32(?), ref: 00A526E1
DeleteDC.GDI32(?), ref: 00A526E8
ReleaseDC.USER32(00000000,?), ref: 00A526F3

Strings

(, xrefs: 00A5268D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 2a7704ed81cc14288fa6cbf5133beac0d28ef53a9d1a32b943a2e3a011192aa5
Instruction ID: 5147f1f5beb6fc85069acfb4a26cfa8b71b396b53a2e146a166ec9c0caf91266
Opcode Fuzzy Hash: 2a7704ed81cc14288fa6cbf5133beac0d28ef53a9d1a32b943a2e3a011192aa5
Instruction Fuzzy Hash: FB61E275D00219EFCF15CFE8D984AAEBBB5FF48310F20852AE955A7250E774A941CF90

Function 00A0DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00A0DAA1

Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D659
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D66B
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D67D
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D68F
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6A1
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6B3
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6C5
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6D7
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6E9
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D6FB
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D70D
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D71F
Part of subcall function 00A0D63C: _free.LIBCMT ref: 00A0D731

_free.LIBCMT ref: 00A0DA96

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

_free.LIBCMT ref: 00A0DAB8
_free.LIBCMT ref: 00A0DACD
_free.LIBCMT ref: 00A0DAD8
_free.LIBCMT ref: 00A0DAFA
_free.LIBCMT ref: 00A0DB0D
_free.LIBCMT ref: 00A0DB1B
_free.LIBCMT ref: 00A0DB26
_free.LIBCMT ref: 00A0DB5E
_free.LIBCMT ref: 00A0DB65
_free.LIBCMT ref: 00A0DB82
_free.LIBCMT ref: 00A0DB9A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 37e8f6bad86269b99adc0879488c7d144a9e503779b338a053b64a8bb6cbfb4c
Instruction ID: 11db53a5cd1b9e19b1f347703d56f583a89691bb5e2e7e40e9459eeea7c1aea8
Opcode Fuzzy Hash: 37e8f6bad86269b99adc0879488c7d144a9e503779b338a053b64a8bb6cbfb4c
Instruction Fuzzy Hash: 2231193260470D9FEB21ABB9F949B5A77E9FF41390F254419E449D71D1DB35AC40CB20

Function 00A3365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00A3369C
_wcslen.LIBCMT ref: 00A336A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00A33797
GetClassNameW.USER32(?,?,00000400), ref: 00A3380C
GetDlgCtrlID.USER32(?), ref: 00A3385D
GetWindowRect.USER32(?,?), ref: 00A33882
GetParent.USER32(?), ref: 00A338A0
ScreenToClient.USER32(00000000), ref: 00A338A7
GetClassNameW.USER32(?,?,00000100), ref: 00A33921
GetWindowTextW.USER32(?,?,00000400), ref: 00A3395D

Strings

%s%u, xrefs: 00A33734

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: d1209d7b55490c1dc70ef300020cbfc24e3e37c115517dafdc9f8169070b3422
Instruction ID: b47b231facd185a51b0ce04724772d9350e98180d919b2e4ade452a51bc5bd4b
Opcode Fuzzy Hash: d1209d7b55490c1dc70ef300020cbfc24e3e37c115517dafdc9f8169070b3422
Instruction Fuzzy Hash: BD91B372208706EFDB19DF64C895BBAF7A9FF44350F008619F999C2190DB70EA45CB91

Function 00A34954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00A34994
GetWindowTextW.USER32(?,?,00000400), ref: 00A349DA
_wcslen.LIBCMT ref: 00A349EB
CharUpperBuffW.USER32(?,00000000), ref: 00A349F7
_wcsstr.LIBVCRUNTIME ref: 00A34A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00A34A64
GetWindowTextW.USER32(?,?,00000400), ref: 00A34A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00A34AE6
GetClassNameW.USER32(?,?,00000400), ref: 00A34B20
GetWindowRect.USER32(?,?), ref: 00A34B8B

Strings

ThumbnailClass, xrefs: 00A34A6F, 00A34AF1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: c4f3ab5015eb8b5d0555f9fccb14a2e985f0d94b01c0a8b9ba509c6c539ad1a3
Instruction ID: 3330d0d26a07231bc084e468771a33fd473ce2cf9d24568a2020ed181e802521
Opcode Fuzzy Hash: c4f3ab5015eb8b5d0555f9fccb14a2e985f0d94b01c0a8b9ba509c6c539ad1a3
Instruction Fuzzy Hash: D991CE711082099FDB04DF14C981BBABBE8FF88354F04846AFD859A196EB74FD45CBA1

Function 00A3BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00AA1990,000000FF,00000000,00000030), ref: 00A3BFAC
SetMenuItemInfoW.USER32(00AA1990,00000004,00000000,00000030), ref: 00A3BFE1
Sleep.KERNEL32(000001F4), ref: 00A3BFF3
GetMenuItemCount.USER32(?), ref: 00A3C039
GetMenuItemID.USER32(?,00000000), ref: 00A3C056
GetMenuItemID.USER32(?,-00000001), ref: 00A3C082
GetMenuItemID.USER32(?,?), ref: 00A3C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A3C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A3C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A3C145

Strings

0, xrefs: 00A3BF3D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: f3e127d10c168b37b9abc04bb7244f9071e02cbce26a903754ca4a1d350a0c75
Instruction ID: 98a1db5aee56ed2875aa0effe7d27ff17ef7916b2ec67ec5addce149f822fb82
Opcode Fuzzy Hash: f3e127d10c168b37b9abc04bb7244f9071e02cbce26a903754ca4a1d350a0c75
Instruction Fuzzy Hash: F761A0B190028AAFDF15CFA4CD88AFEBBB9EB06364F004115F951B7291C775AD05DB60

Function 00A5CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A5CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A5CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A5CD48

Part of subcall function 00A5CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A5CCAA
Part of subcall function 00A5CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A5CCBD
Part of subcall function 00A5CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A5CCCF
Part of subcall function 00A5CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A5CD05
Part of subcall function 00A5CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A5CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00A5CCF3

Strings

advapi32.dll, xrefs: 00A5CCB8
RegDeleteKeyExW, xrefs: 00A5CCC9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 14c6751cda6897cb6f2a2b69cbfbfba4be659322fd541bdf685fff4161b71994
Instruction ID: 3f43f769ff8a5135dcb45499d194c0575368635629da1f28f01846c49f26961e
Opcode Fuzzy Hash: 14c6751cda6897cb6f2a2b69cbfbfba4be659322fd541bdf685fff4161b71994
Instruction Fuzzy Hash: 2A317E72901228BFDB21DB90DC88EFFBB7CEF05761F000165E905E3144D6B49A4A9AA0

Function 00A43D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A43D40
_wcslen.LIBCMT ref: 00A43D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A43D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A43DBE
RemoveDirectoryW.KERNEL32(?), ref: 00A43DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A43E55
CloseHandle.KERNEL32(00000000), ref: 00A43E60
CloseHandle.KERNEL32(00000000), ref: 00A43E6B

Strings

:, xrefs: 00A43D82
\??\%s, xrefs: 00A43D5B
\, xrefs: 00A43D77

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: a924afbe0b36a36a2e0d5b59d66d08af944c396f03ec7b104bcdf528bcfc829b
Instruction ID: 62e5d8eee2499cdf837cca16b5133db8d3e91a542f889145df7de6f471aff337
Opcode Fuzzy Hash: a924afbe0b36a36a2e0d5b59d66d08af944c396f03ec7b104bcdf528bcfc829b
Instruction Fuzzy Hash: 15319076A00209AADF21DBA0DC49FEF37BCEF89710F1041A6F609D6160EBB497458B24

Function 00A3E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A3E6B4

Part of subcall function 009EE551: timeGetTime.WINMM(?,?,00A3E6D4), ref: 009EE555

Sleep.KERNEL32(0000000A), ref: 00A3E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00A3E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A3E727
SetActiveWindow.USER32 ref: 00A3E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A3E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00A3E773
Sleep.KERNEL32(000000FA), ref: 00A3E77E
IsWindow.USER32 ref: 00A3E78A
EndDialog.USER32(00000000), ref: 00A3E79B

Strings

BUTTON, xrefs: 00A3E719

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 148622d07588f4ab5768c8834d64e754e7bebec8c8432414ebd033910e9b8a1c
Instruction ID: 8a9487e68ec056870636f40c2f17fa33a94ffb01f0fbbf1515234856670a0a3f
Opcode Fuzzy Hash: 148622d07588f4ab5768c8834d64e754e7bebec8c8432414ebd033910e9b8a1c
Instruction Fuzzy Hash: A7216FB0240206AFEB11DFE4EC99B363B79FB56758F101425F556826E1DBB1AC228B24

Function 00A3E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A3EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A3EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A3EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A3EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A3EAA7

Strings

alias PlayMe, xrefs: 00A3EA36
open , xrefs: 00A3EA0C
close PlayMe, xrefs: 00A3EA6E, 00A3EA9B
status PlayMe mode, xrefs: 00A3EA58
play PlayMe, xrefs: 00A3EAA2
play PlayMe wait, xrefs: 00A3EA91

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 3a1fb6c924910db25c7f7837feb8ef572e2834ca897b71b667465e58d0dd473d
Instruction ID: cfa2bad09739b33c580f20486fd0e96ad51f071a63de7167731b89564b77a2b5
Opcode Fuzzy Hash: 3a1fb6c924910db25c7f7837feb8ef572e2834ca897b71b667465e58d0dd473d
Instruction Fuzzy Hash: 51115131B9026979DB20E7A6DC4AEFF6ABCFFD1F40F40482AB411A21D1EAB05915C5B0

Function 00A39F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A3A012
SetKeyboardState.USER32(?), ref: 00A3A07D
GetAsyncKeyState.USER32(000000A0), ref: 00A3A09D
GetKeyState.USER32(000000A0), ref: 00A3A0B4
GetAsyncKeyState.USER32(000000A1), ref: 00A3A0E3
GetKeyState.USER32(000000A1), ref: 00A3A0F4
GetAsyncKeyState.USER32(00000011), ref: 00A3A120
GetKeyState.USER32(00000011), ref: 00A3A12E
GetAsyncKeyState.USER32(00000012), ref: 00A3A157
GetKeyState.USER32(00000012), ref: 00A3A165
GetAsyncKeyState.USER32(0000005B), ref: 00A3A18E
GetKeyState.USER32(0000005B), ref: 00A3A19C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 39ed187b681d5b5eff40ed2620fb2e738413097c2e0a844dec36e74821ec63ca
Instruction ID: 99b5681a7b290110f5237a6dbb2306c402b73b8729c1415520cfd63a4de62402
Opcode Fuzzy Hash: 39ed187b681d5b5eff40ed2620fb2e738413097c2e0a844dec36e74821ec63ca
Instruction Fuzzy Hash: E351AB30A047942AFB35DBA089157EBFFB55F22340F08869DF5C6571C2DA949E4CC762

Function 00A35CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00A35CE2
GetWindowRect.USER32(00000000,?), ref: 00A35CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A35D59
GetDlgItem.USER32(?,00000002), ref: 00A35D69
GetWindowRect.USER32(00000000,?), ref: 00A35D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A35DCF
GetDlgItem.USER32(?,000003E9), ref: 00A35DDD
GetWindowRect.USER32(00000000,?), ref: 00A35DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A35E31
GetDlgItem.USER32(?,000003EA), ref: 00A35E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A35E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00A35E67

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 3761ddc7b83fad966d895da24938d0d9ded89e399ca172be0c49b5a4178157b5
Instruction ID: cd8f3612b92537d23d90077c3f1b8f940d6282d8d3bd0c2ba9fa1ca03ebbd95b
Opcode Fuzzy Hash: 3761ddc7b83fad966d895da24938d0d9ded89e399ca172be0c49b5a4178157b5
Instruction Fuzzy Hash: 9C510CB5F00605AFDF18CFA8DD89AAEBBB5EF48311F548129F515E6290D7B09E01CB60

Function 009E8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 009E8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,009E8BE8,?,00000000,?,?,?,?,009E8BBA,00000000,?), ref: 009E8FC5

DestroyWindow.USER32(?), ref: 009E8C81
KillTimer.USER32(00000000,?,?,?,?,009E8BBA,00000000,?), ref: 009E8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00A26973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,009E8BBA,00000000,?), ref: 00A269A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,009E8BBA,00000000,?), ref: 00A269B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,009E8BBA,00000000), ref: 00A269D4
DeleteObject.GDI32(00000000), ref: 00A269E6

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 534f9b87d6ba7bed350c4949a10411b36f47a2c71c676df332a28ae679b1f979
Instruction ID: 55e74b0900f5af765f8bf719ea4f5030218b126c71c4be14c45da0b33c76dc62
Opcode Fuzzy Hash: 534f9b87d6ba7bed350c4949a10411b36f47a2c71c676df332a28ae679b1f979
Instruction Fuzzy Hash: 4361AF30502651EFCB22DFAAD94872777F1FB46312F244929E086979A0CB75AD82DF90

Function 009E9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 009E9944: GetWindowLongW.USER32(?,000000EB), ref: 009E9952

GetSysColor.USER32(0000000F), ref: 009E9862

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 8440992430d3a42ee71360f754d39bfe7b0c5fdc67d1cc9168f623be97385adc
Instruction ID: b4b24729f972e5908f87989b6c420943932b6eaba1b686fed7b68765a2d2785e
Opcode Fuzzy Hash: 8440992430d3a42ee71360f754d39bfe7b0c5fdc67d1cc9168f623be97385adc
Instruction Fuzzy Hash: 8741D131104690AFDB219F799C84BB93BA9AB07330F144615F9A2872F2D7709D42DB11

Function 00A396E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A1F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00A39717
LoadStringW.USER32(00000000,?,00A1F7F8,00000001), ref: 00A39720

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A1F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00A39742
LoadStringW.USER32(00000000,?,00A1F7F8,00000001), ref: 00A39745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00A39866

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00A3984A
^ ERROR, xrefs: 00A397FB
Error: , xrefs: 00A3981D
Line %d (File "%s"):, xrefs: 00A3978F
Line %d:, xrefs: 00A397A0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 164f255f36d0ebef5f93680ad8c8f95a96402f230e25f5265dc0881a64f0cfc1
Instruction ID: 8edba3955f8811bcec7c69c0889976db6faa43dee3a480cf1e86f7fb5d7af0a1
Opcode Fuzzy Hash: 164f255f36d0ebef5f93680ad8c8f95a96402f230e25f5265dc0881a64f0cfc1
Instruction Fuzzy Hash: 5E418372940209AADF04FBE0DE82EEFB778AF95340F508026F10572192EB756F59CB61

Function 00A306DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A307A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A307BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A307DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A30804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A3082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A30837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A3083C

Strings

SOFTWARE\Classes\, xrefs: 00A3070E
\CLSID, xrefs: 00A30724
\IPC$, xrefs: 00A30784

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: e33c7e7eadc089ef9dde733eaf46f5199c3abe6b2ae366377c44e9bd0a95900c
Instruction ID: 24481ec68b16dd94b08132c6180970eea3d18414eb19d659ed83d5ebe8f34eb7
Opcode Fuzzy Hash: e33c7e7eadc089ef9dde733eaf46f5199c3abe6b2ae366377c44e9bd0a95900c
Instruction Fuzzy Hash: 1B413972D00228ABDF11EBA4DC95DEDB778FF44750F04812AF901A32A0EB709E04CB90

Function 00A63F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00A6403B
CreateCompatibleDC.GDI32(00000000), ref: 00A64042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00A64055
SelectObject.GDI32(00000000,00000000), ref: 00A6405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00A64068
DeleteDC.GDI32(00000000), ref: 00A64072
GetWindowLongW.USER32(?,000000EC), ref: 00A6407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00A64092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00A6409E

Strings

static, xrefs: 00A63FD3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 6ff4cb28ddec4726622b15828b9a6821c5247508381a0f35d6862985517efee7
Instruction ID: 0ecef4299042f4c840e5a1f130bddc8b2fa04f6c62dbdddd4a8affe538503e24
Opcode Fuzzy Hash: 6ff4cb28ddec4726622b15828b9a6821c5247508381a0f35d6862985517efee7
Instruction Fuzzy Hash: 1B315A32501215BBDF219FA4CC09FEA3BB8EF0E720F110211FA65A61A0C7B9D851DBA4

Function 00A53C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A53C5C
CoInitialize.OLE32(00000000), ref: 00A53C8A
CoUninitialize.OLE32 ref: 00A53C94
_wcslen.LIBCMT ref: 00A53D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00A53DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00A53ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A53F0E
CoGetObject.OLE32(?,00000000,00A6FB98,?), ref: 00A53F2D
SetErrorMode.KERNEL32(00000000), ref: 00A53F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A53FC4
VariantClear.OLEAUT32(?), ref: 00A53FD8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: a4305eb6631d216b74d767ab606f6750453c1f5f3f2e89edabf427d91a20fa74
Instruction ID: 35ce5df5daa7c0c339833e3c439853883b86e69e0804b3c12d9620256693feb2
Opcode Fuzzy Hash: a4305eb6631d216b74d767ab606f6750453c1f5f3f2e89edabf427d91a20fa74
Instruction Fuzzy Hash: 4EC114726082059FDB00DF68C88492AB7F9FFC9789F10491DF98A9B211D771EE09CB52

Function 00A47A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A47AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A47B8F
SHGetDesktopFolder.SHELL32(?), ref: 00A47BA3
CoCreateInstance.OLE32(00A6FD08,00000000,00000001,00A96E6C,?), ref: 00A47BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A47C74
CoTaskMemFree.OLE32(?,?), ref: 00A47CCC
SHBrowseForFolderW.SHELL32(?), ref: 00A47D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A47D7A
CoTaskMemFree.OLE32(00000000), ref: 00A47D81
CoTaskMemFree.OLE32(00000000), ref: 00A47DD6
CoUninitialize.OLE32 ref: 00A47DDC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 2998b2fda25ef6fa5ecf5ca006c6a4b39626df880d9e30043c40fa300d9dec8f
Instruction ID: 3107dc67c9909de69329e825f028c831e5319e1fa787cd5499030340ff4fb66c
Opcode Fuzzy Hash: 2998b2fda25ef6fa5ecf5ca006c6a4b39626df880d9e30043c40fa300d9dec8f
Instruction Fuzzy Hash: 6DC10B75A04159AFCB14DFA4C888DAEBBF9FF88314B148499F81A9B361D730ED45CB90

Function 00A6541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00A65504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A65515
CharNextW.USER32(00000158), ref: 00A65544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00A65585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00A6559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A655AC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: f5eb3b16b5270f8493406180c2b86e4fdc6e87993dcc98c3ef82f373cd2d3b22
Instruction ID: 0024efb9d21f7cd391de7e64d7fbcb28da99880de5d429fbcc991e8a8a7f445d
Opcode Fuzzy Hash: f5eb3b16b5270f8493406180c2b86e4fdc6e87993dcc98c3ef82f373cd2d3b22
Instruction Fuzzy Hash: D6617E75D04609AFDF10DFB4CC889FE7BB9EB09724F108145F965A7290DB788A81DB60

Function 00A2FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A2FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00A2FB08
VariantInit.OLEAUT32(?), ref: 00A2FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00A2FB3A
VariantCopy.OLEAUT32(?,?), ref: 00A2FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00A2FBA1
VariantClear.OLEAUT32(?), ref: 00A2FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00A2FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A2FBCC
VariantClear.OLEAUT32(?), ref: 00A2FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A2FBE9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 828744eb48e67960d34abd6edee88ae9e948580e46842be85da300f12f9d1673
Instruction ID: 84cdfa958f7d2dca203dbb39beed60b559b2c57bc51b7f72d923f5d99b7051f2
Opcode Fuzzy Hash: 828744eb48e67960d34abd6edee88ae9e948580e46842be85da300f12f9d1673
Instruction Fuzzy Hash: 35411375A002199FCB04DFA8D8589BDBBB9FF48354F008075E955A7261DB70E946CF90

Function 00A39C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A39CA1
GetAsyncKeyState.USER32(000000A0), ref: 00A39D22
GetKeyState.USER32(000000A0), ref: 00A39D3D
GetAsyncKeyState.USER32(000000A1), ref: 00A39D57
GetKeyState.USER32(000000A1), ref: 00A39D6C
GetAsyncKeyState.USER32(00000011), ref: 00A39D84
GetKeyState.USER32(00000011), ref: 00A39D96
GetAsyncKeyState.USER32(00000012), ref: 00A39DAE
GetKeyState.USER32(00000012), ref: 00A39DC0
GetAsyncKeyState.USER32(0000005B), ref: 00A39DD8
GetKeyState.USER32(0000005B), ref: 00A39DEA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 8ee5678754bad5058751b680fb99506bb222ec8eed842e0063ac2e8a20f0bb9b
Instruction ID: 9229a3d121b373a86aaaefa96ec7d32f9982518b4b4c4bd0326b3dca3019b97a
Opcode Fuzzy Hash: 8ee5678754bad5058751b680fb99506bb222ec8eed842e0063ac2e8a20f0bb9b
Instruction Fuzzy Hash: 424194345047CA6DFF31976588053B7FEA06F11354F04805AEAC6566C2DBE599C8CBA2

Function 00A5055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00A505BC
inet_addr.WSOCK32(?), ref: 00A5061C
gethostbyname.WSOCK32(?), ref: 00A50628
IcmpCreateFile.IPHLPAPI ref: 00A50636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A506C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A506E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00A507B9
WSACleanup.WSOCK32 ref: 00A507BF

Strings

Ping, xrefs: 00A50676

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 0cd24c4a3ab756ba2b89baed3a93243c7df7f1b4e1ef4d57131823b6f814b40a
Instruction ID: c60900b7c15bffdfcf84a6600ab8a152c3523fbfd7c709e98c2d8f7b86a74912
Opcode Fuzzy Hash: 0cd24c4a3ab756ba2b89baed3a93243c7df7f1b4e1ef4d57131823b6f814b40a
Instruction Fuzzy Hash: 34917D756046019FD320DF15C488F1ABBE0BF88319F1485A9F8A99B7A2D770ED49CF91

Function 00A58CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00A58CF3

Part of subcall function 00A38E54: _wcslen.LIBCMT ref: 00A38E77

_wcslen.LIBCMT ref: 00A58D4E
_wcslen.LIBCMT ref: 00A58D9C
_wcslen.LIBCMT ref: 00A58DDC
_wcslen.LIBCMT ref: 00A58E6E

Strings

stdcall, xrefs: 00A58DD6, 00A58DDB
none, xrefs: 00A58E65, 00A58E6A
cdecl, xrefs: 00A58D48, 00A58D4D
winapi, xrefs: 00A58D96, 00A58D9B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: fba9101f2c4384f643a9b2cb8cede2fc7835ee92f693a42a6137d7a12778615a
Instruction ID: 865df26b11335768389b6582d1a032801a12e822b96bbb8c62a4b3a000a30dac
Opcode Fuzzy Hash: fba9101f2c4384f643a9b2cb8cede2fc7835ee92f693a42a6137d7a12778615a
Instruction Fuzzy Hash: 1D51AD32A001169BCF14DF68C9419BEB3F5BF64725B204229ED66F7284EB39DE48C790

Function 00A5372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00A53774
CoUninitialize.OLE32 ref: 00A5377F
CoCreateInstance.OLE32(?,00000000,00000017,00A6FB78,?), ref: 00A537D9
IIDFromString.OLE32(?,?), ref: 00A5384C
VariantInit.OLEAUT32(?), ref: 00A538E4
VariantClear.OLEAUT32(?), ref: 00A53936

Strings

Failed to create object, xrefs: 00A537E4, 00A5389A
NULL Pointer assignment, xrefs: 00A5381E
Invalid parameter, xrefs: 00A53865

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 3dac91a5ada88b620b9eb999f1a355031c44aa46c831a634c094f8f53317aea1
Instruction ID: 35f994a0a6d8314a60a3e5ecfbd5809211d8b9f384df995505cf3d7b75993885
Opcode Fuzzy Hash: 3dac91a5ada88b620b9eb999f1a355031c44aa46c831a634c094f8f53317aea1
Instruction Fuzzy Hash: D3619F72608301AFDB11DF54C889B6ABBF4FF88755F104909F9859B291D770EE48CBA2

Function 00A43388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00A433CF

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00A433F0

Strings

"%s" (%d) : ==> %s:, xrefs: 00A43522
Error: , xrefs: 00A434D1
Line %d (File "%s"):, xrefs: 00A43443, 00A4345C
^ ERROR , xrefs: 00A4349E
"%s" (%d) : ==> %s:%s%s, xrefs: 00A43504
Incorrect parameters to object property !, xrefs: 00A434AB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: 4fc079d6b9e050b49ba1002e34a7371627934015f70f3abccdc04705f9a5ada5
Instruction ID: 91db4a6a047096a9b4eae631fc258bdda0a2f49af7853f731ca7b96ddffb2c57
Opcode Fuzzy Hash: 4fc079d6b9e050b49ba1002e34a7371627934015f70f3abccdc04705f9a5ada5
Instruction Fuzzy Hash: E051A132940209BADF15EBE0DE46EEEB7B8AF54340F108466F505721A2EB712F58DB61

Function 00A3B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A3B5FC
_wcslen.LIBCMT ref: 00A3B608
_wcslen.LIBCMT ref: 00A3B64D
_wcslen.LIBCMT ref: 00A3B68C
_wcslen.LIBCMT ref: 00A3B6C7

Strings

EXISTS, xrefs: 00A3B686, 00A3B68B
REMOVE, xrefs: 00A3B602, 00A3B607
APPEND, xrefs: 00A3B6C1, 00A3B6C6
KEYS, xrefs: 00A3B647, 00A3B64C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 3833503e1de4ce515e3b8cc4f19a2dce4b2d0b66f2eaa938cdff5061f329734d
Instruction ID: 78af5b6b29ae883f1e6d72640be4758def5325aa596ebacc03c26e97ce8fa38e
Opcode Fuzzy Hash: 3833503e1de4ce515e3b8cc4f19a2dce4b2d0b66f2eaa938cdff5061f329734d
Instruction Fuzzy Hash: 5941F732B110269BCB105F7DC8925BE77B6AFA0B94F24412AF621DB285E731CD81C7A0

Function 00A45393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A453A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00A45416
GetLastError.KERNEL32 ref: 00A45420
SetErrorMode.KERNEL32(00000000,READY), ref: 00A454A7

Strings

READONLY, xrefs: 00A45452
NOTREADY, xrefs: 00A4544B
INVALID, xrefs: 00A45459
READY, xrefs: 00A45460, 00A45468
UNKNOWN, xrefs: 00A45444

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: d526bd53afcaf78221e7e2a5630997c842895f7cad8837643e4be9533068eca4
Instruction ID: 34225f6bd4c6b54a01af5e115ba98deca50fbe8bf55c0557edaff17ec7e77ea9
Opcode Fuzzy Hash: d526bd53afcaf78221e7e2a5630997c842895f7cad8837643e4be9533068eca4
Instruction Fuzzy Hash: 70317C39E006049FCB10DF78C484BAABBB5EF95345F148066E405CF2A2DB75DD86CB90

Function 00A63C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00A63C79
SetMenu.USER32(?,00000000), ref: 00A63C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A63D10
IsMenu.USER32(?), ref: 00A63D24
CreatePopupMenu.USER32 ref: 00A63D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A63D5B
DrawMenuBar.USER32 ref: 00A63D63

Strings

F, xrefs: 00A63D4E
0, xrefs: 00A63C54

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: 2773c7eb76a533facf5767b05ee236aa6030a458695aa8a7cd6ae8959aed3fc7
Instruction ID: 45c91551febdc8baadac86060052df4beb68b8f5990cc60a6cb6214833940b32
Opcode Fuzzy Hash: 2773c7eb76a533facf5767b05ee236aa6030a458695aa8a7cd6ae8959aed3fc7
Instruction Fuzzy Hash: BF41597AA01209EFDF14CFA4DC44AAA7BB5FF49350F140429F946A7360D770AA12CF94

Function 00A31EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A31F64
GetDlgCtrlID.USER32 ref: 00A31F6F
GetParent.USER32 ref: 00A31F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A31F8E
GetDlgCtrlID.USER32(?), ref: 00A31F97
GetParent.USER32(?), ref: 00A31FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A31FAE

Strings

ComboBox, xrefs: 00A31EEC
ListBox, xrefs: 00A31F21

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 711a4686572a328fe19c863b861b5df9030e7ff42995596b9b05c39680208d9f
Instruction ID: f68881143714912d47e8576723f00fec7ef6501b06aa3d5c02997555fc1ea57d
Opcode Fuzzy Hash: 711a4686572a328fe19c863b861b5df9030e7ff42995596b9b05c39680208d9f
Instruction Fuzzy Hash: E621CF75A00214BBCF05EFA0DC85EFEBBB8EF05310F009116F9A5A72A1DB785909DB64

Function 00A31FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A32043
GetDlgCtrlID.USER32 ref: 00A3204E
GetParent.USER32 ref: 00A3206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A3206D
GetDlgCtrlID.USER32(?), ref: 00A32076
GetParent.USER32(?), ref: 00A3208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A3208D

Strings

ComboBox, xrefs: 00A31FCD
ListBox, xrefs: 00A32002

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 31f9d4ba6a81cba06f7c18d773e9be46b717867673ba9b6c4dd99227b000a709
Instruction ID: 522273c8f3b6fb583ac347f14fe4148b27a6c01c23e3156ba76910f8d281012d
Opcode Fuzzy Hash: 31f9d4ba6a81cba06f7c18d773e9be46b717867673ba9b6c4dd99227b000a709
Instruction Fuzzy Hash: 2321C275A40214BBCF15EFA0CC45EFEBBB8AF05310F005406F995A72A1DA794919DB60

Function 00A63A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A63A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A63AA0
GetWindowLongW.USER32(?,000000F0), ref: 00A63AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A63AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A63B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A63BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A63BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A63BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A63BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A63C13

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: b486e3bd015e5b52cfe6439775ce0872bad2721e402678735a849483e04e7bbe
Instruction ID: ee79a5fca812742bc9d3909f8de0e1f5d62b5b4adfb206f3acf345b561c323aa
Opcode Fuzzy Hash: b486e3bd015e5b52cfe6439775ce0872bad2721e402678735a849483e04e7bbe
Instruction Fuzzy Hash: 5D617B75900208AFDB10DFA8CC81EEE77B8EF09714F10419AFA15E72A1D774AE46DB50

Function 00A3B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A3B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B165
GetWindowThreadProcessId.USER32(00000000), ref: 00A3B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A3B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A3A1E1,?,00000001), ref: 00A3B21D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: e5a82ac0a00cbc34434c43ac182f2ad1994b47a55b55e37237dd9a41d8fa847d
Instruction ID: 44b2f008ab4fc34ddd2fb62d199d9b8902760f51883b7a6affabb09835d8ea70
Opcode Fuzzy Hash: e5a82ac0a00cbc34434c43ac182f2ad1994b47a55b55e37237dd9a41d8fa847d
Instruction Fuzzy Hash: 78318976520205AFDF11DFA4DC49BBEBBBAAB52321F104205FA06D61A0D7B49A428F74

Function 00A02C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A02C94

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

_free.LIBCMT ref: 00A02CA0
_free.LIBCMT ref: 00A02CAB
_free.LIBCMT ref: 00A02CB6
_free.LIBCMT ref: 00A02CC1
_free.LIBCMT ref: 00A02CCC
_free.LIBCMT ref: 00A02CD7
_free.LIBCMT ref: 00A02CE2
_free.LIBCMT ref: 00A02CED
_free.LIBCMT ref: 00A02CFB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1330bf1d07e7df4dfacbceff1eb53df0aff2a9158428674dc88532db73af5797
Instruction ID: 9aa58072f4c879f43000026c62912544671a0dc965f796dcfa1d40f8b10e67a7
Opcode Fuzzy Hash: 1330bf1d07e7df4dfacbceff1eb53df0aff2a9158428674dc88532db73af5797
Instruction Fuzzy Hash: 8611B97610020CBFCB02EF54EA46EDD3BA9FF45390F5144A5F9485F262D631EE509B90

Function 009D1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 009D1459
OleUninitialize.OLE32(?,00000000), ref: 009D14F8
UnregisterHotKey.USER32(?), ref: 009D16DD
DestroyWindow.USER32(?), ref: 00A124B9
FreeLibrary.KERNEL32(?), ref: 00A1251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A1254B

Strings

close all, xrefs: 009D1454

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 32797716f807c7c62ab3a4c1577ead61e0f16a22d2c1ffa6d9a6db858301213b
Instruction ID: c6f4d752118615f163d31f9bc86c1abfe0d3092b5aaf7dc5d87f019c6b3f3fc6
Opcode Fuzzy Hash: 32797716f807c7c62ab3a4c1577ead61e0f16a22d2c1ffa6d9a6db858301213b
Instruction Fuzzy Hash: 42D189327412129FCB29EF15C895B69F7A5BF45710F1481AEE44A6B361CB30EC62CF50

Function 00A47DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A47FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00A47FC1
GetFileAttributesW.KERNEL32(?), ref: 00A47FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00A48005
SetCurrentDirectoryW.KERNEL32(?), ref: 00A48017
SetCurrentDirectoryW.KERNEL32(?), ref: 00A48060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A480B0

Strings

*.*, xrefs: 00A48066

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: b29f2cbf49bc16c128da5777b1a88ab74b42eeda15e3f5eb5eea9c58acc1d84a
Instruction ID: f389dc84576b085bb3696c8a1c028ac577361f1a6120235a2dfa6de1324f941b
Opcode Fuzzy Hash: b29f2cbf49bc16c128da5777b1a88ab74b42eeda15e3f5eb5eea9c58acc1d84a
Instruction Fuzzy Hash: DF81BE765082819BCB20EF54C845AAEB3E8BFC8310F548D6EF885D7250EB75DD49CB92

Function 009D5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 009D5C7A

Part of subcall function 009D5D0A: GetClientRect.USER32(?,?), ref: 009D5D30
Part of subcall function 009D5D0A: GetWindowRect.USER32(?,?), ref: 009D5D71
Part of subcall function 009D5D0A: ScreenToClient.USER32(?,?), ref: 009D5D99

GetDC.USER32 ref: 00A146F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A14708
SelectObject.GDI32(00000000,00000000), ref: 00A14716
SelectObject.GDI32(00000000,00000000), ref: 00A1472B
ReleaseDC.USER32(?,00000000), ref: 00A14733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A147C4

Strings

U, xrefs: 00A14693

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: aa15e6cc0f9f99c967230ce2af2099269d4bbfd7f7a27671a0b98525c6d6c508
Instruction ID: 3778a15a7b266d35925c63f4699776adb694dbcfa1289844436abaebc7795f2b
Opcode Fuzzy Hash: aa15e6cc0f9f99c967230ce2af2099269d4bbfd7f7a27671a0b98525c6d6c508
Instruction Fuzzy Hash: 9C71E134500205EFCF21CF68C984AFA3BB6FF4A365F14426AEDA55A2A6C7319C81DF50

Function 00A4359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00A435E4

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

LoadStringW.USER32(00AA2390,?,00000FFF,?), ref: 00A4360A

Strings

^ ERROR, xrefs: 00A436C9
"%s" (%d) : ==> %s:, xrefs: 00A43742
Error: , xrefs: 00A436EF
Line %d (File "%s"):, xrefs: 00A4366B
"%s" (%d) : ==> %s:%s%s, xrefs: 00A43724

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 1e5dfa46b408242052ef5a0e38822e6f4a838b9ecfef99325802d54411389aed
Instruction ID: c901758ad5643ceb3807634070b66b1ddb58bd611122474724c16e53599e79ac
Opcode Fuzzy Hash: 1e5dfa46b408242052ef5a0e38822e6f4a838b9ecfef99325802d54411389aed
Instruction Fuzzy Hash: E451807294020ABADF14EFE0DD42EEEBB78AF94350F048126F105721A1EB711B99DF61

Function 00A4C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A4C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A4C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A4C2CA
GetLastError.KERNEL32 ref: 00A4C322
SetEvent.KERNEL32(?), ref: 00A4C336
InternetCloseHandle.WININET(00000000), ref: 00A4C341

Strings

, xrefs: 00A4C2BB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 7554a5bfad5f2642b2de5dae411cec63da5001ed130540d0f86e72e041192e90
Instruction ID: e92453d044ffe95721ae259277c9ca35278cfcbafb15e1c1508293324f362faa
Opcode Fuzzy Hash: 7554a5bfad5f2642b2de5dae411cec63da5001ed130540d0f86e72e041192e90
Instruction Fuzzy Hash: BB31B1B5601304AFD761DFA48C88ABBBBFCEB89760B10851DF48AD7200DB70ED059B60

Function 00A3989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A13AAF,?,?,Bad directive syntax error,00A6CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00A398BC
LoadStringW.USER32(00000000,?,00A13AAF,?), ref: 00A398C3

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A39987

Strings

Error: , xrefs: 00A39955
., xrefs: 00A3996D
Line %d (File "%s"):, xrefs: 00A3992D
Line %d:, xrefs: 00A39912
%s (%d) : ==> %s.: %s %s, xrefs: 00A398F1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 227b86502595738b955bc23b21c9dc3fd4643043c54e45340e1f274cf1744980
Instruction ID: 717e9ab3800e6f01adaec199a9aaae479de2bb3076f9143a87d8e683cffb6d6f
Opcode Fuzzy Hash: 227b86502595738b955bc23b21c9dc3fd4643043c54e45340e1f274cf1744980
Instruction Fuzzy Hash: 7621A03194021ABBCF11EFA0CD06FEE7775BF58300F048416F519661A2EB719A28DB11

Function 00A3209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00A320AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00A320C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A3214D

Strings

largeicons, xrefs: 00A320E1
details, xrefs: 00A320FB
smallicons, xrefs: 00A32115
SHELLDLL_DefView, xrefs: 00A320CC
list, xrefs: 00A3212F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: aaafd01cbee6d6471e95b07a000ce56e6cf2054165278d940871e569e46c7892
Instruction ID: 5b3e52329a57812502ff42fb4491587ccd56c23beda5d58df8b02871df5205a9
Opcode Fuzzy Hash: aaafd01cbee6d6471e95b07a000ce56e6cf2054165278d940871e569e46c7892
Instruction Fuzzy Hash: 0011C67A68870AB9FA066730ED07FB737ACDB05724F200256FB04A50E1FEA5A9425718

Function 00A08D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30147a540a3e4a2f48a490a804e04c9eb507a6befae2bb51493c2f85b8d83dce
Instruction ID: 555ed3636f7c66e4aa50d5c1c54fc1e4a2513be233bd27fe8add4462bab09402
Opcode Fuzzy Hash: 30147a540a3e4a2f48a490a804e04c9eb507a6befae2bb51493c2f85b8d83dce
Instruction Fuzzy Hash: FAC1F174A0424EAFDF11DFA8E841BAEBBB0BF4A310F144199F955A73D2C7349942CB60

Function 00A0CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00A0CEB7
_free.LIBCMT ref: 00A0CF22
_free.LIBCMT ref: 00A0CF48
_free.LIBCMT ref: 00A0CF71
_free.LIBCMT ref: 00A0CFA9
_free.LIBCMT ref: 00A0CFDA
_free.LIBCMT ref: 00A0D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00A0D09C
_free.LIBCMT ref: 00A0D0B5

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 642c65fb24a8280d58e097f69f3ad6b7c2214774e7339eaf409ce971a7bc2ab4
Instruction ID: 9dfd85081920f8d048899b19525f816cbed648091cb7d27a58a57391a7324762
Opcode Fuzzy Hash: 642c65fb24a8280d58e097f69f3ad6b7c2214774e7339eaf409ce971a7bc2ab4
Instruction Fuzzy Hash: 3661647290430EAFDB21AFF4B885B7E7BA5AF05360F14426DF945A72C2E73199018791

Function 00A650D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00A65186
ShowWindow.USER32(?,00000000), ref: 00A651C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00A651CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00A651D1

Part of subcall function 00A66FBA: DeleteObject.GDI32(00000000), ref: 00A66FE6

GetWindowLongW.USER32(?,000000F0), ref: 00A6520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A6521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00A6524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00A65287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00A65296

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: cb807abbbdeee92f0b0b831ff123e8780b38dd608860fb88829f3572d166e877
Instruction ID: 0ab429ab5d390c49abcc72c55ca32f92196f9bd395ea60425d99f26fbf4b9685
Opcode Fuzzy Hash: cb807abbbdeee92f0b0b831ff123e8780b38dd608860fb88829f3572d166e877
Instruction Fuzzy Hash: 5651BF70E40A09BFEF20AF74CC5ABD93B75FB06321F148212F625962E0C3B5A990DB51

Function 009E8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A26890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A268A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A268B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A268D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A268F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00A26901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A2691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,009E8874,00000000,00000000,00000000,000000FF,00000000), ref: 00A2692D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: b2575c49d15c4c6b57ca357643caeedbe0550be9590bf14cd2042d28f2380403
Instruction ID: dc6e9408db7e63f78221bc90d05ff194b4a2ccadfc2fc6e1a9d665eadcd71d4c
Opcode Fuzzy Hash: b2575c49d15c4c6b57ca357643caeedbe0550be9590bf14cd2042d28f2380403
Instruction Fuzzy Hash: 1E51AA70600209EFDB21CFA9DC55BAA7BB5EB48760F144528F946972E0DBB0ED91DB40

Function 00A4C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A4C182
GetLastError.KERNEL32 ref: 00A4C195
SetEvent.KERNEL32(?), ref: 00A4C1A9

Part of subcall function 00A4C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A4C272
Part of subcall function 00A4C253: GetLastError.KERNEL32 ref: 00A4C322
Part of subcall function 00A4C253: SetEvent.KERNEL32(?), ref: 00A4C336
Part of subcall function 00A4C253: InternetCloseHandle.WININET(00000000), ref: 00A4C341

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: aa7a18b7eb0d0123bd7d05c2a98c709c10476ff4a53c2bdd87bfb5dd42de5689
Instruction ID: 9acebaafe7c0ea8eab808817df2235678fa66637335b8c670aeb3299ffd4fdd3
Opcode Fuzzy Hash: aa7a18b7eb0d0123bd7d05c2a98c709c10476ff4a53c2bdd87bfb5dd42de5689
Instruction Fuzzy Hash: 0E31C174102701AFDB60AFF4DD04AB6BBF8FF98320B10451DF98A82210D7B1E8119B60

Function 00A325A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A33A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A33A57
Part of subcall function 00A33A3D: GetCurrentThreadId.KERNEL32 ref: 00A33A5E
Part of subcall function 00A33A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A325B3), ref: 00A33A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00A325BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A325DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A325DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A325E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A32601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A32605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A3260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A32623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A32627

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 608ac96e70f3146d83b9e443ed1463fabb9bf7498336193052e80b1a834f1762
Instruction ID: 52936f58982af30dad9506bdc578e85169fbd988e7cf357590b96b1f92f0dc06
Opcode Fuzzy Hash: 608ac96e70f3146d83b9e443ed1463fabb9bf7498336193052e80b1a834f1762
Instruction Fuzzy Hash: D501D831794220BBFB10B7A8DC8AF693F69DF4EB61F100011F354AE0D1C9E224458A69

Function 00A31803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A31449,?,?,00000000), ref: 00A3180C
HeapAlloc.KERNEL32(00000000,?,00A31449,?,?,00000000), ref: 00A31813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A31449,?,?,00000000), ref: 00A31828
GetCurrentProcess.KERNEL32(?,00000000,?,00A31449,?,?,00000000), ref: 00A31830
DuplicateHandle.KERNEL32(00000000,?,00A31449,?,?,00000000), ref: 00A31833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A31449,?,?,00000000), ref: 00A31843
GetCurrentProcess.KERNEL32(00A31449,00000000,?,00A31449,?,?,00000000), ref: 00A3184B
DuplicateHandle.KERNEL32(00000000,?,00A31449,?,?,00000000), ref: 00A3184E
CreateThread.KERNEL32(00000000,00000000,00A31874,00000000,00000000,00000000), ref: 00A31868

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 53249b2d62459142d48e067ea7903badfe96706a1e950cfabeec1ca126457e84
Instruction ID: 0df333218c524e6f03c2b5fa81052268ff6d35688e741c0688b04baed78c5029
Opcode Fuzzy Hash: 53249b2d62459142d48e067ea7903badfe96706a1e950cfabeec1ca126457e84
Instruction Fuzzy Hash: 9101BBB5240348BFE710EBA5DC4DF6B7BACEB8AB11F004511FA45DB2A1CAB19801CB30

Function 00A5A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00A3D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00A3D501
Part of subcall function 00A3D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00A3D50F
Part of subcall function 00A3D4DC: CloseHandle.KERNEL32(00000000), ref: 00A3D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A5A16D
GetLastError.KERNEL32 ref: 00A5A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A5A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00A5A268
GetLastError.KERNEL32(00000000), ref: 00A5A273
CloseHandle.KERNEL32(00000000), ref: 00A5A2C4

Strings

SeDebugPrivilege, xrefs: 00A5A18F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 65e59a3e158b581206de0d8476e0152e5a316e25ce6f8502145631e7b145c1cf
Instruction ID: 7950db6478816e7c229ff0844088cf3989a034f17756b26467814333b2ae1fea
Opcode Fuzzy Hash: 65e59a3e158b581206de0d8476e0152e5a316e25ce6f8502145631e7b145c1cf
Instruction Fuzzy Hash: FB619F702046429FD710DF18C495F69BBE1BF54319F14858CE8568B7A3C776EC4ACB92

Function 00A63886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A63925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A6393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A63954
_wcslen.LIBCMT ref: 00A63999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00A639C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A639F4

Strings

SysListView32, xrefs: 00A638F7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: 18b005d38ec8fdf63bafa4c3c0ce048dd3eebd27277d6b616968b01f98ab3216
Instruction ID: 18f8393fd5749d2d12b80741a56d894b263e3da0e6703d14bfc87462f3bc075f
Opcode Fuzzy Hash: 18b005d38ec8fdf63bafa4c3c0ce048dd3eebd27277d6b616968b01f98ab3216
Instruction Fuzzy Hash: 9A418272A00219ABEF219FA4CC45FEA7BB9EF48354F100526F958E7281D7B59981CB90

Function 00A3BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A3BCFD
IsMenu.USER32(00000000), ref: 00A3BD1D
CreatePopupMenu.USER32 ref: 00A3BD53
GetMenuItemCount.USER32(00B95A68), ref: 00A3BDA4
InsertMenuItemW.USER32(00B95A68,?,00000001,00000030), ref: 00A3BDCC

Strings

0, xrefs: 00A3BCA8
2, xrefs: 00A3BD37

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 95fbd6b7ad45a3ec41dca9ae64f9798261541d6964994e16c8d1728d02afadc2
Instruction ID: 7b0c50b415e8b98b04a24dc62f92133d2397d3d2edb32f20e45193302517d81c
Opcode Fuzzy Hash: 95fbd6b7ad45a3ec41dca9ae64f9798261541d6964994e16c8d1728d02afadc2
Instruction Fuzzy Hash: 6951BF70A102099BDF20DFA8D984BAEBBF6BF453A4F24411AF641E7291D7709941CB71

Function 00A3C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00A3C913

Strings

question, xrefs: 00A3C8CC
info, xrefs: 00A3C8B4
stop, xrefs: 00A3C8E4
blank, xrefs: 00A3C895
warning, xrefs: 00A3C8FC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 6a5eba254a968aa2ee76c5da39e7bdeb6885fbf19ef74bd2c65d37b1cd8c3273
Instruction ID: 4c542e4b30c12bd87f1f9c4b9ff78c0f23e1a9c9c40ed1c7baeb231abc9b2936
Opcode Fuzzy Hash: 6a5eba254a968aa2ee76c5da39e7bdeb6885fbf19ef74bd2c65d37b1cd8c3273
Instruction Fuzzy Hash: 4511DD3278930ABAEB059B549C83EBB77ECDF15774F51046AF500B6282D7B5AF005364

Function 00A3DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00A3DE42
gethostname.WSOCK32(?,00000100), ref: 00A3DE5C
gethostbyname.WSOCK32(?), ref: 00A3DE69
inet_ntoa.WSOCK32(?), ref: 00A3DEAB
_strcat.LIBCMT ref: 00A3DEB9
WSACleanup.WSOCK32 ref: 00A3DEDE

Strings

0.0.0.0, xrefs: 00A3DE87

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: c4fde4d75e167dfd87c8608f43c579578b3c1b7d8467058ae90e32260693e273
Instruction ID: ebe06fd90b04cd7960dd4b32bf0a3f5dddd9a0f09742e280b66c15be6de93ee8
Opcode Fuzzy Hash: c4fde4d75e167dfd87c8608f43c579578b3c1b7d8467058ae90e32260693e273
Instruction Fuzzy Hash: 5D110A31904218EFCB20AB60AC0AEFF7BBCDF50720F14016AF54596091EFB19A818B50

Function 00A69F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

GetSystemMetrics.USER32(0000000F), ref: 00A69FC7
GetSystemMetrics.USER32(0000000F), ref: 00A69FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00A6A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00A6A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00A6A263
ShowWindow.USER32(00000003,00000000), ref: 00A6A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00A6A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00A6A2CA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 28a12dde997f58b8f0964db110007f46154198b95d22ef7cccb82ec2e0779839
Instruction ID: 204c1b8afd52efb23059eaaeb9ab3ff8f34ab8279ffd532e2e4a558811cd0bce
Opcode Fuzzy Hash: 28a12dde997f58b8f0964db110007f46154198b95d22ef7cccb82ec2e0779839
Instruction Fuzzy Hash: 83B1B831600215EBDF14CF68C9957EE3BB2FF65711F088069EC89AB2A5D771A940CF61

Function 00A3ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00A3ED2A
_wcslen.LIBCMT ref: 00A3ED3B
_wcslen.LIBCMT ref: 00A3ED79
_wcslen.LIBCMT ref: 00A3EDAF
_wcslen.LIBCMT ref: 00A3EDDF
_wcslen.LIBCMT ref: 00A3EDEF
_wcslen.LIBCMT ref: 00A3EE2B
_wcslen.LIBCMT ref: 00A3EE5A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: d687986b01aa5e072ab10c85fd855aec0dae914f66fbc536cdebebabc02754d5
Instruction ID: bc55ca1ffe34e1531947458c8499d04ad62efec51e97f6a547e3f4495e2d2db1
Opcode Fuzzy Hash: d687986b01aa5e072ab10c85fd855aec0dae914f66fbc536cdebebabc02754d5
Instruction Fuzzy Hash: 6141B265D1021C75CB11EBF4888AADFB7A8AF85710F508466F628E3161FB34E255C3E5

Function 009EF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A2682C,00000004,00000000,00000000), ref: 009EF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A2682C,00000004,00000000,00000000), ref: 00A2F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A2682C,00000004,00000000,00000000), ref: 00A2F454

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 56488a76a5902e6622c0f259e1356864f88c7112cb1d12c53b4239af0fde0ba0
Instruction ID: 76af1a1f97d49d56fff03255610a6c1e66bd69906489af6b24c12a1bd767836e
Opcode Fuzzy Hash: 56488a76a5902e6622c0f259e1356864f88c7112cb1d12c53b4239af0fde0ba0
Instruction Fuzzy Hash: BF4128302086C0BEC73ADB3ED8A873A7BB5AB46360F15443EE0C757562D6B5AC81CB11

Function 00A62D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A62D1B
GetDC.USER32(00000000), ref: 00A62D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A62D2E
ReleaseDC.USER32(00000000,00000000), ref: 00A62D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A62D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A62D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A65A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00A62DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A62DE1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 7715b1ad5b47aa0626946c877ef1a5b5bb9c25681dc741b897276308a6358ba8
Instruction ID: fae54022e3261fde6e764d8d9f27a2eed4cbd944e998ed312ff4557c07764109
Opcode Fuzzy Hash: 7715b1ad5b47aa0626946c877ef1a5b5bb9c25681dc741b897276308a6358ba8
Instruction Fuzzy Hash: 7A316976201614BBEB218F90CC8AFFB3BA9EB09725F044055FE489A291C6B59C51CBA4

Function 00A35622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00A35637
_memcmp.LIBVCRUNTIME ref: 00A35659
_memcmp.LIBVCRUNTIME ref: 00A35671
_memcmp.LIBVCRUNTIME ref: 00A35684
_memcmp.LIBVCRUNTIME ref: 00A3569E
_memcmp.LIBVCRUNTIME ref: 00A356B1
_memcmp.LIBVCRUNTIME ref: 00A356C9
_memcmp.LIBVCRUNTIME ref: 00A356E4

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 827df5aad896a22f255eff738f3546c909c45e86308aa49b5152d439ba6183e9
Instruction ID: 5f2183cb05df89659a95bd41ed202fdab76c4e8b97adb02a8be33fd200c2e799
Opcode Fuzzy Hash: 827df5aad896a22f255eff738f3546c909c45e86308aa49b5152d439ba6183e9
Instruction Fuzzy Hash: 8221A4B1E44A09BBD21456399E83FBA336DBF60384F880420FE059A681F760ED10C2E5

Function 00A54FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00A55007
NULL Pointer assignment, xrefs: 00A5502E, 00A55383

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 2a715854d8188e0f75d761f68f870670689040ed66fb7ab19db62781955b6231
Instruction ID: 7fd46d14d13ede15532d10db626dbc0f21f6092f02bac2c9abadd9490effda85
Opcode Fuzzy Hash: 2a715854d8188e0f75d761f68f870670689040ed66fb7ab19db62781955b6231
Instruction Fuzzy Hash: FDD1D171E0060AAFDF10CFA8C8A0BAEB7B5BF48354F148169E915AB280E770DD49CB50

Function 00A11522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00A115CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A11651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A116E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A116FB

Part of subcall function 00A03820: RtlAllocateHeap.NTDLL(00000000,?,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6,?,009D1129), ref: 00A03852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A11777
__freea.LIBCMT ref: 00A117A2
__freea.LIBCMT ref: 00A117AE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 152bccf2dcbe510ad80849ab05aad0329816943db815719d18cc367d7b2b848c
Instruction ID: fddd3e0b00640eb3aae77e7511940718ac9e4a11a03986be311164c947c66571
Opcode Fuzzy Hash: 152bccf2dcbe510ad80849ab05aad0329816943db815719d18cc367d7b2b848c
Instruction Fuzzy Hash: 8091B672E002169EDF208F74DD81AEEBBBA9F49360F184659EA11E7281D735DDC1CB60

Function 00A54523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A54648
VariantInit.OLEAUT32(?), ref: 00A54749
VariantClear.OLEAUT32(?), ref: 00A54753
VariantClear.OLEAUT32(?), ref: 00A547B0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00A5472C
Null Object assignment in FOR..IN loop, xrefs: 00A545D8, 00A54706, 00A547BE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: f16c7ad9f9151f9e8830b6a6f1850228b738987edda979833358a892bc4fdfa7
Instruction ID: f2fd76fcd20050e3e26d187fd046dd68e3e8f731c3db7aec69902d3330d696c5
Opcode Fuzzy Hash: f16c7ad9f9151f9e8830b6a6f1850228b738987edda979833358a892bc4fdfa7
Instruction Fuzzy Hash: 00919471A00215AFDF20CFA5C848FAE7BB8FF49719F108559F905AB281D7709989CFA0

Function 00A41187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00A4125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A41284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00A412A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A412D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A4135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A413C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A41430

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 25dade173216cb36d75c242781d6cb090d280bb2fdd18f3481c62685ea3fb813
Instruction ID: 8606a04d7ef10fa98aee59b32f8bad8c0c594b25b1e51e3d816506268933b4de
Opcode Fuzzy Hash: 25dade173216cb36d75c242781d6cb090d280bb2fdd18f3481c62685ea3fb813
Instruction Fuzzy Hash: A191E479A002199FDB00DF98C888BFEB7B5FF85325F144429E950EB291D7B4E981CB90

Function 009E948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 435528907d4e2fe80b3fe3e123c52edcc6131c7e2fbf53ece46ed10e167d2fe7
Instruction ID: 894398cb0e398d3a595ff58a6f8ab35a8461092faa4b289d8538461dc6043297
Opcode Fuzzy Hash: 435528907d4e2fe80b3fe3e123c52edcc6131c7e2fbf53ece46ed10e167d2fe7
Instruction Fuzzy Hash: 7A911571904219EFCB11CFA9CC84AEEBBB8FF89320F144555E915B7251D778AE42CB60

Function 00A53947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A5396B
CharUpperBuffW.USER32(?,?), ref: 00A53A7A
_wcslen.LIBCMT ref: 00A53A8A
VariantClear.OLEAUT32(?), ref: 00A53C1F

Part of subcall function 00A40CDF: VariantInit.OLEAUT32(00000000), ref: 00A40D1F
Part of subcall function 00A40CDF: VariantCopy.OLEAUT32(?,?), ref: 00A40D28
Part of subcall function 00A40CDF: VariantClear.OLEAUT32(?), ref: 00A40D34

Strings

AUTOIT.ERROR, xrefs: 00A53A80, 00A53A85
Incorrect Parameter format, xrefs: 00A539A6, 00A53BA1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: e218449ef745fb8052d80104ef721a7c692d908ccee0d611fa7bcb18879ce981
Instruction ID: e8bcefec4d29588b783b9cf10693928fbdce91b882885c57fba1965454a772f2
Opcode Fuzzy Hash: e218449ef745fb8052d80104ef721a7c692d908ccee0d611fa7bcb18879ce981
Instruction Fuzzy Hash: 519156756083059FCB00EF24C48096AB7E4BFC8755F14892EF88A9B351DB31EE49CB92

Function 00A54BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00A3000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?,?,00A3035E), ref: 00A3002B
Part of subcall function 00A3000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?), ref: 00A30046
Part of subcall function 00A3000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?), ref: 00A30054
Part of subcall function 00A3000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?), ref: 00A30064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A54C51
_wcslen.LIBCMT ref: 00A54D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A54DCF
CoTaskMemFree.OLE32(?), ref: 00A54DDA

Strings

NULL Pointer assignment, xrefs: 00A54E23, 00A54E52

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 9d606039bf4845cab3c67cf6b743bebe10d7f8e69c317eb3d79739f537a4f005
Instruction ID: 580c86758277e5298d44154b97d2b658dadb50dfc183cbe8afba2f932e65de56
Opcode Fuzzy Hash: 9d606039bf4845cab3c67cf6b743bebe10d7f8e69c317eb3d79739f537a4f005
Instruction Fuzzy Hash: 3C913671D0021DAFDF14DFA4D891AEEB7B8BF48314F10816AE915A7281EB749E48CF60

Function 00A620FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00A62183
GetMenuItemCount.USER32(00000000), ref: 00A621B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A621DD
_wcslen.LIBCMT ref: 00A62213
GetMenuItemID.USER32(?,?), ref: 00A6224D
GetSubMenu.USER32(?,?), ref: 00A6225B

Part of subcall function 00A33A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A33A57
Part of subcall function 00A33A3D: GetCurrentThreadId.KERNEL32 ref: 00A33A5E
Part of subcall function 00A33A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A325B3), ref: 00A33A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A622E3

Part of subcall function 00A3E97B: Sleep.KERNEL32 ref: 00A3E9F3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 6bf25a01156725e7c0011151f07993741b2b1e32cf902c190d40eba2b555cf2f
Instruction ID: 1cefb1ddf75cfb8dd429bb5e1d18adbee2d16108aa6d4a695248b6eddc0ec2fb
Opcode Fuzzy Hash: 6bf25a01156725e7c0011151f07993741b2b1e32cf902c190d40eba2b555cf2f
Instruction Fuzzy Hash: CB718C75E00605AFCB10DFA8C895BAEB7F5EF88320F148459E956EB341DB74EE418B90

Function 00A67E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00B95950), ref: 00A67F37
IsWindowEnabled.USER32(00B95950), ref: 00A67F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00A6801E
SendMessageW.USER32(00B95950,000000B0,?,?), ref: 00A68051
IsDlgButtonChecked.USER32(?,?), ref: 00A68089
GetWindowLongW.USER32(00B95950,000000EC), ref: 00A680AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00A680C3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 1a1dbb6113cdcf8b4b3ce5f0ea2c057d5d081609f870498344390704b4de6053
Instruction ID: 3ed57a9e2c35b104989dd70f094a0decc1cd924628598a6e9c5b89301a6acb5e
Opcode Fuzzy Hash: 1a1dbb6113cdcf8b4b3ce5f0ea2c057d5d081609f870498344390704b4de6053
Instruction Fuzzy Hash: 5071BB34618204AFEB21DFA4CC84FBEBBB9EF0A304F144559F995972A1CB75AC45CB20

Function 00A3AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00A3AEF9
GetKeyboardState.USER32(?), ref: 00A3AF0E
SetKeyboardState.USER32(?), ref: 00A3AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00A3AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00A3AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00A3AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A3B020

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 4e58d44e0d8e114631076cd0f0e6fe576355f445329e2bcf39920586b89119f2
Instruction ID: 9a5367425733a0d52ab9842bb9c7428f2b0b0185536729b6af341b882c469a40
Opcode Fuzzy Hash: 4e58d44e0d8e114631076cd0f0e6fe576355f445329e2bcf39920586b89119f2
Instruction Fuzzy Hash: 3051C2A06147E53DFB368334CC45BBBBEAA5B06304F088589F2D9598D2C3D9ACC8D761

Function 00A3ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00A3AD19
GetKeyboardState.USER32(?), ref: 00A3AD2E
SetKeyboardState.USER32(?), ref: 00A3AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A3ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A3ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A3AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A3AE38

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: c107a83f418a4ecbf5b153f6ce7db6d4b583d6aeb77fb9486ab88eb202308eeb
Instruction ID: 3fcb7fbe87cc102706bcacb0035ce179a4614db9329d997c67aba861575f9798
Opcode Fuzzy Hash: c107a83f418a4ecbf5b153f6ce7db6d4b583d6aeb77fb9486ab88eb202308eeb
Instruction Fuzzy Hash: 2651E4A16047F53DFB378374CC55BBABEA96B56300F188588F1D94A8C2D394EC88D762

Function 00A0542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00A13CD6,?,?,?,?,?,?,?,?,00A05BA3,?,?,00A13CD6,?,?), ref: 00A05470
__fassign.LIBCMT ref: 00A054EB
__fassign.LIBCMT ref: 00A05506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A13CD6,00000005,00000000,00000000), ref: 00A0552C
WriteFile.KERNEL32(?,00A13CD6,00000000,00A05BA3,00000000,?,?,?,?,?,?,?,?,?,00A05BA3,?), ref: 00A0554B
WriteFile.KERNEL32(?,?,00000001,00A05BA3,00000000,?,?,?,?,?,?,?,?,?,00A05BA3,?), ref: 00A05584

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 60a32f9b020e35ca953baaeb5f580f3ec6cc978a77fd94e13cc51cc261f21031
Instruction ID: 560d050e0960b630373bd119bb5b56dd277f4c88438044c829881b40ae34da49
Opcode Fuzzy Hash: 60a32f9b020e35ca953baaeb5f580f3ec6cc978a77fd94e13cc51cc261f21031
Instruction Fuzzy Hash: 97518F71E006499FDB10CFA8EC85AEEBBF9EF0A310F14415AE555E7291D770AA41CF60

Function 009F2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 009F2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 009F2D53
_ValidateLocalCookies.LIBCMT ref: 009F2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 009F2E0C
_ValidateLocalCookies.LIBCMT ref: 009F2E61

Strings

csm, xrefs: 009F2DF6

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6cb1e5d7f453a4194c1adaab537f4e1cd7c9f0bafbf80b9b116e991227fd74b0
Instruction ID: a918c9f86b2b506cef6d5010537ef8dad9579d31635de277d6556976ade7db09
Opcode Fuzzy Hash: 6cb1e5d7f453a4194c1adaab537f4e1cd7c9f0bafbf80b9b116e991227fd74b0
Instruction Fuzzy Hash: FE419334A0020DEBCF10DF68C845BBEBBB5BF85364F148155EA14AB392D7359A55CB90

Function 00A510B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A5307A
Part of subcall function 00A5304E: _wcslen.LIBCMT ref: 00A5309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A51112
WSAGetLastError.WSOCK32 ref: 00A51121
WSAGetLastError.WSOCK32 ref: 00A511C9
closesocket.WSOCK32(00000000), ref: 00A511F9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: de5a6d3bdb4b96e6556a1d5d0b123a445c4165c0f72b541bcae57156911015a9
Instruction ID: 46cdc7e4c0e7e2a536d2081a7bcf8af84f176a6fdcecf612523b03fc0e55cde0
Opcode Fuzzy Hash: de5a6d3bdb4b96e6556a1d5d0b123a445c4165c0f72b541bcae57156911015a9
Instruction Fuzzy Hash: 9641E131200604AFDB10DF64C884BB9BBB9FF84365F148299FD469B292D774AD46CBE0

Function 00A3CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A3DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A3CF22,?), ref: 00A3DDFD

Part of subcall function 00A3DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A3CF22,?), ref: 00A3DE16

lstrcmpiW.KERNEL32(?,?), ref: 00A3CF45
MoveFileW.KERNEL32(?,?), ref: 00A3CF7F
_wcslen.LIBCMT ref: 00A3D005
_wcslen.LIBCMT ref: 00A3D01B
SHFileOperationW.SHELL32(?), ref: 00A3D061

Strings

\*.*, xrefs: 00A3CFF3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: b32eb9442d6c9d8ec2c0c73ad3bc5902a8543e0956a031eb2ca5be6b062e03a1
Instruction ID: 0ca2a534daa1b374265265bf7e626e157c02dbd85e2889ad722f0c182dfa0b99
Opcode Fuzzy Hash: b32eb9442d6c9d8ec2c0c73ad3bc5902a8543e0956a031eb2ca5be6b062e03a1
Instruction Fuzzy Hash: F1415671D452189FDF12EBA4DE81AEEB7B8AF48790F0000E6F545EB141EB34AA85CF50

Function 00A62DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A62E1C
GetWindowLongW.USER32(?,000000F0), ref: 00A62E4F
GetWindowLongW.USER32(?,000000F0), ref: 00A62E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A62EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A62EE0
GetWindowLongW.USER32(?,000000F0), ref: 00A62EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A62F0B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 3ab65e1156d7d2ea742ab9ffcd2e3fcc2aeae1dcd7f83be14c0a1513ea129ffd
Instruction ID: a9f2f7a0047649718db5a23e7ebe5247564766862a9227d3b9d466d15bc8ef36
Opcode Fuzzy Hash: 3ab65e1156d7d2ea742ab9ffcd2e3fcc2aeae1dcd7f83be14c0a1513ea129ffd
Instruction Fuzzy Hash: 38312434644641AFEB20CF98DC84F653BF0FB9A720F140165F9508F2B1CBB6A841DB01

Function 00A37726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A37769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A3778F
SysAllocString.OLEAUT32(00000000), ref: 00A37792
SysAllocString.OLEAUT32(?), ref: 00A377B0
SysFreeString.OLEAUT32(?), ref: 00A377B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00A377DE
SysAllocString.OLEAUT32(?), ref: 00A377EC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 7f9688f9d589310712ae7c6e7f7527ba1fa38a1414750cd0fcfc5a8626c444f3
Instruction ID: 7f208278433a3aa26ba1873b2dca240e220d84d8a61d3058b761cbb71af0452c
Opcode Fuzzy Hash: 7f9688f9d589310712ae7c6e7f7527ba1fa38a1414750cd0fcfc5a8626c444f3
Instruction Fuzzy Hash: 192192B6608219AFDB20DFA9CC88DBF77ACEB09764B048026F915DB150D670DC42C760

Function 00A377FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A37842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A37868
SysAllocString.OLEAUT32(00000000), ref: 00A3786B
SysAllocString.OLEAUT32 ref: 00A3788C
SysFreeString.OLEAUT32 ref: 00A37895
StringFromGUID2.OLE32(?,?,00000028), ref: 00A378AF
SysAllocString.OLEAUT32(?), ref: 00A378BD

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 97379404e903321330265c156c17eeafdc5f511bbb3853b61c53123b335fa31b
Instruction ID: ebe472ed24cb742325cfcf8ff44afb020c9eea912f45b5d91585a28f6803e628
Opcode Fuzzy Hash: 97379404e903321330265c156c17eeafdc5f511bbb3853b61c53123b335fa31b
Instruction Fuzzy Hash: 6C215E72609205AFDB20DBE9DC8CDBA77BCEB09760B108125F915DB2A1DA70DC81CB64

Function 00A404D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00A404F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A4052E

Strings

nul, xrefs: 00A40567

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: a23b1c9518213019314d85efb11dbbd20c0c5b610524f17de720e420823161c8
Instruction ID: 22a740c1de708ed3d2cd16b2a06a6d58b3a87d61417eebcb0fd10e69dfcd9d41
Opcode Fuzzy Hash: a23b1c9518213019314d85efb11dbbd20c0c5b610524f17de720e420823161c8
Instruction Fuzzy Hash: C021A278500305ABCF209F69DC04E9A7BB4EF84720F208A19F9A1D72E0D7B09940EF21

Function 00A405A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00A405C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A40601

Strings

nul, xrefs: 00A40639

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 87492b4da2ee3ef9a1262cf97e7d0d855477a552036bc6e2b9b22e09f49227e2
Instruction ID: dc75ebbd6dad171d750a2b733f7edbe9b96f211d07300e000371d12d729ccbce
Opcode Fuzzy Hash: 87492b4da2ee3ef9a1262cf97e7d0d855477a552036bc6e2b9b22e09f49227e2
Instruction Fuzzy Hash: FB2174795003059BDB209F698C04E9ABBF4AFD5730F204A19EAA2D72D0D7F09851EB10

Function 00A640AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009D604C
Part of subcall function 009D600E: GetStockObject.GDI32(00000011), ref: 009D6060
Part of subcall function 009D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 009D606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A64112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A6411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A6412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A64139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A64145

Strings

Msctls_Progress32, xrefs: 00A640E3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: ffc94208c2c3014ef3eaa929c912b0fdd1d3a5731afd9a76525c0c026ef93dd6
Instruction ID: 45f3d74d2084be92728d068525fa12b78a2db83b435257363474b83d6c91feb5
Opcode Fuzzy Hash: ffc94208c2c3014ef3eaa929c912b0fdd1d3a5731afd9a76525c0c026ef93dd6
Instruction Fuzzy Hash: D111B6B11501197EEF119F64CC85EE77F6DEF09798F014111FB18A2150C7769C61DBA4

Function 00A0D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A0D7A3: _free.LIBCMT ref: 00A0D7CC

_free.LIBCMT ref: 00A0D82D

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

_free.LIBCMT ref: 00A0D838
_free.LIBCMT ref: 00A0D843
_free.LIBCMT ref: 00A0D897
_free.LIBCMT ref: 00A0D8A2
_free.LIBCMT ref: 00A0D8AD
_free.LIBCMT ref: 00A0D8B8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: b9981c24394edab6c654e8573e23f0f001aed8659c41f23a684e6b55669c3741
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 50113072540B0CBAD621BFF4EE4BFCB7BDCAF84740F404825B299AA4D2DA75B5058760

Function 00A3DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A3DA74
LoadStringW.USER32(00000000), ref: 00A3DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A3DA91
LoadStringW.USER32(00000000), ref: 00A3DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A3DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00A3DAB9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: d03bf6eaf848fc68cc9321ec997c8466a7270d1d5ee2df4a7c09141b3af3a82f
Instruction ID: e260994ccddb9b91a3a4c0719414f167b96d2688723f3c1979a5c50be6d650a6
Opcode Fuzzy Hash: d03bf6eaf848fc68cc9321ec997c8466a7270d1d5ee2df4a7c09141b3af3a82f
Instruction Fuzzy Hash: A4014FF6900208BBE710DBE49D89EF7727CEB08351F400592F756E6041E6B49E854B74

Function 00A4096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00B9EE78,00B9EE78), ref: 00A4097B
EnterCriticalSection.KERNEL32(00B9EE58,00000000), ref: 00A4098D
TerminateThread.KERNEL32(?,000001F6), ref: 00A4099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00A409A9
CloseHandle.KERNEL32(?), ref: 00A409B8
InterlockedExchange.KERNEL32(00B9EE78,000001F6), ref: 00A409C8
LeaveCriticalSection.KERNEL32(00B9EE58), ref: 00A409CF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 3c04128dddd5ea828fcfbc232de851ee6c2b7d3a89a466f80edbd7a1b3b2ea26
Instruction ID: 22f16ac34a04ebab227dafcebbc043e658d86e28d8c770b07829e29a1607763f
Opcode Fuzzy Hash: 3c04128dddd5ea828fcfbc232de851ee6c2b7d3a89a466f80edbd7a1b3b2ea26
Instruction Fuzzy Hash: F3F03131442512FBD742AFE4EE9CBE6BB35FF41712F401015F241508A1C7B59466DFA0

Function 009D5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 009D5D30
GetWindowRect.USER32(?,?), ref: 009D5D71
ScreenToClient.USER32(?,?), ref: 009D5D99
GetClientRect.USER32(?,?), ref: 009D5ED7
GetWindowRect.USER32(?,?), ref: 009D5EF8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4bed4e9f83521cc95dded155d58205cbf389fe30791a7214944e4b7f12dccb6b
Instruction ID: 9201913009c167e0cc54c3165941d6b1294d31fd6608529c9d5d893f8b2b14c0
Opcode Fuzzy Hash: 4bed4e9f83521cc95dded155d58205cbf389fe30791a7214944e4b7f12dccb6b
Instruction Fuzzy Hash: 9FB17A34A0064ADBDB10DFA8C4807EEB7F1FF58310F14C91AE8A9D7250DB34AA91DB64

Function 00A001B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00A000BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A000D6
__allrem.LIBCMT ref: 00A000ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A0010B
__allrem.LIBCMT ref: 00A00122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A00140

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 9c766f61a010ff6dd37ea34d8c5aa4c9ba008be13db4f8b63f1b50c5f4e801be
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 5281E672A00B0E9BE7209F68DD51FAB73E9EF41724F24463AF651D66C1E770D9408B90

Function 00A51D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A53149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00A5101C,00000000,?,?,00000000), ref: 00A53195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A51DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A51DE1
WSAGetLastError.WSOCK32 ref: 00A51DF2
inet_ntoa.WSOCK32(?), ref: 00A51E8C
htons.WSOCK32(?,?,?,?,?), ref: 00A51EDB
_strlen.LIBCMT ref: 00A51F35

Part of subcall function 00A339E8: _strlen.LIBCMT ref: 00A339F2

Part of subcall function 009D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,009ECF58,?,?,?), ref: 009D6DBA
Part of subcall function 009D6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,009ECF58,?,?,?), ref: 009D6DED

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: 7f3d9aae98c045912a0ffa8b722afb4d3446563e8121bf106504f870bc795319
Instruction ID: 9aa26b022289baaf76aae888be02bc12357164b382010a843e1f3ac6f505afd2
Opcode Fuzzy Hash: 7f3d9aae98c045912a0ffa8b722afb4d3446563e8121bf106504f870bc795319
Instruction Fuzzy Hash: F9A1AC31204340AFC724EB24C895F3ABBA5BFC4318F54894DF8565B2A2DB71ED4ACB91

Function 00A061FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,009F82D9,009F82D9,?,?,?,00A0644F,00000001,00000001,8BE85006), ref: 00A06258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A0644F,00000001,00000001,8BE85006,?,?,?), ref: 00A062DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A063D8
__freea.LIBCMT ref: 00A063E5

Part of subcall function 00A03820: RtlAllocateHeap.NTDLL(00000000,?,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6,?,009D1129), ref: 00A03852

__freea.LIBCMT ref: 00A063EE
__freea.LIBCMT ref: 00A06413

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 99b102fd20f11e51591abe20116480189eda355109335b2be102fd9c88653641
Instruction ID: f8dbaafeda124b81670ca91e7c8809884d16497e76cbaf1e4d9ef944ecee5a93
Opcode Fuzzy Hash: 99b102fd20f11e51591abe20116480189eda355109335b2be102fd9c88653641
Instruction Fuzzy Hash: 2F51D172A0021AABEF258F64ED91EBF77A9EF44758F144629FC05DA1C0DB34DC60C6A1

Function 00A5BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A5C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A5B6AE,?,?), ref: 00A5C9B5
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5C9F1
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA68
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A5BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A5BD25
RegCloseKey.ADVAPI32(00000000), ref: 00A5BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A5BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A5BDF3
RegCloseKey.ADVAPI32(?), ref: 00A5BDFF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 9c8945ce1889a4b5903f19a62e3cadfffcad5d3502289f13915fabf51a0a8445
Instruction ID: 25aa8002243bc636828c9eee1cceba2776149ce3ab9a24a308e6a8caf2b16fd6
Opcode Fuzzy Hash: 9c8945ce1889a4b5903f19a62e3cadfffcad5d3502289f13915fabf51a0a8445
Instruction Fuzzy Hash: 89817C31218241AFD714DF24C891E2ABBF5FF84349F14855DF8994B2A2DB31ED49CBA2

Function 00A2F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00A2F7B9
SysAllocString.OLEAUT32(00000001), ref: 00A2F860
VariantCopy.OLEAUT32(00A2FA64,00000000), ref: 00A2F889
VariantClear.OLEAUT32(00A2FA64), ref: 00A2F8AD
VariantCopy.OLEAUT32(00A2FA64,00000000), ref: 00A2F8B1
VariantClear.OLEAUT32(?), ref: 00A2F8BB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 531b768c049502b6bba02cbc78f61c8676440639c4d1778960f187c85b4a7ab4
Instruction ID: da7d2172ef82611ec258ccaa8f21deaa49c27f329ca3ece97720adf091353e70
Opcode Fuzzy Hash: 531b768c049502b6bba02cbc78f61c8676440639c4d1778960f187c85b4a7ab4
Instruction Fuzzy Hash: 71519635600320BEDF24AB69E895B39B3B4EF45710B249477F906DF295DB708C80C796

Function 00A4910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 009D7620: _wcslen.LIBCMT ref: 009D7625

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00A494E5
_wcslen.LIBCMT ref: 00A49506
_wcslen.LIBCMT ref: 00A4952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00A49585

Strings

X, xrefs: 00A49412

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 3b46c4f02e8328ef0a19e2ccf951187540418a291957c2ef0d336dc6feba5074
Instruction ID: 6009b5ea143cfc9bd34161867dd5b2bb654cde5983599a01aec93ada3033d143
Opcode Fuzzy Hash: 3b46c4f02e8328ef0a19e2ccf951187540418a291957c2ef0d336dc6feba5074
Instruction Fuzzy Hash: 29E16C356043409FD724EF24C881B6BB7E4AFC5314F14896DE8999B3A2DB31ED05CB92

Function 009E920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

BeginPaint.USER32(?,?,?), ref: 009E9241
GetWindowRect.USER32(?,?), ref: 009E92A5
ScreenToClient.USER32(?,?), ref: 009E92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009E92D3
EndPaint.USER32(?,?,?,?,?), ref: 009E9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A271EA

Part of subcall function 009E9339: BeginPath.GDI32(00000000), ref: 009E9357

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: c148e61a2f3a31820168315fe5b2b97caa530ed2bd728a60a73e693847a87541
Instruction ID: 62d386ab6b88583103c79a861e78d04ecbb9a2528518beb0de83634ba7bbff6a
Opcode Fuzzy Hash: c148e61a2f3a31820168315fe5b2b97caa530ed2bd728a60a73e693847a87541
Instruction Fuzzy Hash: 0941BF30104251AFD712DF65D884FBA7BB8EF46320F140629F9A4872F1C7709C46DB62

Function 00A407EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00A4080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A40847
EnterCriticalSection.KERNEL32(?), ref: 00A40863
LeaveCriticalSection.KERNEL32(?), ref: 00A408DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A408F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00A40921

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: d3f41e09f14858bcae81a071f7be92dea19f307c65825f220bcd2206c3760a4e
Instruction ID: f4d605fa858d936e6f7dec73caf2b9b6ffce58cbe17fc6c0db22f310090c51fe
Opcode Fuzzy Hash: d3f41e09f14858bcae81a071f7be92dea19f307c65825f220bcd2206c3760a4e
Instruction Fuzzy Hash: 58418B71900205EBDF05EFA4DC85AAA7778FF84310F1040A9EE009A297DB70EE61DBA0

Function 00A681DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A2F3AB,00000000,?,?,00000000,?,00A2682C,00000004,00000000,00000000), ref: 00A6824C
EnableWindow.USER32(?,00000000), ref: 00A68272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A682D1
ShowWindow.USER32(?,00000004), ref: 00A682E5
EnableWindow.USER32(?,00000001), ref: 00A6830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A6832F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 0a859b0683163b5214b9f80ad6f6857003cd0fae791a9abcbf06c8f37d34d9cd
Instruction ID: 1247eeded8d2b28db7eca493f44132cf08fea372c4ae528b6505a09a5204b956
Opcode Fuzzy Hash: 0a859b0683163b5214b9f80ad6f6857003cd0fae791a9abcbf06c8f37d34d9cd
Instruction Fuzzy Hash: 1841E634601641AFDB22CF65C8A9BE47BF4FB0A714F180369E5584F2B2CB39A842CB40

Function 00A34C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00A34C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A34CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A34CEA
_wcslen.LIBCMT ref: 00A34D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A34D10
_wcsstr.LIBVCRUNTIME ref: 00A34D1A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: ff68cf90920ce90fdd260f481cd5f7519e7582972b5c71f975e6fb69856ce83c
Instruction ID: f1c8ca97460dcab0db25de89fac942bdc50c25b38c07f21be3bfe0783ae916db
Opcode Fuzzy Hash: ff68cf90920ce90fdd260f481cd5f7519e7582972b5c71f975e6fb69856ce83c
Instruction Fuzzy Hash: 98213B32204200BBEB159B75EC09F7B7BACDF49760F10803EF805CA191DEA5EC0187A0

Function 00A4581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 009D3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,009D3A97,?,?,009D2E7F,?,?,?,00000000), ref: 009D3AC2

_wcslen.LIBCMT ref: 00A4587B
CoInitialize.OLE32(00000000), ref: 00A45995
CoCreateInstance.OLE32(00A6FCF8,00000000,00000001,00A6FB68,?), ref: 00A459AE
CoUninitialize.OLE32 ref: 00A459CC

Strings

.lnk, xrefs: 00A45876, 00A458C1, 00A45985

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 9474bd77a8f7c5d3ccbb414e91770b82071f256300f56f3e82725a92dd23c66f
Instruction ID: c90e1024fc65b542e797630088abb7b9c246728120214182d3901239e87a0326
Opcode Fuzzy Hash: 9474bd77a8f7c5d3ccbb414e91770b82071f256300f56f3e82725a92dd23c66f
Instruction Fuzzy Hash: BAD14279A086019FC714DF28C484A2ABBE1FFC9714F14895DF8899B362DB31EC45CB92

Function 00A3175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A30FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A30FCA
Part of subcall function 00A30FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A30FD6
Part of subcall function 00A30FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A30FE5
Part of subcall function 00A30FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A30FEC
Part of subcall function 00A30FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A31002

GetLengthSid.ADVAPI32(?,00000000,00A31335), ref: 00A317AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A317BA
HeapAlloc.KERNEL32(00000000), ref: 00A317C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00A317DA
GetProcessHeap.KERNEL32(00000000,00000000,00A31335), ref: 00A317EE
HeapFree.KERNEL32(00000000), ref: 00A317F5

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 7efb47afcb834bf0e8a9c92e7088ea29d06c7acc61368ae76d165697901fae86
Instruction ID: 5c9ad1e63a076b4cab301d055a9afc8681f737e2a0817fb0d361534189b61001
Opcode Fuzzy Hash: 7efb47afcb834bf0e8a9c92e7088ea29d06c7acc61368ae76d165697901fae86
Instruction Fuzzy Hash: EB117932600205EFDB21DFA4CC49FBE7BB9EB46369F184119F481A7210D776A945CF60

Function 00A314CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00A314FF
OpenProcessToken.ADVAPI32(00000000), ref: 00A31506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00A31515
CloseHandle.KERNEL32(00000004), ref: 00A31520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A3154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00A31563

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 1d109add480919fcee8916ec0687e7450265ae146bef093e7afb3d2a02ce5394
Instruction ID: a1ed67cb6ddf9e292e64b1611fdb15ee11d576def641511c44935db1772fe5c7
Opcode Fuzzy Hash: 1d109add480919fcee8916ec0687e7450265ae146bef093e7afb3d2a02ce5394
Instruction Fuzzy Hash: B1112972500249ABDF11CFD8DD49FEE7BB9EF48754F044015FA45A2160C3B58E61DB60

Function 009F3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,009F3379,009F2FE5), ref: 009F3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009F339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009F33B7
SetLastError.KERNEL32(00000000,?,009F3379,009F2FE5), ref: 009F3409

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ac82da2115f455fb3758491cc4862124a1b5aec11a684591803124aa0d031f91
Instruction ID: f56765a500cdb31dcf8be4c449dee789a20338ce07f851b6bbd038463d961932
Opcode Fuzzy Hash: ac82da2115f455fb3758491cc4862124a1b5aec11a684591803124aa0d031f91
Instruction Fuzzy Hash: B6014C33308B19BEE61567F47C867372A98DB45379760822AF710C42F0FF994D125344

Function 00A02D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A05686,00A13CD6,?,00000000,?,00A05B6A,?,?,?,?,?,009FE6D1,?,00A98A48), ref: 00A02D78
_free.LIBCMT ref: 00A02DAB
_free.LIBCMT ref: 00A02DD3
SetLastError.KERNEL32(00000000,?,?,?,?,009FE6D1,?,00A98A48,00000010,009D4F4A,?,?,00000000,00A13CD6), ref: 00A02DE0
SetLastError.KERNEL32(00000000,?,?,?,?,009FE6D1,?,00A98A48,00000010,009D4F4A,?,?,00000000,00A13CD6), ref: 00A02DEC
_abort.LIBCMT ref: 00A02DF2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 463753bfe27a1e533a07663b8439bdac536d24052a49167fe0088eb2b84a2506
Instruction ID: e0273f822dd7fbd0315853e23da5efd5601492814aa2587d6dc75d571c85cf75
Opcode Fuzzy Hash: 463753bfe27a1e533a07663b8439bdac536d24052a49167fe0088eb2b84a2506
Instruction Fuzzy Hash: 0AF02232604B0827DA237378BD0EF6A266DAFC27B0F310519F824932E2EF208C024320

Function 00A68A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 009E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 009E9693
Part of subcall function 009E9639: SelectObject.GDI32(?,00000000), ref: 009E96A2
Part of subcall function 009E9639: BeginPath.GDI32(?), ref: 009E96B9
Part of subcall function 009E9639: SelectObject.GDI32(?,00000000), ref: 009E96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A68A4E
LineTo.GDI32(?,00000003,00000000), ref: 00A68A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A68A70
LineTo.GDI32(?,00000000,00000003), ref: 00A68A80
EndPath.GDI32(?), ref: 00A68A90
StrokePath.GDI32(?), ref: 00A68AA0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 14fdca17dfe22c8b55db7ce1741524885a9afac0742fa306db4a55c03a4f003b
Instruction ID: 0157a023385b1703d85f44914ce8a2fe6c4dd18fd4a2f32b7c13f3401145e97d
Opcode Fuzzy Hash: 14fdca17dfe22c8b55db7ce1741524885a9afac0742fa306db4a55c03a4f003b
Instruction Fuzzy Hash: AB11F776000109FFDB12DFD4EC88EAA7F6CEB083A0F018012FA599A1A1C7719D56DBA0

Function 00A351FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A35218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00A35229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A35230
ReleaseDC.USER32(00000000,00000000), ref: 00A35238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A3524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A35261

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 89c31c14e72d0de284f8ee96129e20f17c291b0fe4e3fec2801a73e3ce36f931
Instruction ID: 1ce0d3408ad461c5ad2f79e180674f6bed195f68c467cd1fa0d204847c854811
Opcode Fuzzy Hash: 89c31c14e72d0de284f8ee96129e20f17c291b0fe4e3fec2801a73e3ce36f931
Instruction Fuzzy Hash: 28018F75E00718BBEB109BF99C49A5EBFB8EF48361F044066FA04A7280D6B09801CBA0

Function 009D1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 009D1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 009D1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 009D1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 009D1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 009D1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 009D1C22

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 7a1caeaa53a5c4105f576dea24b04555c2c355269ca32ed6edd7e88b45d8e2c7
Instruction ID: ffb36eb83b23ebb67a5b8b5deffd5ba4479437fd91c59546aa936ac78c775548
Opcode Fuzzy Hash: 7a1caeaa53a5c4105f576dea24b04555c2c355269ca32ed6edd7e88b45d8e2c7
Instruction Fuzzy Hash: 0E0144B0902B5ABDE3008F6A8C85A52FEA8FF19354F00411BA15C4BA42C7F5A864CBE5

Function 00A3EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A3EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A3EB46
GetWindowThreadProcessId.USER32(?,?), ref: 00A3EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A3EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A3EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A3EB75

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: e054270823e0d6af94dffd5f23a1e2fce7c26705193d557084ddb58f145fb679
Instruction ID: bb4201644d911c68bb4a657a5589d1a9b3146dc7111db49b235735507ff35d5d
Opcode Fuzzy Hash: e054270823e0d6af94dffd5f23a1e2fce7c26705193d557084ddb58f145fb679
Instruction Fuzzy Hash: 3AF01D76240158BBE621AB92DC0DEBB7A7CEFCAB21F004158F642D119196E45A0286B5

Function 00A27439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00A27452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00A27469
GetWindowDC.USER32(?), ref: 00A27475
GetPixel.GDI32(00000000,?,?), ref: 00A27484
ReleaseDC.USER32(?,00000000), ref: 00A27496
GetSysColor.USER32(00000005), ref: 00A274B0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 82a0c8479606cbce65a4ff48b1d84dbc67cf8f9fbbeb6da3cebbea4c3abb0889
Instruction ID: 807227fe86a1a3a27d57e57cd5cae4c222b819a52a1abc9d3674fc79c827c5d1
Opcode Fuzzy Hash: 82a0c8479606cbce65a4ff48b1d84dbc67cf8f9fbbeb6da3cebbea4c3abb0889
Instruction Fuzzy Hash: 58018B31400215EFDB51AFA4EC08BBE7BB6FB04321F105160F956A21E0CB711E42AB50

Function 00A31874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A3187F
UnloadUserProfile.USERENV(?,?), ref: 00A3188B
CloseHandle.KERNEL32(?), ref: 00A31894
CloseHandle.KERNEL32(?), ref: 00A3189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00A318A5
HeapFree.KERNEL32(00000000), ref: 00A318AC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: b787f5759f84084e262d8cd018634accf1292c45354c87bceb633fbc66c65cab
Instruction ID: 79ee430b1fabf24473196583965074cdbd2e997188c520f50ec6bc73c4dd219c
Opcode Fuzzy Hash: b787f5759f84084e262d8cd018634accf1292c45354c87bceb633fbc66c65cab
Instruction Fuzzy Hash: 46E0E536004101BBDB01AFE2ED0C91AFF39FF4AB32B108221F26585170CBB29422DF60

Function 00A3C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D7620: _wcslen.LIBCMT ref: 009D7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A3C6EE
_wcslen.LIBCMT ref: 00A3C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A3C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A3C7CA

Strings

0, xrefs: 00A3C6AF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 269399ee28691b870d3a68e71f3cc5b9b82880cc68a5eee2c765f3808ff28e81
Instruction ID: 330eaec45ab04a3638d2cc5fd426e317411443884865c234299edacf1ca3f10e
Opcode Fuzzy Hash: 269399ee28691b870d3a68e71f3cc5b9b82880cc68a5eee2c765f3808ff28e81
Instruction Fuzzy Hash: 5E51AD71604341ABD7159F28CC89B6BB7E8AF89320F040A2EF995F32E1DB60DD04CB52

Function 00A5AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00A5AEA3

Part of subcall function 009D7620: _wcslen.LIBCMT ref: 009D7625

GetProcessId.KERNEL32(00000000), ref: 00A5AF38
CloseHandle.KERNEL32(00000000), ref: 00A5AF67

Strings

@, xrefs: 00A5AE72
<, xrefs: 00A5AE6B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 57fa4c8e94ef7e573fa3183f690e388f15cc561d54b7d9e03f391d222773ed98
Instruction ID: e5077595cff9a6958fe1656f13fe98913dc60c3bf766039d3ee33c8822891b87
Opcode Fuzzy Hash: 57fa4c8e94ef7e573fa3183f690e388f15cc561d54b7d9e03f391d222773ed98
Instruction Fuzzy Hash: 09714671A00219DFCB14EF94D485A9EBBF0BF48310F04859AE816AB352DB74ED49CB91

Function 00A3719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A37206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A3723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A3724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A372CF

Strings

DllGetClassObject, xrefs: 00A37242

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: e4597897f62ca4b82626737ecc3de588b4d629d877f0c29e2e89927c3dc5fadf
Instruction ID: 75d21e3520c36e433fa98204aecf66bb770b9919d9f048db201b53ababe1c6c1
Opcode Fuzzy Hash: e4597897f62ca4b82626737ecc3de588b4d629d877f0c29e2e89927c3dc5fadf
Instruction Fuzzy Hash: 07412CB1A04205AFDB25CF94C884AAF7BB9EF49710F1480A9FD059F20AD7B1D945CBA0

Function 00A63D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A63E35
IsMenu.USER32(?), ref: 00A63E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A63E92
DrawMenuBar.USER32 ref: 00A63EA5

Strings

0, xrefs: 00A63D89

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: c7008068d7009ab80cc206779954740b5ae1612491d2f1515c072080835f0f31
Instruction ID: b01b6ea87d0a1f299d05431f572bd533a75cf84e36da06c83ec90ca1af240744
Opcode Fuzzy Hash: c7008068d7009ab80cc206779954740b5ae1612491d2f1515c072080835f0f31
Instruction Fuzzy Hash: 93414776A01209EFDF10DFA0D884AAABBF9FF49360F044129F905A7250D775AE56CF60

Function 00A31DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A31E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A31E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00A31EA9

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

Strings

ComboBox, xrefs: 00A31DF0
ListBox, xrefs: 00A31E25

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: b0f4d5b64f6e60474ea16d5e213636305928e439d1e5c6f84f47a00933df0bc5
Instruction ID: 26a66976a9749cbac38fa7b184458304588cb9747eb85f343d0da97394afe236
Opcode Fuzzy Hash: b0f4d5b64f6e60474ea16d5e213636305928e439d1e5c6f84f47a00933df0bc5
Instruction Fuzzy Hash: 07213871A40104BEDB14ABB4DC46DFFB7B8EF85760F20851AF825A72E1DB794D0A9620

Function 00A5C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A5C9F1
_wcslen.LIBCMT ref: 00A5CA68
_wcslen.LIBCMT ref: 00A5CA9E
_wcslen.LIBCMT ref: 00A5CAF9
_wcslen.LIBCMT ref: 00A5CB2F
_wcslen.LIBCMT ref: 00A5CB7F

Strings

HKLM, xrefs: 00A5CA98, 00A5CA9D
HKEY_LOCAL_MACHINE, xrefs: 00A5CA62, 00A5CA67

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 5214e1b4127a8d08ef98218081efb715a19e5f5cc2ca11ea4dfad59ac17b4c0c
Instruction ID: 93f2d50ba0b723af8d618557243661e1aacf6f5fe46f9670ddc031a7f615baec
Opcode Fuzzy Hash: 5214e1b4127a8d08ef98218081efb715a19e5f5cc2ca11ea4dfad59ac17b4c0c
Instruction Fuzzy Hash: 3131A77270066A4FCB20DF6C99405BF3B937BA17E6B154029EE456B34DE671CD48D3A0

Function 00A62F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A62F8D
LoadLibraryW.KERNEL32(?), ref: 00A62F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A62FA9
DestroyWindow.USER32(?), ref: 00A62FB1

Strings

SysAnimate32, xrefs: 00A62F68

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: ebbdeacee1ccc9aa0b2347763647ff286745ce3df8a1101f69c1ae6d0fb5679f
Instruction ID: 22094e2a3162f43a56b4276505efbbde2c241138de038895b02b3ba4d0a91893
Opcode Fuzzy Hash: ebbdeacee1ccc9aa0b2347763647ff286745ce3df8a1101f69c1ae6d0fb5679f
Instruction Fuzzy Hash: 83218CB1204605ABEB108FA4DC80FBB77B9EF99364F104619FA50D61A0D7B1DC619760

Function 009F4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009F4D1E,00A028E9,?,009F4CBE,00A028E9,00A988B8,0000000C,009F4E15,00A028E9,00000002), ref: 009F4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009F4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,009F4D1E,00A028E9,?,009F4CBE,00A028E9,00A988B8,0000000C,009F4E15,00A028E9,00000002,00000000), ref: 009F4DC3

Strings

mscoree.dll, xrefs: 009F4D86
CorExitProcess, xrefs: 009F4D98

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 3badae4d0fe699e19954aafdeb9e6e77f0e4a1431c18326527ca8a30f259f716
Instruction ID: 475ccb5b850d1c4259efdd84141f047ce81a597edba4c5713d2bcc65c30efef0
Opcode Fuzzy Hash: 3badae4d0fe699e19954aafdeb9e6e77f0e4a1431c18326527ca8a30f259f716
Instruction Fuzzy Hash: 26F04F34A4020CBBDB159FD4DC49BBEBBB9EF44762F4041A5F909A62A0DB74A941CB90

Function 009D4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,009D4EDD,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 009D4EAE
FreeLibrary.KERNEL32(00000000,?,?,009D4EDD,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 009D4EA8
kernel32.dll, xrefs: 009D4E94

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: 962c1132b79dab12bea7976635fde1506e1c0a51c5322aa94e58e8fad3eb45b4
Instruction ID: 1ff0d741fb952d801d7e4028b2de81dbda08e346109fac6dd64227823978d5bf
Opcode Fuzzy Hash: 962c1132b79dab12bea7976635fde1506e1c0a51c5322aa94e58e8fad3eb45b4
Instruction Fuzzy Hash: 64E08636A415227BD22157656C18A7B6678AF82F727094216FC40D2200DBB4CD0240B0

Function 009D4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A13CDE,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 009D4E74
FreeLibrary.KERNEL32(00000000,?,?,00A13CDE,?,00AA1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 009D4E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 009D4E6E
kernel32.dll, xrefs: 009D4E5B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 3ef18d5a66c6c906fcfd55f7d314d629cd79a102a532e90ae57972f850637672
Instruction ID: f4c83fe99a35b7d0e77598ec18005540323df18f0818587b78f3dbe278d011a1
Opcode Fuzzy Hash: 3ef18d5a66c6c906fcfd55f7d314d629cd79a102a532e90ae57972f850637672
Instruction Fuzzy Hash: 48D0C23264266177CA221B64BC08DAB2B3CBFC6F713054712F841A2210CFB4CD0281E1

Function 00A42947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A42C05
DeleteFileW.KERNEL32(?), ref: 00A42C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A42C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A42CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A42CC0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: b7b16e6ba2309a61fac87c7d4040f8960d6eff9d087adc4356d015c5919168a9
Instruction ID: d0419f8d3194822e35880500fa04d382a369ae0fa08b980b1da9a8a9f6b0d3fe
Opcode Fuzzy Hash: b7b16e6ba2309a61fac87c7d4040f8960d6eff9d087adc4356d015c5919168a9
Instruction Fuzzy Hash: 2CB14D7690011DABDF11EBA4CD85FEEBBBDEF88350F5040A6F609E7151EA309A448F61

Function 00A5A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00A5A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A5A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A5A468
CloseHandle.KERNEL32(?), ref: 00A5A63D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 5ac743dbe0081675896b1d4d8ba400689cf306f32964773a568461f7ecc0027b
Instruction ID: ea78b084953de52a0ebe7d9b1b022e6d34e1f980f791271047af11da66a4ee1a
Opcode Fuzzy Hash: 5ac743dbe0081675896b1d4d8ba400689cf306f32964773a568461f7ecc0027b
Instruction Fuzzy Hash: 82A19D716043019FD720DF28D886F2AB7E1AF94714F14891DF99A9B392E7B0EC45CB92

Function 00A3E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A3DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A3CF22,?), ref: 00A3DDFD

Part of subcall function 00A3DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A3CF22,?), ref: 00A3DE16

Part of subcall function 00A3E199: GetFileAttributesW.KERNEL32(?,00A3CF95), ref: 00A3E19A

lstrcmpiW.KERNEL32(?,?), ref: 00A3E473
MoveFileW.KERNEL32(?,?), ref: 00A3E4AC
_wcslen.LIBCMT ref: 00A3E5EB
_wcslen.LIBCMT ref: 00A3E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A3E650

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: 0440f3d6b8ae3de901f17a3ee90e24e55c6044cf4a6b225a2e068e11bd376f39
Instruction ID: 1c5fb66f4cbbaa1f45d7430f6106152dcba9d8f4d6d4d159c80551276b3c4306
Opcode Fuzzy Hash: 0440f3d6b8ae3de901f17a3ee90e24e55c6044cf4a6b225a2e068e11bd376f39
Instruction Fuzzy Hash: B25165B25083459BC724EBA0DC81AEF77ECAF84354F00491EF6C9D3191EF75A5888756

Function 00A5B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A5C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A5B6AE,?,?), ref: 00A5C9B5
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5C9F1
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA68
Part of subcall function 00A5C998: _wcslen.LIBCMT ref: 00A5CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A5BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A5BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A5BB63
RegCloseKey.ADVAPI32(?,?), ref: 00A5BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00A5BBB3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 9cd91194b870fb7c455cd3c6c653716b6e046a9d57bbf190962ecad02a93f91c
Instruction ID: 36a835b46462667d377102d734452ee4c9f2b7a469d2b34bc9148d6315e073f4
Opcode Fuzzy Hash: 9cd91194b870fb7c455cd3c6c653716b6e046a9d57bbf190962ecad02a93f91c
Instruction Fuzzy Hash: 2B61B031218241AFC314DF24C490E2ABBF5FF84349F15855DF8998B2A2DB31ED49CBA2

Function 00A38BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A38BCD
VariantClear.OLEAUT32 ref: 00A38C3E
VariantClear.OLEAUT32 ref: 00A38C9D
VariantClear.OLEAUT32(?), ref: 00A38D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A38D3B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 711f3979e26cb93c4801de7aa60cd75f05986ab5d4d1bdecc6204d422d7fa7b3
Instruction ID: c65d0775844e8500c21d62d85e5d01cbe0c2242f5f02458b2cc732bd085c66ea
Opcode Fuzzy Hash: 711f3979e26cb93c4801de7aa60cd75f05986ab5d4d1bdecc6204d422d7fa7b3
Instruction Fuzzy Hash: 33515AB5A00219EFCB14CF68C894AAAB7F8FF89310F158559F905DB350EB34E911CB90

Function 00A48AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A48BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A48BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A48C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A48C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A48C5F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 6f2dd6e4ac4465dbdfc276749399ac1e95d847b5ad5f3e26a2ce8cd48d3d97ac
Instruction ID: 1b4563b93d46449bdf924db991775f3a5ff38388cd02d259acdfa4eb66c67033
Opcode Fuzzy Hash: 6f2dd6e4ac4465dbdfc276749399ac1e95d847b5ad5f3e26a2ce8cd48d3d97ac
Instruction Fuzzy Hash: 13515A35A002159FCB01DFA5D880AADBBF5FF88314F08C059E849AB362DB35ED41CB91

Function 00A58EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A58F40
GetProcAddress.KERNEL32(00000000,?), ref: 00A58FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00A58FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00A59032
FreeLibrary.KERNEL32(00000000), ref: 00A59052

Part of subcall function 009EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A41043,?,753CE610), ref: 009EF6E6
Part of subcall function 009EF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A2FA64,00000000,00000000,?,?,00A41043,?,753CE610,?,00A2FA64), ref: 009EF70D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 1f11a2c5b327866898911c1835b3a2f4b921766597c0f0ff88157cb4a52b7cdc
Instruction ID: daecacf5506e2a436651a1398f6c98acb49a307eacffba0a81b41edf3ada0c2d
Opcode Fuzzy Hash: 1f11a2c5b327866898911c1835b3a2f4b921766597c0f0ff88157cb4a52b7cdc
Instruction Fuzzy Hash: FD513935600205DFC711EF58C4949ADBBF1FF49325B0581A9EC0AAB362DB31ED8ACB91

Function 00A66B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A66C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00A66C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A66C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A4AB79,00000000,00000000), ref: 00A66C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A66CC7

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: cba8a23289048a895dd531772f2e950d3035f5d42d0493773132dde5ac23ba86
Instruction ID: f890e739ec9c3b7b5edafda1a76da8067115c54b26a4c0f221d3165359ee6cf0
Opcode Fuzzy Hash: cba8a23289048a895dd531772f2e950d3035f5d42d0493773132dde5ac23ba86
Instruction Fuzzy Hash: E041B135A04504BFDB24CF68CD58FBA7BB9EB09360F150268F899A72E0C371AD41CA90

Function 00A02051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A020C3
_free.LIBCMT ref: 00A020E3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 7e1743d63b1caaaf4edc22c0fa78a429bfe5a1f8161a93df83b07fc9b151396e
Instruction ID: 4585cfce37bec15bc9538d73a472c469d8e1f98d19dac5207c1a66d3da68b0c3
Opcode Fuzzy Hash: 7e1743d63b1caaaf4edc22c0fa78a429bfe5a1f8161a93df83b07fc9b151396e
Instruction Fuzzy Hash: AD41D132A003089FCB24DF78D985B5EB7B5EF89314F1545A9E615EB392DA31AD01CB90

Function 009E912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 009E9141
ScreenToClient.USER32(00000000,?), ref: 009E915E
GetAsyncKeyState.USER32(00000001), ref: 009E9183
GetAsyncKeyState.USER32(00000002), ref: 009E919D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 72e409ae1914ee2d59c7c87834f660b5f3c23acf751fc08d6ccee56a3952f354
Instruction ID: a8a4dad8424b20908aa4fc67877aac307ceafe5cf7208925035036f21b1f0227
Opcode Fuzzy Hash: 72e409ae1914ee2d59c7c87834f660b5f3c23acf751fc08d6ccee56a3952f354
Instruction Fuzzy Hash: 9141403190855AFBDF159F69D844BEEB774FF05320F204325E429A72A0C7746E54CB51

Function 00A43874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A438CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A43922
TranslateMessage.USER32(?), ref: 00A4394B
DispatchMessageW.USER32(?), ref: 00A43955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A43966

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 0d4878d6c0a8d3cff536ea0dba88659c1263b65318c84b28bccfb95483dddc2e
Instruction ID: 866cf0a1416e4eeffbec575810432109eb83e3c34a07e765d89abaad266da0e5
Opcode Fuzzy Hash: 0d4878d6c0a8d3cff536ea0dba88659c1263b65318c84b28bccfb95483dddc2e
Instruction Fuzzy Hash: B331F976904342EEEF35CB749C58BB777E8AB86300F044559D4A2C21E1E3F49686CB21

Function 00A4CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A4C21E,00000000), ref: 00A4CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00A4CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00A4C21E,00000000), ref: 00A4CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A4C21E,00000000), ref: 00A4CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A4C21E,00000000), ref: 00A4CFF2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 47c89afe21da876786cb10a261858764bf05c6fadaa1b9fe24833166afb3a124
Instruction ID: dffa214be59df689c482d5b85a8e8f729f2e02d8d2cec683f703ca98c4ab6972
Opcode Fuzzy Hash: 47c89afe21da876786cb10a261858764bf05c6fadaa1b9fe24833166afb3a124
Instruction Fuzzy Hash: A2318CB5601305EFDB60DFA5C884AABBBF9EB94321B10442EF50AD2141EB74AE45DB60

Function 00A31901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A31915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00A319C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00A319C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00A319DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A319E2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 3aca8b42f4afc7225597f8a876c0b6c08e2ddf2e702ced5db72ad1fe0d8a6b5b
Instruction ID: 448771c4a1decaaeae353d2727d6d2f3fa2ddc15efb73027045b4e7ab13271ce
Opcode Fuzzy Hash: 3aca8b42f4afc7225597f8a876c0b6c08e2ddf2e702ced5db72ad1fe0d8a6b5b
Instruction Fuzzy Hash: D031B471A00219EFCB04CFA8CD99BEE7BB5EB45325F104225F961A72D1C7B09D54DB90

Function 00A65706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A65745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00A6579D
_wcslen.LIBCMT ref: 00A657AF
_wcslen.LIBCMT ref: 00A657BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A65816

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: e7dec30b3135b1fc9e39943a04525f1015c94367060e7a36b38a84d58d23f43c
Instruction ID: ba50207a8361ad041c49d66d70f9232cc3e6bd7167dba62a8bba587d0688907c
Opcode Fuzzy Hash: e7dec30b3135b1fc9e39943a04525f1015c94367060e7a36b38a84d58d23f43c
Instruction Fuzzy Hash: CF218275D04618AADB20DFB0CC85AEE77B8FF44724F108656E929EB1C0DBB49985CF50

Function 00A50930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A50951
GetForegroundWindow.USER32 ref: 00A50968
GetDC.USER32(00000000), ref: 00A509A4
GetPixel.GDI32(00000000,?,00000003), ref: 00A509B0
ReleaseDC.USER32(00000000,00000003), ref: 00A509E8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: ae3a96ec4064c768b5f38bebbbd80c83672a1cb8cf58d62a4cc217827260aa86
Instruction ID: f7e6cb04c50cf76a788aec5ee7f0de9dea524a5ec46531a3759b2b295ce0d187
Opcode Fuzzy Hash: ae3a96ec4064c768b5f38bebbbd80c83672a1cb8cf58d62a4cc217827260aa86
Instruction Fuzzy Hash: 7E216F39600204AFD704EFA9D985AAEBBF5FF84751F048069F85A97352CB70AC45CB50

Function 00A0CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00A0CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A0CDE9

Part of subcall function 00A03820: RtlAllocateHeap.NTDLL(00000000,?,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6,?,009D1129), ref: 00A03852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A0CE0F
_free.LIBCMT ref: 00A0CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A0CE31

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: ebb4a37c0d93747e105a18b7d63fdb14e6b360c8d0bc4bfc79b9191a5087d37d
Instruction ID: e168347f51ca50fad1f0919ef153a86a3917c328ae04f71f02f68084a51d4c90
Opcode Fuzzy Hash: ebb4a37c0d93747e105a18b7d63fdb14e6b360c8d0bc4bfc79b9191a5087d37d
Instruction Fuzzy Hash: 8701B1726012197FE32167F6BC8CD7B697DDAC6BB13150229FD05C7280EA608D0291B0

Function 009E9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 009E9693
SelectObject.GDI32(?,00000000), ref: 009E96A2
BeginPath.GDI32(?), ref: 009E96B9
SelectObject.GDI32(?,00000000), ref: 009E96E2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 7469100ab82f2ea3ab57308d1fec4e5dec612637fe5b55dc4b0e4f3e32e8b907
Instruction ID: a58962834916ee549ff135a1290c1c1c66e5344d7b2eb2fb09520949159ba580
Opcode Fuzzy Hash: 7469100ab82f2ea3ab57308d1fec4e5dec612637fe5b55dc4b0e4f3e32e8b907
Instruction Fuzzy Hash: 44218330801346FBDB12DFA5EC187AA7BB8BB42765F100216F420961F0D3749D92CB94

Function 009E990F Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009E98CC
SetTextColor.GDI32(?,?), ref: 009E98D6
SetBkMode.GDI32(?,00000001), ref: 009E98E9
GetStockObject.GDI32(00000005), ref: 009E98F1
GetWindowLongW.USER32(?,000000EB), ref: 009E9952

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: b2a75ea74ac63d8c409044e11df57e6b4a745acfe2ecf5cd22b86da7d2eacdaa
Instruction ID: ea79a59d1c4aefff381ceeec3a586b8a45530e929ad2ccb0cf952bc2cb8935e4
Opcode Fuzzy Hash: b2a75ea74ac63d8c409044e11df57e6b4a745acfe2ecf5cd22b86da7d2eacdaa
Instruction Fuzzy Hash: 302102321452A0ABCB238F66EC54AFA3B34EF27331F18015AF9828B1A2D7754D51CB91

Function 00A35711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00A35726
_memcmp.LIBVCRUNTIME ref: 00A35744
_memcmp.LIBVCRUNTIME ref: 00A35757
_memcmp.LIBVCRUNTIME ref: 00A3576F
_memcmp.LIBVCRUNTIME ref: 00A35787

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: e681e68ea5d01b843dda3191e56571fd2edae3c5290b0b06f5292524c7c85421
Instruction ID: 7ae4a7b5e7fc5a7ae188a0298b368c68a91a13b2db66b011343652b45a1a1e34
Opcode Fuzzy Hash: e681e68ea5d01b843dda3191e56571fd2edae3c5290b0b06f5292524c7c85421
Instruction Fuzzy Hash: D3017571A45609FFD6085629ED82FBB736DAF71394F414821FE04AA641F761ED10C3E1

Function 00A02DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,009FF2DE,00A03863,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6), ref: 00A02DFD
_free.LIBCMT ref: 00A02E32
_free.LIBCMT ref: 00A02E59
SetLastError.KERNEL32(00000000,009D1129), ref: 00A02E66
SetLastError.KERNEL32(00000000,009D1129), ref: 00A02E6F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: f18fb58a3acb42fa1a9669567cdd380f2ab83851374b0ddf5767f901c670965c
Instruction ID: 761f3a6024ed81f922ba7751775fb3172fc2b365975eca93d135cadb3bc88053
Opcode Fuzzy Hash: f18fb58a3acb42fa1a9669567cdd380f2ab83851374b0ddf5767f901c670965c
Instruction Fuzzy Hash: 8201F93628570867C6136775BD8DF2B2E7DABD53B17350525F455932D2EF648C024320

Function 00A3000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?,?,00A3035E), ref: 00A3002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?), ref: 00A30046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?), ref: 00A30054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?), ref: 00A30064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A2FF41,80070057,?,?), ref: 00A30070

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: b836452567621f4c4c189654adf9638b6dd173948953e14a9af449ff77caf421
Instruction ID: 9afb26e045e94014c91d30722930cba271809b5f7ffec9d2972e8e7a1afd589f
Opcode Fuzzy Hash: b836452567621f4c4c189654adf9638b6dd173948953e14a9af449ff77caf421
Instruction Fuzzy Hash: 7F018B72600218BFDB249FA8DC44FAA7ABDEB447A2F148124F945D7210E7B5DD418BA0

Function 00A3E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00A3E997
QueryPerformanceFrequency.KERNEL32(?), ref: 00A3E9A5
Sleep.KERNEL32(00000000), ref: 00A3E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00A3E9B7
Sleep.KERNEL32 ref: 00A3E9F3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: ecb50397ae0b9e0b5779de0ab75a23bbad606975a62d5283e81aa9a439ade7bf
Instruction ID: 4fbe35ba87ba64b0ead86bf19518d94d7fd34520ae3f9423fa486822db71b285
Opcode Fuzzy Hash: ecb50397ae0b9e0b5779de0ab75a23bbad606975a62d5283e81aa9a439ade7bf
Instruction Fuzzy Hash: C6011331C01629DBCF00EBE5DD59AEDFB78BB09712F000656E942B2281CB7096568BA2

Function 00A310F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A31114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A3112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A30B9B,?,?,?), ref: 00A31136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A3114D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 3c011d31792b7b12593de62f77c70824b921adf41ff7524d4970ba72a5109acf
Instruction ID: 6fdd09890407a8d9c6cd3286b5f1b8535f72082e5a0990b09dcd7f482be47c17
Opcode Fuzzy Hash: 3c011d31792b7b12593de62f77c70824b921adf41ff7524d4970ba72a5109acf
Instruction Fuzzy Hash: 4D011975200215BFDB128FA5DC49AAA3B7EEF8A3A4B204519FA85D7360DA71DC019A60

Function 00A30FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A30FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A30FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A30FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A30FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A31002

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: c0a486f4b33f3c4c36526f62a7ba38defc9470e5be0ec18622c23090dce7882b
Instruction ID: 84b84c83796e6baba29f486f4681b6ce907bac90a09190d4a1502789eb22c153
Opcode Fuzzy Hash: c0a486f4b33f3c4c36526f62a7ba38defc9470e5be0ec18622c23090dce7882b
Instruction Fuzzy Hash: 1CF04935200311BBDB218FA59C49F667BBDEF8A762F114424FA8AD6251CAB1DC418A60

Function 00A31014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A3102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A31036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A31045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A3104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A31062

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 9a0db3c8122079720217d3a3e9bcae39fce4da323b8c68a3b72b2238788da928
Instruction ID: 5a1a7d5dacfe5e3a1560773eb42716c750734227463172deec8f6e2929d2b136
Opcode Fuzzy Hash: 9a0db3c8122079720217d3a3e9bcae39fce4da323b8c68a3b72b2238788da928
Instruction Fuzzy Hash: 22F06D35200311FBDB229FE5EC59F663BBDEF8A761F510424FA85D7250CAB1D8418A60

Function 00A4030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A40324
CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A40331
CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A4033E
CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A4034B
CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A40358
CloseHandle.KERNEL32(?,?,?,?,00A4017D,?,00A432FC,?,00000001,00A12592,?), ref: 00A40365

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 45f8b5c40f7edf373bc9bfbee1540b9a50fe8e566d7942abf5da5ac972508a02
Instruction ID: 9fea43d52b859a2a842716afae50281987151d198ace0c649cead9e1f3d995c1
Opcode Fuzzy Hash: 45f8b5c40f7edf373bc9bfbee1540b9a50fe8e566d7942abf5da5ac972508a02
Instruction Fuzzy Hash: 2001A276800B159FC7309F66D890812FBF5BF903153158A3FD29656931C3B1B955DF80

Function 00A0D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A0D752

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

_free.LIBCMT ref: 00A0D764
_free.LIBCMT ref: 00A0D776
_free.LIBCMT ref: 00A0D788
_free.LIBCMT ref: 00A0D79A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6a7b215578059f3db213a9776fa2085bb430c524cef2579dcb7501615b957e3a
Instruction ID: db7e2f46f559eb183f504c1b959a3d252a912c729e6389dfdc1ae3651be7618b
Opcode Fuzzy Hash: 6a7b215578059f3db213a9776fa2085bb430c524cef2579dcb7501615b957e3a
Instruction Fuzzy Hash: 7AF0FF3364471CABC621EBA8FAC5D1677DDBB847607A40806F048E7581CB20FC8187A4

Function 00A35C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00A35C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00A35C6F
MessageBeep.USER32(00000000), ref: 00A35C87
KillTimer.USER32(?,0000040A), ref: 00A35CA3
EndDialog.USER32(?,00000001), ref: 00A35CBD

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: fbacf62b55c0b61796490ccf106a79d5cdfee5dc5804275d1e550345cc6df76c
Instruction ID: 4eb00f6e5be864ed76e33146f41629e915cc261f66fa3d642526114703cc16cc
Opcode Fuzzy Hash: fbacf62b55c0b61796490ccf106a79d5cdfee5dc5804275d1e550345cc6df76c
Instruction Fuzzy Hash: E9018634900B04ABEB259B64DD4EFA677B8BB00B05F04255AF583A14E1DBF4A985CA94

Function 00A022A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A022BE

Part of subcall function 00A029C8: HeapFree.KERNEL32(00000000,00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000), ref: 00A029DE
Part of subcall function 00A029C8: GetLastError.KERNEL32(00000000,?,00A0D7D1,00000000,00000000,00000000,00000000,?,00A0D7F8,00000000,00000007,00000000,?,00A0DBF5,00000000,00000000), ref: 00A029F0

_free.LIBCMT ref: 00A022D0
_free.LIBCMT ref: 00A022E3
_free.LIBCMT ref: 00A022F4
_free.LIBCMT ref: 00A02305

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 71508f466f42ee5468de4f4667e2717dea9e7e6e8f88bf35fa28787de7cd0876
Instruction ID: f59de7d79666d417a27387d9457aa2c351299edfe78abb187d894cadbaeddc94
Opcode Fuzzy Hash: 71508f466f42ee5468de4f4667e2717dea9e7e6e8f88bf35fa28787de7cd0876
Instruction Fuzzy Hash: ACF0177491072A9FCA12EFD8BD05E8C3AA4B75A7A0B50055BF410E22F1CB304813AFE4

Function 009E95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 009E95D4
StrokeAndFillPath.GDI32(?,?,00A271F7,00000000,?,?,?), ref: 009E95F0
SelectObject.GDI32(?,00000000), ref: 009E9603
DeleteObject.GDI32 ref: 009E9616
StrokePath.GDI32(?), ref: 009E9631

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: f5a5d82176a592d70236f067ec7f7bd6acba6e6f74fbc257990d861777d42e90
Instruction ID: 973f5c3fcc96f57e56dca7c7ea53fe3b509882a1cfbeaf6b867095864849122f
Opcode Fuzzy Hash: f5a5d82176a592d70236f067ec7f7bd6acba6e6f74fbc257990d861777d42e90
Instruction Fuzzy Hash: 70F0143000624AFBDB22DFAAED18B667B75BB06372F448215F8B5550F0DB748996DF20

Function 00A00F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00A010F9
__freea.LIBCMT ref: 00A01117

Part of subcall function 00A01537: _free.LIBCMT ref: 00A0154F

Strings

am/pm, xrefs: 00A0117A
a/p, xrefs: 00A011DE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 06ea11177eef33772c62e428537fbcac5e550c6d49ac112446b628eaec848798
Instruction ID: 9bc32628473afd361f0a75411f35b540d314812b93541a64640bff7f476a89c8
Opcode Fuzzy Hash: 06ea11177eef33772c62e428537fbcac5e550c6d49ac112446b628eaec848798
Instruction Fuzzy Hash: 5FD1E27190020EDBDB689F68E895BFAB7B5FF05300F284269E9419F6D0D3759D80CB92

Function 00A57B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 009F0242: EnterCriticalSection.KERNEL32(00AA070C,00AA1884,?,?,009E198B,00AA2518,?,?,?,009D12F9,00000000), ref: 009F024D
Part of subcall function 009F0242: LeaveCriticalSection.KERNEL32(00AA070C,?,009E198B,00AA2518,?,?,?,009D12F9,00000000), ref: 009F028A

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 009F00A3: __onexit.LIBCMT ref: 009F00A9

__Init_thread_footer.LIBCMT ref: 00A57BFB

Part of subcall function 009F01F8: EnterCriticalSection.KERNEL32(00AA070C,?,?,009E8747,00AA2514), ref: 009F0202
Part of subcall function 009F01F8: LeaveCriticalSection.KERNEL32(00AA070C,?,009E8747,00AA2514), ref: 009F0235

Strings

Variable must be of type 'Object'., xrefs: 00A57C3A
5, xrefs: 00A57C78
G, xrefs: 00A57C7F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 48b40288c8e42576d4e7d4031b435b89af326499f63aa0ba52a301e45c2254b1
Instruction ID: c92326216881258762e99ad116eb0f67c1d999ed63c157494007931fba88a7d7
Opcode Fuzzy Hash: 48b40288c8e42576d4e7d4031b435b89af326499f63aa0ba52a301e45c2254b1
Instruction Fuzzy Hash: 26918D75A04209AFCB04EF54E991EBDB7B1FF89301F108059FC46AB292DB71AE49CB51

Function 00A32716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A3B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A321D0,?,?,00000034,00000800,?,00000034), ref: 00A3B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A32760

Part of subcall function 00A3B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A321FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00A3B3F8

Part of subcall function 00A3B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00A3B355
Part of subcall function 00A3B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A32194,00000034,?,?,00001004,00000000,00000000), ref: 00A3B365
Part of subcall function 00A3B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A32194,00000034,?,?,00001004,00000000,00000000), ref: 00A3B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A327CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A3281A

Strings

@, xrefs: 00A32832

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: cc048fbb0bf3e7888322db15656806d92bc1df31c6453d78e11b74e8b3af351d
Instruction ID: 750a6a6fa76d18ffa97b50e44e8335ae101071359610753816e1fcade40e7c47
Opcode Fuzzy Hash: cc048fbb0bf3e7888322db15656806d92bc1df31c6453d78e11b74e8b3af351d
Instruction Fuzzy Hash: 2A410976900218BFDB10DFA4CD85BEEBBB8AF09700F108099FA55B7181DB706E45DBA1

Function 00A0172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00A01769
_free.LIBCMT ref: 00A01834
_free.LIBCMT ref: 00A0183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00A01760, 00A01767, 00A01796, 00A017CE

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 4e9cb3b247f575538e6827e24655a2bd1322a345ea6e24d1125f1d77340fa9c8
Instruction ID: 6b3585b97986f9eb375e1ab0ba35dd3bdfefa5fc156be7ff44ec3f7709c15fc9
Opcode Fuzzy Hash: 4e9cb3b247f575538e6827e24655a2bd1322a345ea6e24d1125f1d77340fa9c8
Instruction Fuzzy Hash: 63318C75A0021CABDB21DFD9A885EDEBBFCEB85350F104166F80497291D7B08E45CBA0

Function 00A3C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A3C306
DeleteMenu.USER32(?,00000007,00000000), ref: 00A3C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AA1990,00B95A68), ref: 00A3C395

Strings

0, xrefs: 00A3C2DF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: df527831e04e2251de5dd8d2f175a8fd2f5cf67703a4d38523eaf45458b1854f
Instruction ID: 7e6afaf14c16dc265bfbc5169b264bf0a4896b1a7b47f4b9c092b247b8ceacf9
Opcode Fuzzy Hash: df527831e04e2251de5dd8d2f175a8fd2f5cf67703a4d38523eaf45458b1854f
Instruction Fuzzy Hash: 92419F712043019FD720DF25DC85B6AFBE4AF85320F148A1EF9A6AB2D1D770E904CB62

Function 00A64416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A6CC08,00000000,?,?,?,?), ref: 00A644AA
GetWindowLongW.USER32 ref: 00A644C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A644D7

Strings

SysTreeView32, xrefs: 00A6447C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 852cf9d28f38f21597508121a0eedf1ff08470d6b0891b83ffab4f7fa59d5ef0
Instruction ID: ec8b96910a50e0f78ea6e1b2d039ba8384ce6d962f23e96c11d2fec770033daf
Opcode Fuzzy Hash: 852cf9d28f38f21597508121a0eedf1ff08470d6b0891b83ffab4f7fa59d5ef0
Instruction Fuzzy Hash: 04319A31210205AFDB218F78DC4ABEA7BB9EB49334F208715F976A21E0DB70AC519B50

Function 00A5304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A5335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A53077,?,?), ref: 00A53378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A5307A
_wcslen.LIBCMT ref: 00A5309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00A53106

Strings

255.255.255.255, xrefs: 00A53095, 00A5309A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 82cd0cdb58e4d8e6e37b1da4252b69d3c15e402916493b4953f1c7ef23c301d6
Instruction ID: 8f2b680a9feeec74210438e176e9fc5fd06b17ff73a5fa948c8f3390202c0c35
Opcode Fuzzy Hash: 82cd0cdb58e4d8e6e37b1da4252b69d3c15e402916493b4953f1c7ef23c301d6
Instruction Fuzzy Hash: EE31B2362002059FCF20DF68C585AAA77F0FF94399F248159E9158B392D771DE49C760

Function 00A63EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00A63F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A63F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A63F78

Strings

SysMonthCal32, xrefs: 00A63F0B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: de502411ffc89a15b3431d28257061ad6f65da04f97b7320a0354d6c7d668b33
Instruction ID: d73c12620644b1a3a8ec803635f56ad8be610f97a91e44b122701e82201924d8
Opcode Fuzzy Hash: de502411ffc89a15b3431d28257061ad6f65da04f97b7320a0354d6c7d668b33
Instruction Fuzzy Hash: 4A219C33610219BFDF25DF90CC46FEA3BB9EF48724F110214FA556B1D0D6B5A9518BA0

Function 00A64653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A64705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A64713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A6471A

Strings

msctls_updown32, xrefs: 00A64684

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: c2d1d3fac16eae7c644e3a8cc408e7b6c337637e697b2f17cf8e4807d9e95e2d
Instruction ID: 4c841ce64e15b1e86d2bbed20acd03fd533036fba52a59d69995832277c0851b
Opcode Fuzzy Hash: c2d1d3fac16eae7c644e3a8cc408e7b6c337637e697b2f17cf8e4807d9e95e2d
Instruction Fuzzy Hash: 55215EB5600209AFEB10DF64DC91DB737BDEB9A3A4B040159FA009B2A1DB70EC52CA60

Function 00A395AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A3961D

Strings

#notrayicon, xrefs: 00A395B7
#OnAutoItStartRegister, xrefs: 00A395F3
#requireadmin, xrefs: 00A395D9

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 33befb3a261c9083cf8a159d1202cd7417ffbaf2f63653dd39304233b1687ff4
Instruction ID: d4db7d155b20469fedbfcbb48db192240310862947fd8c14707641007db516bb
Opcode Fuzzy Hash: 33befb3a261c9083cf8a159d1202cd7417ffbaf2f63653dd39304233b1687ff4
Instruction Fuzzy Hash: F1212B722456116AD331BB249C13FB7B3E8AF91310F54842AF94A97181EBD1AD85C395

Function 00A637B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A63840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A63850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A63876

Strings

Listbox, xrefs: 00A6380F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 9717c783b234e6d0b8d0b96f6f3f8197699aab182edd2989fcaf3b695fbc48b9
Instruction ID: 230694e394830cf35f7965f0ca536ee4b133e6bff45201aab694e4101e9c9967
Opcode Fuzzy Hash: 9717c783b234e6d0b8d0b96f6f3f8197699aab182edd2989fcaf3b695fbc48b9
Instruction Fuzzy Hash: D3217F72610118BBEF11DF95DC85EBB377AEF89760F108114F9549B190CAB59C5287A0

Function 00A449F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A44A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A44A5C
SetErrorMode.KERNEL32(00000000,?,?,00A6CC08), ref: 00A44AD0

Strings

%lu, xrefs: 00A44A6F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 9f2d45208d4ff64582e5a873558f841d1a3de03b344a0f24d2320db6bb05a12e
Instruction ID: d2087729bd29fbb1da0b79491eeb6035407c35024351e5c9e669f16ebfc861b0
Opcode Fuzzy Hash: 9f2d45208d4ff64582e5a873558f841d1a3de03b344a0f24d2320db6bb05a12e
Instruction Fuzzy Hash: 0E316175A00108AFDB10DF64C985EAA77F8EF49318F1480A5F909DB352DB71ED46CB61

Function 00A641EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A6424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A64264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A64271

Strings

msctls_trackbar32, xrefs: 00A64226

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: fa662a90e6861331a75021c12c537b65c75cc4ebc4e6450df18cd86357cccbf1
Instruction ID: 3beb4ed57571f828942cc782f0b59bc53c7897ccdb15ec18a715316621109eaa
Opcode Fuzzy Hash: fa662a90e6861331a75021c12c537b65c75cc4ebc4e6450df18cd86357cccbf1
Instruction Fuzzy Hash: FF11E331240208BEEF209F79CC46FEB3BBCEF89B64F110614FA55E2090D2B1D8519B20

Function 00A32F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D6B57: _wcslen.LIBCMT ref: 009D6B6A

Part of subcall function 00A32DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A32DC5
Part of subcall function 00A32DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A32DD6
Part of subcall function 00A32DA7: GetCurrentThreadId.KERNEL32 ref: 00A32DDD
Part of subcall function 00A32DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A32DE4

GetFocus.USER32 ref: 00A32F78

Part of subcall function 00A32DEE: GetParent.USER32(00000000), ref: 00A32DF9

GetClassNameW.USER32(?,?,00000100), ref: 00A32FC3
EnumChildWindows.USER32(?,00A3303B), ref: 00A32FEB

Strings

%s%d, xrefs: 00A32FFF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 455a5e485815e8c66275ecc30e2ce9b89c588e225be88f035af57b1097610af6
Instruction ID: 8314c3cd45090d30aac711fe57bc168df27c865c2eb5a1a41a1e089a36023803
Opcode Fuzzy Hash: 455a5e485815e8c66275ecc30e2ce9b89c588e225be88f035af57b1097610af6
Instruction Fuzzy Hash: 2311D2756042056BCF05BFB0DC85FED376AAF94314F048076F9099B252DE709A058B70

Function 00A65882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A658C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A658EE
DrawMenuBar.USER32(?), ref: 00A658FD

Strings

0, xrefs: 00A6588F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: e35d85df6951cc2cfed6a322e9dd29f847a64089ff6cd338cadfc7cccc623f05
Instruction ID: f9257e0ee8b133a06b71968fce010b1656bc925e184bc936fcc689f42ca42446
Opcode Fuzzy Hash: e35d85df6951cc2cfed6a322e9dd29f847a64089ff6cd338cadfc7cccc623f05
Instruction Fuzzy Hash: DA016D32900258EFDB219F61DC44BAEBBB5FB45360F10809AE889D6151DB709A84DF31

Function 00A2D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A2D3BF
FreeLibrary.KERNEL32 ref: 00A2D3E5

Strings

GetSystemWow64DirectoryW, xrefs: 00A2D3B9
X64, xrefs: 00A2D2A8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: b0e91c1cc3ac3db0a04337ab37c06ae11b4f8925810d63a1634854d4db9d836e
Instruction ID: a0386c72ac57d5a32e3a6363de4def436df942a9044320dde049eacd5ba2ae56
Opcode Fuzzy Hash: b0e91c1cc3ac3db0a04337ab37c06ae11b4f8925810d63a1634854d4db9d836e
Instruction Fuzzy Hash: 40F05531902630EBDB329318AC14AF93330AF01B01B688A36E842EA107E760CC408392

Function 00A3007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c74bd87b775c16c686e181dfdb8401f719248863c0da4243a780096629e325
Instruction ID: 48e8c10f08dd4d815d2933ccc2bc59c2422c8aeed890dfc5b1ecf045c59600dd
Opcode Fuzzy Hash: b2c74bd87b775c16c686e181dfdb8401f719248863c0da4243a780096629e325
Instruction Fuzzy Hash: 65C13975A0021AAFDB14CFA8C8A8EAEB7B5FF48704F218598F505EB251D731ED41DB90

Function 00A03E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A03F0B
__alldvrm.LIBCMT ref: 00A0410C
__alldvrm.LIBCMT ref: 00A0412E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: 3ac605ddbc8e9ef1cebeb982c229e134d9e146ab2d2436f7641f3c1f1a07b316
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: EAA148B2D0038A9FEB15CF18E8917AEBBF4FF69350F14426DE6859B2C1C2389981C750

Function 00A5342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A53459
CoUninitialize.OLE32 ref: 00A53463
VariantInit.OLEAUT32(?), ref: 00A5346E
VariantClear.OLEAUT32(?), ref: 00A5371B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: d84ae8dd5035b84501a48d2cbf11a1a9be03b4b48747bfcce9f10c6187dceb35
Instruction ID: 59f76a4e1ea2d4e8d1ca9e12be145de200626743440899658c1b170febb6c82e
Opcode Fuzzy Hash: d84ae8dd5035b84501a48d2cbf11a1a9be03b4b48747bfcce9f10c6187dceb35
Instruction Fuzzy Hash: 4FA13B766042009FCB10DF68C585A2AB7E5FF88755F04895DFD8A9B362EB30EE05CB52

Function 00A30436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A6FC08,?), ref: 00A305F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A6FC08,?), ref: 00A30608
CLSIDFromProgID.OLE32(?,?,00000000,00A6CC40,000000FF,?,00000000,00000800,00000000,?,00A6FC08,?), ref: 00A3062D
_memcmp.LIBVCRUNTIME ref: 00A3064E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: dc869cf0d6fbea9536285c943425cf8212a8bbb0c9be1c4e0a8879aa4e59aa8b
Instruction ID: abb3562c0a7d638723fbf48a6b886848e4aff450a5e7dab794f24a4330b98e95
Opcode Fuzzy Hash: dc869cf0d6fbea9536285c943425cf8212a8bbb0c9be1c4e0a8879aa4e59aa8b
Instruction Fuzzy Hash: 26810B71A00109EFCB04DF94C994EEEB7B9FF89315F208599F516AB250DB71AE06CB60

Function 00A11391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A114C0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: a7ec053bc3b4a7cd3b1b44dfcb0e498079b33520a1428efc8ba23efa829d4a88
Instruction ID: e6b222098b2569673ad6f9235cbedef1723a3a148c369b02665ada24e3a6dc9c
Opcode Fuzzy Hash: a7ec053bc3b4a7cd3b1b44dfcb0e498079b33520a1428efc8ba23efa829d4a88
Instruction Fuzzy Hash: 3C416C71A00118ABDB216FF99C457FE3AB5EF81770F144225F729D61D2E63488C15362

Function 00A66278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A662E2
ScreenToClient.USER32(?,?), ref: 00A66315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A66382

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 6d54b783b75bccbeb1ab54d9f47326b1021e2b41493da42f05701adbeec786a0
Instruction ID: c2de407c8efe00a914c8acc85289b718840abba2f9a52e418c59ec9088cd83ca
Opcode Fuzzy Hash: 6d54b783b75bccbeb1ab54d9f47326b1021e2b41493da42f05701adbeec786a0
Instruction Fuzzy Hash: 8051FA74A00209AFDF10DF68D981AAE7BB5EB45364F10815AF9659B390D770ED81CB50

Function 00A51AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00A51AFD
WSAGetLastError.WSOCK32 ref: 00A51B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A51B8A
WSAGetLastError.WSOCK32 ref: 00A51B94

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: af44ebc4450d8f74ffebd248cf38a542c00f3ee7b3d02b9c2ecf9415583e9fb5
Instruction ID: 20f6b4052eed8ef24508a32abfda883b19eb9fc9a3e70a949b683a654a4cc6f0
Opcode Fuzzy Hash: af44ebc4450d8f74ffebd248cf38a542c00f3ee7b3d02b9c2ecf9415583e9fb5
Instruction Fuzzy Hash: CE419F74640200AFE721AF24C886F3977E5AB84718F54C449F95A9F3D2E7B2DD42CB90

Function 00A0B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5260cef36a5e15e1f0288146c51e567e28ef0524810c25230c79e3467cc47937
Instruction ID: 998b5f8abe1053dac5a60ee50ead19c68668dbdb6832bd4fa0397a351e437d4d
Opcode Fuzzy Hash: 5260cef36a5e15e1f0288146c51e567e28ef0524810c25230c79e3467cc47937
Instruction Fuzzy Hash: 32412B71A10308BFD7249F78DD41BAEBBE9EF88710F10856AF151DB6C1D372AA418790

Function 00A456D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A45783
GetLastError.KERNEL32(?,00000000), ref: 00A457A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A457CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A457FA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: f98148fb15c7abb1dc00dd26b392817eb192b3b49617c20ef3bd4419f02faf62
Instruction ID: 55d7e00e3dfebcb0a0458b552dda5bb787422b75da0f22c949f2ccbbc60d637b
Opcode Fuzzy Hash: f98148fb15c7abb1dc00dd26b392817eb192b3b49617c20ef3bd4419f02faf62
Instruction Fuzzy Hash: 2B411B39600611DFCB11EF65C544A59BBE1EF89720B19C889FC4AAB362DB30FD01CB91

Function 00A0D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,009F6D71,00000000,00000000,009F82D9,?,009F82D9,?,00000001,009F6D71,8BE85006,00000001,009F82D9,009F82D9), ref: 00A0D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A0D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A0D9AB
__freea.LIBCMT ref: 00A0D9B4

Part of subcall function 00A03820: RtlAllocateHeap.NTDLL(00000000,?,00AA1444,?,009EFDF5,?,?,009DA976,00000010,00AA1440,009D13FC,?,009D13C6,?,009D1129), ref: 00A03852

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: b8f1ee8690d22fae0b8b0b5d10ef5a4eabfacd68d837ad32857f6dbbf506ea7d
Instruction ID: 4149306fbc76450a229bc861751af6bc3a7c8bb52c4054acb72467e2ff152cad
Opcode Fuzzy Hash: b8f1ee8690d22fae0b8b0b5d10ef5a4eabfacd68d837ad32857f6dbbf506ea7d
Instruction Fuzzy Hash: 9031D072A0020AABDF24CFA4EC81EBE7BA5EB41760F054268FC04D7290EB35CD50CB90

Function 00A652C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00A65352
GetWindowLongW.USER32(?,000000F0), ref: 00A65375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A65382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A653A8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: 1ed015d56f878461bbc8b7cd00a58bebd03f16d5136c64630c00f82c80ac2f70
Instruction ID: 92e8dccf6eb5ec834634de34306a114c36443fd6562b936a40847c3f2d719537
Opcode Fuzzy Hash: 1ed015d56f878461bbc8b7cd00a58bebd03f16d5136c64630c00f82c80ac2f70
Instruction Fuzzy Hash: D031BE34E55A08AFEB349F74CC26BE93775AB05B90F584102FA519E3E1C7B49980AB42

Function 00A3AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00A3ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00A3AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00A3AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00A3ACC6

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 3fdcc5b95a3af59c24054c3cb3c5d72d9c295ba6db3df6e5709a36988e349003
Instruction ID: a05e95a3f6f7b1a988d1b665a743649398c5b8a602e82c793d31df6f6a282530
Opcode Fuzzy Hash: 3fdcc5b95a3af59c24054c3cb3c5d72d9c295ba6db3df6e5709a36988e349003
Instruction Fuzzy Hash: 03311430A043286FEB25CBE5CC097FA7BB5ABA9320F08621AF4C5921D1C3758D818752

Function 00A67674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00A6769A
GetWindowRect.USER32(?,?), ref: 00A67710
PtInRect.USER32(?,?,00A68B89), ref: 00A67720
MessageBeep.USER32(00000000), ref: 00A6778C

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: d120d8fe919416be5f508d479c696263a05748fd2017c9bd8aba89e870f7e35f
Instruction ID: 5eb82d9c59df4151c72d63a63de3dea87bb153b52468c8814e54fc27f5b41001
Opcode Fuzzy Hash: d120d8fe919416be5f508d479c696263a05748fd2017c9bd8aba89e870f7e35f
Instruction Fuzzy Hash: 2D419D38A15215EFDB01CFA8C894EADB7F5FF49318F1580A9E9159B2A1D730E942CF90

Function 00A616DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00A616EB

Part of subcall function 00A33A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A33A57
Part of subcall function 00A33A3D: GetCurrentThreadId.KERNEL32 ref: 00A33A5E
Part of subcall function 00A33A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A325B3), ref: 00A33A65

GetCaretPos.USER32(?), ref: 00A616FF
ClientToScreen.USER32(00000000,?), ref: 00A6174C
GetForegroundWindow.USER32 ref: 00A61752

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 87a8c01bd0b9f9ed7e5296a898b437c2782a4b6e37b9dbc5a8720bf356c0e698
Instruction ID: 6e6fcfc1226160697d420615a30698fba710d76c3d3ae76463804aed32c61bc6
Opcode Fuzzy Hash: 87a8c01bd0b9f9ed7e5296a898b437c2782a4b6e37b9dbc5a8720bf356c0e698
Instruction Fuzzy Hash: 42314F75D00149AFCB00EFA9C881DAEBBF9EF88304B5480AAE455E7351E7319E45CFA0

Function 00A3DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 009D7620: _wcslen.LIBCMT ref: 009D7625

_wcslen.LIBCMT ref: 00A3DFCB
_wcslen.LIBCMT ref: 00A3DFE2
_wcslen.LIBCMT ref: 00A3E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A3E018

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 27fb5da8d001d3a153fc40b732a5175fa6b7e10638f38c123f1050ca04b899f9
Instruction ID: 67db83536e7924208601ef8263b1e5489bd268a838fa982d005edd61be9bb8eb
Opcode Fuzzy Hash: 27fb5da8d001d3a153fc40b732a5175fa6b7e10638f38c123f1050ca04b899f9
Instruction Fuzzy Hash: B8218371940214EFCB11DFA8D981B7EB7F8EF85750F148065F905BB285D6709E41CBA1

Function 00A3D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A3D501
Process32FirstW.KERNEL32(00000000,?), ref: 00A3D50F
Process32NextW.KERNEL32(00000000,?), ref: 00A3D52F
CloseHandle.KERNEL32(00000000), ref: 00A3D5DC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 4724fafe5134fb67b38d8da24d76b5e4b29425a5c9abb745619846581ec42f3a
Instruction ID: cd97a5a687107ead4cd560eaacb861f4442406b503897ede17c6bfa404268989
Opcode Fuzzy Hash: 4724fafe5134fb67b38d8da24d76b5e4b29425a5c9abb745619846581ec42f3a
Instruction Fuzzy Hash: C0318F711083009FD301EF54D881BAFBBF8EFD9354F14492EF585862A1EB719949CB92

Function 00A68FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

GetCursorPos.USER32(?), ref: 00A69001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A27711,?,?,?,?,?), ref: 00A69016
GetCursorPos.USER32(?), ref: 00A6905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A27711,?,?,?), ref: 00A69094

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 143e6f6929bc7c19de30d3cec5a50baf3e13ddf55c0dcb36a4de250d2cea7cbf
Instruction ID: ef2f37800dddb01d6f19a916b9862e06677d174ba2e64c637ffcf9e2ab5968db
Opcode Fuzzy Hash: 143e6f6929bc7c19de30d3cec5a50baf3e13ddf55c0dcb36a4de250d2cea7cbf
Instruction Fuzzy Hash: D4217C35601018AFCB26CF94CC58EFB7BB9EB8A360F154059F905472A1C3759951DB61

Function 00A3D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00A6CB68), ref: 00A3D2FB
GetLastError.KERNEL32 ref: 00A3D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A3D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A6CB68), ref: 00A3D376

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: e8adbd44fc555ef8a7a1ace963318617218b49b48e38125a4de012242ba50468
Instruction ID: 086a7678de4ededa2111d47e6b4c075e4ff0f33a18539e535e4a37f2e6b6b165
Opcode Fuzzy Hash: e8adbd44fc555ef8a7a1ace963318617218b49b48e38125a4de012242ba50468
Instruction Fuzzy Hash: 50219170549201DFC300EF64E8815AAB7E4EF96724F104A1EF499DB2A1E731DD4ACB93

Function 00A31571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A31014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A3102A
Part of subcall function 00A31014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A31036
Part of subcall function 00A31014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A31045
Part of subcall function 00A31014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A3104C
Part of subcall function 00A31014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A31062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00A315BE
_memcmp.LIBVCRUNTIME ref: 00A315E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A31617
HeapFree.KERNEL32(00000000), ref: 00A3161E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 4c1caba71617d620121926865b40fc6e4d3ac3b977cc5074c7d4a0f47c5e7e7a
Instruction ID: a20ce809abea1bf9fe0cf3104836bbc8c807ee5c51782c39607c5205f09f8aae
Opcode Fuzzy Hash: 4c1caba71617d620121926865b40fc6e4d3ac3b977cc5074c7d4a0f47c5e7e7a
Instruction Fuzzy Hash: 6821AC31E00209EFDF00DFE5C945BEEB7B8EF84354F098469E441AB241E770AA05CBA0

Function 00A62782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00A6280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A62824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A62832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A62840

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: c206e23191c0506856460e53bb9f3e5a7a31a19106621eb8c56f1777f6f1414f
Instruction ID: 5e6ffe376d3136b11937a644a96d283337bec78693ca5a1c78c94a2b764005e0
Opcode Fuzzy Hash: c206e23191c0506856460e53bb9f3e5a7a31a19106621eb8c56f1777f6f1414f
Instruction Fuzzy Hash: 5F21CF31205911AFD714DB24CC44FAA7BB5AF95324F148159F4668B6E2CBB1FC82CBD0

Function 00A378F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A38D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A3790A,?,000000FF,?,00A38754,00000000,?,0000001C,?,?), ref: 00A38D8C
Part of subcall function 00A38D7D: lstrcpyW.KERNEL32(00000000,?,?,00A3790A,?,000000FF,?,00A38754,00000000,?,0000001C,?,?,00000000), ref: 00A38DB2
Part of subcall function 00A38D7D: lstrcmpiW.KERNEL32(00000000,?,00A3790A,?,000000FF,?,00A38754,00000000,?,0000001C,?,?), ref: 00A38DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A38754,00000000,?,0000001C,?,?,00000000), ref: 00A37923
lstrcpyW.KERNEL32(00000000,?,?,00A38754,00000000,?,0000001C,?,?,00000000), ref: 00A37949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00A38754,00000000,?,0000001C,?,?,00000000), ref: 00A37984

Strings

cdecl, xrefs: 00A3797B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 41c9742d29a7b7c172a90f364af78e0ed62729c24cba3834da1c4af7577bc1d8
Instruction ID: 3b8a8b5004db49981fa02318f61f0ee52a267b49674b9e31a729876b46456b96
Opcode Fuzzy Hash: 41c9742d29a7b7c172a90f364af78e0ed62729c24cba3834da1c4af7577bc1d8
Instruction Fuzzy Hash: 5711D67A200341ABCB259F35D845E7A77A5FF85390F50412AF946C7264EB719811C751

Function 00A67CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00A67D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A67D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A67D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00A4B7AD,00000000), ref: 00A67D6B

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: b6e297519dff3787c646b633c4d89c3bc2d4594994379cd65663292de2afdd6a
Instruction ID: fb289705ebe18fc89ee625c44574d2dc2c41242d12a95bfa16b2b652ef439728
Opcode Fuzzy Hash: b6e297519dff3787c646b633c4d89c3bc2d4594994379cd65663292de2afdd6a
Instruction Fuzzy Hash: 99118C35624615AFCB119F68CC04ABA3BB5AF46374F158B24F839C72F0E7309951CB50

Function 00A65660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00A656BB
_wcslen.LIBCMT ref: 00A656CD
_wcslen.LIBCMT ref: 00A656D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A65816

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 2eab0a0734cee9c89fd6a4683ad23033f2f107fe70f85e5427d90be6b77e7e90
Instruction ID: c71925ee15c9c2f199247e907e41ae628876a5105141789a878b9f1736bc455e
Opcode Fuzzy Hash: 2eab0a0734cee9c89fd6a4683ad23033f2f107fe70f85e5427d90be6b77e7e90
Instruction Fuzzy Hash: 3C11B176E00609A6DB20DFB1CC85AFE77BCAF11764F10806AF915D6081EBB48A80CB60

Function 00A01D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f843a7166f297121f687e1a0fe476ef065dfc5b3f1e9c14819df5e225c1f874d
Instruction ID: b26f0f20ac43b080ffb6bc8ec006f7feb383ca52a008275941dd16b516d02d74
Opcode Fuzzy Hash: f843a7166f297121f687e1a0fe476ef065dfc5b3f1e9c14819df5e225c1f874d
Instruction Fuzzy Hash: 3B0181B220961E7EF62127B87CC5FB7666DEF867B8F340325F521A11D2EB608C015170

Function 00A31A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00A31A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A31A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A31A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A31A8A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 7bd944243e3a815eb5c439b6fa349a08ba08a1bde4ca542f593945f4f5e481dc
Instruction ID: c12506bcfc6dac0d3f73a28e1c62981373a6ad290dd161d9c3a046959dfd5347
Opcode Fuzzy Hash: 7bd944243e3a815eb5c439b6fa349a08ba08a1bde4ca542f593945f4f5e481dc
Instruction Fuzzy Hash: 2111093AD01219FFEB11DBA5CD85FADBB78EB08750F200091EA04B7290D6716E51DB94

Function 00A3E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A3E1FD
MessageBoxW.USER32(?,?,?,?), ref: 00A3E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A3E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A3E24D

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 137a49846e2fdc9a69da150f71a548b736371267a3a362025ea8496933d580a3
Instruction ID: 86733291641c13381ba754778044c1002821fac90bfb8ac3971513500046345d
Opcode Fuzzy Hash: 137a49846e2fdc9a69da150f71a548b736371267a3a362025ea8496933d580a3
Instruction Fuzzy Hash: D1110472904259BBCB01DFE8AC09AEF7FBCAB46320F004215F924E72D0D3B1990187B0

Function 009FD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,009FCFF9,00000000,00000004,00000000), ref: 009FD218
GetLastError.KERNEL32 ref: 009FD224
__dosmaperr.LIBCMT ref: 009FD22B
ResumeThread.KERNEL32(00000000), ref: 009FD249

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 035afab76809675c1fb2075128d36415cef4cf515baeb8ead928683d483e941c
Instruction ID: eb11e9f5a7337de8a80b36d65f623ff2107f744096c27a42b3f3a17dc9a5eb69
Opcode Fuzzy Hash: 035afab76809675c1fb2075128d36415cef4cf515baeb8ead928683d483e941c
Instruction Fuzzy Hash: D001807690620CBBDB116BA5DC09BFA7A6EDF82731F204219FA35961D0DBB18901C7A0

Function 00A69EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 009E9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 009E9BB2

GetClientRect.USER32(?,?), ref: 00A69F31
GetCursorPos.USER32(?), ref: 00A69F3B
ScreenToClient.USER32(?,?), ref: 00A69F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00A69F7A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 1bc2e0171b8034479a03ffcfa6b6101ba42ac4ebd3a0782af9e65466ebb0d75a
Instruction ID: db542b5aa6ff69060be63a0c53910c04ea4a40dbabaf3ceb8501c72a76b48512
Opcode Fuzzy Hash: 1bc2e0171b8034479a03ffcfa6b6101ba42ac4ebd3a0782af9e65466ebb0d75a
Instruction Fuzzy Hash: BD11453690011AABDB00DFA8C9899FF77BCFB45321F014455F912E3140D770BA82CBA1

Function 009D600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009D604C
GetStockObject.GDI32(00000011), ref: 009D6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 009D606A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 63e480c1cbe82bf163747f205680c34e107f3cdeb0c4d7b165f3cfe32c6b08ca
Instruction ID: a6b867e7b8a1043960ca5d53db551db8452b1a87c2366ac39728654bb755a2bb
Opcode Fuzzy Hash: 63e480c1cbe82bf163747f205680c34e107f3cdeb0c4d7b165f3cfe32c6b08ca
Instruction Fuzzy Hash: 9011AD72101509BFEF129FA5CC44EEABB7DEF093A4F004202FA1452210D776DC60DBA0

Function 009F3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 009F3B56

Part of subcall function 009F3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 009F3AD2
Part of subcall function 009F3AA3: ___AdjustPointer.LIBCMT ref: 009F3AED

_UnwindNestedFrames.LIBCMT ref: 009F3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 009F3B7C
CallCatchBlock.LIBVCRUNTIME ref: 009F3BA4

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: a2b2e03f685ca497a8dafdf34a58cd3ded066ecdea28631886ca59a948d91095
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: BD01D73210014DBBDF125E95CC46EFB7B6DEF98754F048015FE5866121C636E9619BA0

Function 00A03073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,009D13C6,00000000,00000000,?,00A0301A,009D13C6,00000000,00000000,00000000,?,00A0328B,00000006,FlsSetValue), ref: 00A030A5
GetLastError.KERNEL32(?,00A0301A,009D13C6,00000000,00000000,00000000,?,00A0328B,00000006,FlsSetValue,00A72290,FlsSetValue,00000000,00000364,?,00A02E46), ref: 00A030B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A0301A,009D13C6,00000000,00000000,00000000,?,00A0328B,00000006,FlsSetValue,00A72290,FlsSetValue,00000000), ref: 00A030BF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 9fb0def5753d044684b173dfbc220d149790ffcb988fa2e1ad6fb5fc1a9621d4
Instruction ID: 4a17a0fd395e22688519b55dc445ac872dcfeeabea69530f4d3174c09946f2da
Opcode Fuzzy Hash: 9fb0def5753d044684b173dfbc220d149790ffcb988fa2e1ad6fb5fc1a9621d4
Instruction Fuzzy Hash: FB01843371222AABCF218FB9BC549677BACAF45B71B114621F946E71C0D721D902C6E0

Function 00A37464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00A3747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00A37497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00A374AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00A374CA

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 34cd750b2c1b3e8b658bfebf8cdd50c2d009159931f366f61000d0e5cfa417c3
Instruction ID: a38f8a6bf61bf3acfa3d979f73626593478ebd28afba1d5d57b5e9e4b80d7892
Opcode Fuzzy Hash: 34cd750b2c1b3e8b658bfebf8cdd50c2d009159931f366f61000d0e5cfa417c3
Instruction Fuzzy Hash: 39113CB52053159BE730CF54EC09BA67BF8EB00B14F10856AB656D6551D7B0F904DB50

Function 00A3B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A3ACD3,?,00008000), ref: 00A3B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A3ACD3,?,00008000), ref: 00A3B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A3ACD3,?,00008000), ref: 00A3B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A3ACD3,?,00008000), ref: 00A3B126

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 139e591431c21bb67de5aeaea938706fd3747bd1e2bddb3e18dd6ec6e17735eb
Instruction ID: c03d74216cb271abe253a71008f602c89084622db72d9636d767a099fb6127df
Opcode Fuzzy Hash: 139e591431c21bb67de5aeaea938706fd3747bd1e2bddb3e18dd6ec6e17735eb
Instruction Fuzzy Hash: FA11AD30C1062CE7CF04EFE4E9586FEBB78FF0A320F104286EA81B6185CB7086518B61

Function 00A67E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A67E33
ScreenToClient.USER32(?,?), ref: 00A67E4B
ScreenToClient.USER32(?,?), ref: 00A67E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A67E8A

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 112114044498d560fbdeb7bce57b0722a65d011cbbfab514e7f3cb97a0a08530
Instruction ID: 7b1efcf77c42d618771cf24cdb807bf01da4108927ca37551745942bcf112ba7
Opcode Fuzzy Hash: 112114044498d560fbdeb7bce57b0722a65d011cbbfab514e7f3cb97a0a08530
Instruction Fuzzy Hash: A81153B9D0024AAFDB41CF98C884AEEBBF9FF08310F509066E955E3210D775AA55CF90

Function 00A32DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A32DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A32DD6
GetCurrentThreadId.KERNEL32 ref: 00A32DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A32DE4

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: d788d738c27019db6276807e7625f6614360103cf04851593b5ac28d1b3ca422
Instruction ID: 0559fc94082277a2c8550b8715e60d35208c5880a535c3c41adcfe68a786809c
Opcode Fuzzy Hash: d788d738c27019db6276807e7625f6614360103cf04851593b5ac28d1b3ca422
Instruction Fuzzy Hash: 0EE0ED755012247ADB206BA2DC0DFFB7E7DEF56BB1F401115F506D10909AE58942C6B1

Function 00A68863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 009E9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 009E9693
Part of subcall function 009E9639: SelectObject.GDI32(?,00000000), ref: 009E96A2
Part of subcall function 009E9639: BeginPath.GDI32(?), ref: 009E96B9
Part of subcall function 009E9639: SelectObject.GDI32(?,00000000), ref: 009E96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A68887
LineTo.GDI32(?,?,?), ref: 00A68894
EndPath.GDI32(?), ref: 00A688A4
StrokePath.GDI32(?), ref: 00A688B2

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: ff3156d397d52ba028d02a17f23d22e6f539603d77dfd4adedbc827e903b5ad2
Instruction ID: 9019737479aea4726edd8a8f3d0357aa2c0590c9127dea13c0ff6959b61854cb
Opcode Fuzzy Hash: ff3156d397d52ba028d02a17f23d22e6f539603d77dfd4adedbc827e903b5ad2
Instruction Fuzzy Hash: 7AF05E36041259FADB12AFD4AC09FDE3F69AF0A360F448100FA61650E2C7B95512CFE5

Function 009E98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 009E98CC
SetTextColor.GDI32(?,?), ref: 009E98D6
SetBkMode.GDI32(?,00000001), ref: 009E98E9
GetStockObject.GDI32(00000005), ref: 009E98F1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: d6c2bc03668eabe98f4b75b4f48ddc44e4886559cffaf7441b6b25618585860e
Instruction ID: f298daf711e6f86ca52a8ce81d3d0536745254424416d4940e5ebdc3e0dae734
Opcode Fuzzy Hash: d6c2bc03668eabe98f4b75b4f48ddc44e4886559cffaf7441b6b25618585860e
Instruction Fuzzy Hash: 24E06531244280AADB219BB8BC09BED3F21AB12335F048329F6FA540E1C3B146519B11

Function 00A3162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00A31634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00A311D9), ref: 00A3163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00A311D9), ref: 00A31648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00A311D9), ref: 00A3164F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 40e6bfc75fa1b88998a11f533698d46c27fd16cb5d915da82174e7507159bfbe
Instruction ID: 871e434c7c952b6fe5c906c27333acee20f7dd9e9db7bb520125a5674d9a356f
Opcode Fuzzy Hash: 40e6bfc75fa1b88998a11f533698d46c27fd16cb5d915da82174e7507159bfbe
Instruction Fuzzy Hash: 38E08631601211EBD7206FF19D0DBA63B7CAF447A5F154808F685C9080D7B44542C750

Function 00A2D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A2D858
GetDC.USER32(00000000), ref: 00A2D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A2D882
ReleaseDC.USER32(?), ref: 00A2D8A3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 02c278a0818b1de75d2e6eb10f236c2810aa57a1b5e3fb1ded88082c6ba41e2f
Instruction ID: dea3778b49779028b767ea5de8c3955c0d63ff36f80e8ceaff6bf9b4048607e3
Opcode Fuzzy Hash: 02c278a0818b1de75d2e6eb10f236c2810aa57a1b5e3fb1ded88082c6ba41e2f
Instruction Fuzzy Hash: D2E01AB9800245DFCB41DFE4D80867DBBB1FB08321F14A419E88AE7250C7B85902AF44

Function 00A2D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A2D86C
GetDC.USER32(00000000), ref: 00A2D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A2D882
ReleaseDC.USER32(?), ref: 00A2D8A3

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: af5e0dc5aaab9e4e19bdf87f47336924775ee502322ee7d2df723182f9dbacbd
Instruction ID: a052c6f3512ae1e5140a606745be6f4011502c69d6a5f4a5ab09236c95b3a48e
Opcode Fuzzy Hash: af5e0dc5aaab9e4e19bdf87f47336924775ee502322ee7d2df723182f9dbacbd
Instruction Fuzzy Hash: 17E012B8800240EFCB41EFE0D80866DBBB1FB08321B14A409E98AE7250CBB85902AF44

Function 00A44D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 009D7620: _wcslen.LIBCMT ref: 009D7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A44ED4

Strings

LPT, xrefs: 00A44DFB
*, xrefs: 00A44E10

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 872daad62c35ec227add00e8efae32ce8196cb070162ce20c091da95648be4e0
Instruction ID: cd698dfb285d0b84575660ea7a53f89efffe168696b1cd0c80a3850528e6bf29
Opcode Fuzzy Hash: 872daad62c35ec227add00e8efae32ce8196cb070162ce20c091da95648be4e0
Instruction Fuzzy Hash: 37916079A002049FDB14DF58C485FAABBF1BF88704F198099E80A9F362D771ED85CB91

Function 009FE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 009FE30D

Strings

pow, xrefs: 009FE2E5, 009FE302

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 4f3205065c7c555d96837ef2fe6f387aa032d1c97043aaea1abbff4a0940b6a6
Instruction ID: 26f0d456032491e3bfe42d39eba8c45e5790fae8b489e302ee97774222a2052c
Opcode Fuzzy Hash: 4f3205065c7c555d96837ef2fe6f387aa032d1c97043aaea1abbff4a0940b6a6
Instruction Fuzzy Hash: 37517D71E0D20E96CB15BB14ED453BD3BA8EB40740F308DA8E1D5822F9EB349CD29B46

Function 009EE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 009EE1B1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 9aae62413e0e90db5d081636eb8b323392981648936d2c313b49b2c4bf669ba2
Instruction ID: b93825f2f733911597a367495a0f6dd5b77f42cc587cc0f0ae85868780c94143
Opcode Fuzzy Hash: 9aae62413e0e90db5d081636eb8b323392981648936d2c313b49b2c4bf669ba2
Instruction Fuzzy Hash: 5B514535600296DFDF16DF68D0816FA7BA8EF55310F248069EDA19B3C0D7349D82CBA0

Function 009EF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 009EF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 009EF2BB

Strings

@, xrefs: 009EF2AF

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 7d4bba96a19dbc8e706bc75084cb0a6ddf8ca952af277435c5dea5a567b841f7
Instruction ID: afe3e17b399ee72356278b4c25dbb5214741f3df90aee920c51f242fae98e609
Opcode Fuzzy Hash: 7d4bba96a19dbc8e706bc75084cb0a6ddf8ca952af277435c5dea5a567b841f7
Instruction Fuzzy Hash: 1A5138714087459BD320EF54DC86BABBBF8FBC4300F81885EF1D991295EB708529CB66

Function 00A55745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00A557E0
_wcslen.LIBCMT ref: 00A557EC

Strings

CALLARGARRAY, xrefs: 00A557E6, 00A557EB

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: fc0ae4222d8156228fe83afa2c6fb017d1013454a013d2694613b4be2a21e8a0
Instruction ID: 760f6769cb3c5989ccac0247ef85dfd7f02d1d4c243ce9840cac43688cd6cd8f
Opcode Fuzzy Hash: fc0ae4222d8156228fe83afa2c6fb017d1013454a013d2694613b4be2a21e8a0
Instruction Fuzzy Hash: 4241B031E002099FCB04DFB9C8919BEBBB5FF99321F10802AF805A7251E7719D85DBA0

Function 00A4D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A4D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A4D13A

Strings

|, xrefs: 00A4D10B

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: c0072d59fc88e555842e1bd08651e44a66a3e0f50535a908a840c5367445d83a
Instruction ID: 90fef041bb290195c17b03d923e4fd676e6bdeafa50f62654649712efe3d44f9
Opcode Fuzzy Hash: c0072d59fc88e555842e1bd08651e44a66a3e0f50535a908a840c5367445d83a
Instruction Fuzzy Hash: 05313B75D00209ABCF15EFA4CC85AEEBFB9FF45300F10411AF915A6262E731AA56DB60

Function 00A6356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00A63621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A6365C

Strings

static, xrefs: 00A635BC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 64b3f02ede5d6d942f8ef69d615f877bd8e0c303e765f5250ee85a484f2b395e
Instruction ID: 894ea225420530ebe772d4aa59d1df3df5a11734a855c873f589b750f5b11cd4
Opcode Fuzzy Hash: 64b3f02ede5d6d942f8ef69d615f877bd8e0c303e765f5250ee85a484f2b395e
Instruction Fuzzy Hash: AC318B72100204AEDB10DF68DC80FFB73B9FF88724F00961AF9A597290DA74AD82C760

Function 00A64537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A6461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A64634

Strings

', xrefs: 00A6458E

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: c9a6cc997440fa78f54733112199cc7618ff7dabbd4e20694fe3075c319e843e
Instruction ID: 79e57d0cc9ff0029e0b4c876909d8edf7d20f39a79dd6f88e9ff887a35aa8ced
Opcode Fuzzy Hash: c9a6cc997440fa78f54733112199cc7618ff7dabbd4e20694fe3075c319e843e
Instruction Fuzzy Hash: 86310A74A0131AAFDF14CFA9C991BDA7BB5FF49700F14406AE905AB391E770A941CF90

Function 00A631EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A6327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A63287

Strings

Combobox, xrefs: 00A63249

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 8bdf0c2db14f2f3b45270060c84ea40c356bf7e390a9aa0642b290cf27aa5fe9
Instruction ID: 2265c70cbf5f9d472f6fee68ef8ecdccb15407713013dc7ae9cb82bbead6126e
Opcode Fuzzy Hash: 8bdf0c2db14f2f3b45270060c84ea40c356bf7e390a9aa0642b290cf27aa5fe9
Instruction Fuzzy Hash: B71193723001097FEF119FA4DC90EFB37BAEBA5364F104125F51497290D6759D528760

Function 00A63710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 009D600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009D604C
Part of subcall function 009D600E: GetStockObject.GDI32(00000011), ref: 009D6060
Part of subcall function 009D600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 009D606A

GetWindowRect.USER32(00000000,?), ref: 00A6377A
GetSysColor.USER32(00000012), ref: 00A63794

Strings

static, xrefs: 00A63757

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: f0e13ee58f2a957a911750c284dd38c43e21c158528fcda0ff69d0e36bb8946d
Instruction ID: db9ffebd298eb9a5521a4e54d4013df99aca2c49bd7cfa2b8b1ba5e6fc52d1b9
Opcode Fuzzy Hash: f0e13ee58f2a957a911750c284dd38c43e21c158528fcda0ff69d0e36bb8946d
Instruction Fuzzy Hash: 39113AB2610209AFDF01DFA8CD45EFA7BB8FB09354F004915F956E3250D775E8519B50

Function 00A4CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A4CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A4CDA6

Strings

<local>, xrefs: 00A4CD66

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: d4c40c869d5463075ed7d3cd5c821d94bad86395ae5865e9b875bf350b331686
Instruction ID: 953e5249aa0c7f9df78d0b50bbfe9c2a04fa3e06c63b0cbbc80c83f8b1c9b8f8
Opcode Fuzzy Hash: d4c40c869d5463075ed7d3cd5c821d94bad86395ae5865e9b875bf350b331686
Instruction Fuzzy Hash: D1110679A026317AD7784B668C44EF3BEACEF927B4F004226B10D83080D3749841D6F0

Function 00A63429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00A634AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00A634BA

Strings

edit, xrefs: 00A6348F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: f20c013490525c078fe994a8c33d500812b9b08f90a90c923f204f1246840723
Instruction ID: 63d75fe100164bda6b41ef29659841917c80584ef1593fce6cc538c761bff5e0
Opcode Fuzzy Hash: f20c013490525c078fe994a8c33d500812b9b08f90a90c923f204f1246840723
Instruction Fuzzy Hash: 71118C72100208ABEF128FA5DC88ABB777AEF05775F504724FA61931E0CB75DC929B60

Function 00A36C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00A36CB6
_wcslen.LIBCMT ref: 00A36CC2

Strings

STOP, xrefs: 00A36CBC, 00A36CC1

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: 84a9eed8bbeb29593f8e5a34aa9e908ef5947bd92c2ca6cd56fe66cafcc91753
Instruction ID: 675f90ab269a3aba531855c184663695bd19f3aa46173e90925deb922060f342
Opcode Fuzzy Hash: 84a9eed8bbeb29593f8e5a34aa9e908ef5947bd92c2ca6cd56fe66cafcc91753
Instruction Fuzzy Hash: 87012632A00926ABCB20AFFDDC809BF73B4FBA0754F008529F85297291EB31D900C750

Function 00A31CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A31D4C

Strings

ComboBox, xrefs: 00A31CEB
ListBox, xrefs: 00A31D16

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 6cd5ad6c97d16f2d4b6adfa4241bf47b1854cc4df58bc2f37e4d467f8a406e6b
Instruction ID: aed319f125d9c18f43a1e59b71afb1c9b5517bf4bb46681264f4e57f490f4a73
Opcode Fuzzy Hash: 6cd5ad6c97d16f2d4b6adfa4241bf47b1854cc4df58bc2f37e4d467f8a406e6b
Instruction Fuzzy Hash: 3301B175B41218AB8F08FBB4DD529FE73A8FB57390F444A1AF862673C1EA3459088760

Function 00A31BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00A31C46

Strings

ComboBox, xrefs: 00A31BE5
ListBox, xrefs: 00A31C10

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: ca94a855d9ebb61345561cbe3ae9e3c1b3cfd056fb494f623d5a1a3271eb0b52
Instruction ID: 9f65c5b51dccb1e3e0cb60d9689e2af61ac1fbfb9b2618c654d45a058ad839de
Opcode Fuzzy Hash: ca94a855d9ebb61345561cbe3ae9e3c1b3cfd056fb494f623d5a1a3271eb0b52
Instruction Fuzzy Hash: FB01A275B811086ACF04FBA1CA52AFF77E89B51340F14541AF85667281EA649E0C97B1

Function 00A31C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00A31CC8

Strings

ComboBox, xrefs: 00A31C69
ListBox, xrefs: 00A31C94

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 66f35f08fd27b52b51fe3fb1a4dd48cee71a5659a0878dfe2743c6bb97a819a7
Instruction ID: b442ec5f9d5d7fe6dd8c28a7cb3eb194565dd703b373dd1cc88a13ddd12745ff
Opcode Fuzzy Hash: 66f35f08fd27b52b51fe3fb1a4dd48cee71a5659a0878dfe2743c6bb97a819a7
Instruction Fuzzy Hash: CA01D1B6B8021867CF04FBA0CB02AFE73E8AB11340F145416B84673281EA609F19D671

Function 00A31D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009D9CB3: _wcslen.LIBCMT ref: 009D9CBD

Part of subcall function 00A33CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A33CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A31DD3

Strings

ComboBox, xrefs: 00A31D75
ListBox, xrefs: 00A31DA0

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: f951b2c6b208f5d2d2510492fa564bbabbcedbbb42bcdbcbd72268b961d98b3e
Instruction ID: 7fa2a43cb09275b1490aa6f7e2c3257223d9e88e8a343c04ecae2d8d2791e474
Opcode Fuzzy Hash: f951b2c6b208f5d2d2510492fa564bbabbcedbbb42bcdbcbd72268b961d98b3e
Instruction Fuzzy Hash: 44F0C271B9121866DB04F7B4DD52FFF77B8AF42790F040D1AF862633C1EA605A0C8260

Function 00A5747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A57493
_wcslen.LIBCMT ref: 00A574B9

Strings

3, 3, 16, 1, xrefs: 00A57483

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 694164169722d7793c9d8a560b83e236dedc24035ca94ed6497195fb9b87eac3
Instruction ID: 5ab9503c7e75bf8ca9e7fa7e396456af9e77781ea18814bf8490bf396573a58b
Opcode Fuzzy Hash: 694164169722d7793c9d8a560b83e236dedc24035ca94ed6497195fb9b87eac3
Instruction Fuzzy Hash: 3CE02B423142202092311379BCC1A7F5699EFC5B91714182FFE85D6266EAE48DD193A1

Function 00A30B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A30B23

Strings

Error allocating memory., xrefs: 00A30B1C
AutoIt, xrefs: 00A30B17

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: f1868ff10dd9e6efcfc1073a9421cb24f44cfca89460d4f416a0cb71d050e2d9
Instruction ID: 6ce7a2ac72894dbfd4f18ff891f99c03cda77eabce33bdf08183ad817985da9b
Opcode Fuzzy Hash: f1868ff10dd9e6efcfc1073a9421cb24f44cfca89460d4f416a0cb71d050e2d9
Instruction Fuzzy Hash: 8AE0DF323843483AD3113B957C03F9A7AD49F05B20F10482BFBD8A55C38AE2289007A9

Function 009F0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 009EF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,009F0D71,?,?,?,009D100A), ref: 009EF7CE

IsDebuggerPresent.KERNEL32(?,?,?,009D100A), ref: 009F0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,009D100A), ref: 009F0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 009F0D7F

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 13173e069c03ee28ab391bf8484696f493c350e3f27c91afaafc46d7862a659b
Instruction ID: 0fc8292abaa7238e362bc357f3730c7afa9af09a25f18e2bca2ae4640c9355f0
Opcode Fuzzy Hash: 13173e069c03ee28ab391bf8484696f493c350e3f27c91afaafc46d7862a659b
Instruction Fuzzy Hash: F9E06D742003518FD770EFB8E4043667BF8AB44744F00892EE982C6692DBB2E4458BA1

Function 00A43017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A4302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A43044

Strings

aut, xrefs: 00A43038

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: ca307f06b722ef9c04b2b98aef6686c5801c0f948ec100722c2fcd86c5fc2ae6
Instruction ID: 94e1ccb860e37ade3439b017e450de1028661d140fd4575a8fa800d288951caa
Opcode Fuzzy Hash: ca307f06b722ef9c04b2b98aef6686c5801c0f948ec100722c2fcd86c5fc2ae6
Instruction Fuzzy Hash: 05D05E7250032877DA20E7E4EC0EFDB3A7CDB04760F0006A2BA95E60D1DAF49985CAD0

Function 00A2D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A2D220

Strings

%.3d, xrefs: 00A2D22B
X64, xrefs: 00A2D2A8

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 54fc40396eb37a0fb0161cc248b906f66b11c28bc3c26c5cbd532b7f81634602
Instruction ID: 4106a6c9f8ca889dcde1cab68173f503eaab17caa9c4d0444ae1d2473c20e72a
Opcode Fuzzy Hash: 54fc40396eb37a0fb0161cc248b906f66b11c28bc3c26c5cbd532b7f81634602
Instruction Fuzzy Hash: 9BD012B1809128E9CF5097E4EC459FAB3BCBB08301F648472FD06A1042D624C908A761

Function 00A62322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A6232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A6233F

Part of subcall function 00A3E97B: Sleep.KERNEL32 ref: 00A3E9F3

Strings

Shell_TrayWnd, xrefs: 00A62325

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: d82f97bc55ef9bf692ce242442572f85140b11e7594373943ada860a0414c41c
Instruction ID: bf9ed561b8fb864f0b878bfbdaa5a4c9ed23c62cd5b5ba83baa05ed48d40b0cc
Opcode Fuzzy Hash: d82f97bc55ef9bf692ce242442572f85140b11e7594373943ada860a0414c41c
Instruction Fuzzy Hash: 4FD012363D4310B7EA64F7B0EC0FFD6BA64AF04B20F004916B786AA1D0C9F4A802CB54

Function 00A62356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A6236C
PostMessageW.USER32(00000000), ref: 00A62373

Part of subcall function 00A3E97B: Sleep.KERNEL32 ref: 00A3E9F3

Strings

Shell_TrayWnd, xrefs: 00A62365

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: ecfc228618b512633dcd8a44c84edac31f78a5df0773a8f5b175610179bbc1fc
Instruction ID: d750a6b087d7edcce7f7913703f3b98e40e7db967b65b6637052ca29a6ff35a9
Opcode Fuzzy Hash: ecfc228618b512633dcd8a44c84edac31f78a5df0773a8f5b175610179bbc1fc
Instruction Fuzzy Hash: 1BD0C7353C131076E564F7B0DC0FFD665545B04710F004915B646A51D0C9E464018654

Function 00A0BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A0BE93
GetLastError.KERNEL32 ref: 00A0BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A0BEFC

Memory Dump Source

Source File: 00000000.00000002.2935031352.00000000009D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009D0000, based on PE: true

Associated: 00000000.00000002.2935005283.00000000009D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A6C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935105984.0000000000A92000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935162251.0000000000A9C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2935197451.0000000000AA4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: d98643705036ed6910f5bceb8b49b64d7750b22cbf1b9681492cca24912c9b66
Instruction ID: e2dd0f448ccacc78048b99dbb202c8db4e80d186aeb695a7018461aee761d20e
Opcode Fuzzy Hash: d98643705036ed6910f5bceb8b49b64d7750b22cbf1b9681492cca24912c9b66
Instruction Fuzzy Hash: 9041C63461020AAFCF21CFA4EE54ABABBB5AF41720F144169FA59971E1DB30CD01CB70

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre