Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525824
MD5:	d9f8c3112fa16b9c170a349c0aa6285f
SHA1:	793ad3149d3d4eafe1036b3b381596bcd8f4e54b
SHA256:	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D9F8C3112FA16B9C170A349C0AA6285F)

taskkill.exe (PID: 7500 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7564 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7628 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7684 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7748 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 7484	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_91.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_91.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: file.exe, 00000000.00000002.3021047220.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_80.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_91.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_91.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_80.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_80.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_91.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_91.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_91.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_91.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_91.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_80.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_91.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_91.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_91.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_80.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_91.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_91.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_80.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_91.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_91.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000003.1789901202.0000000000F44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_91.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.72:443 -> 192.168.2.4:50029 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00D1EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D1ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00D1ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00D1EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D0AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00D0AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D39576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00D39576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1763386770.0000000000D62000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_0191d35f-d
Source: file.exe, 00000000.00000000.1763386770.0000000000D62000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_9b866436-2
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_77558675-1
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_a9b35db1-6

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D0D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00D0D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00D01201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D0E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00D0E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12046	0_2_00D12046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8060	0_2_00CA8060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08298	0_2_00D08298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE4FF	0_2_00CDE4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD676B	0_2_00CD676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D34873	0_2_00D34873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACAF0	0_2_00CACAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCCAA0	0_2_00CCCAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBCC39	0_2_00CBCC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6DD9	0_2_00CD6DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA91C0	0_2_00CA91C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBB119	0_2_00CBB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1394	0_2_00CC1394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1706	0_2_00CC1706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC781B	0_2_00CC781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC19B0	0_2_00CC19B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB997D	0_2_00CB997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA7920	0_2_00CA7920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC7A4A	0_2_00CC7A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC7CA7	0_2_00CC7CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1C77	0_2_00CC1C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD9EEE	0_2_00CD9EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2BE44	0_2_00D2BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1F32	0_2_00CC1F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CBF9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00CC0A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal72.troj.evad.winEXE@46/32@12/6

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D137B5 GetLastError,FormatMessageW,

0_2_00D137B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D010BF AdjustTokenPrivileges,CloseHandle,		0_2_00D010BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D016C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00D016C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D151CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00D151CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D2A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00D2A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D1648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00D1648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00CA42A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7508:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00CA42DE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF668E push ss; retf	0_2_00CF668F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF6686 push ss; retf	0_2_00CF6687
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF6682 push ss; retf	0_2_00CF6683
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0A76 push ecx; ret	0_2_00CC0A89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF4CE6 push 0000003Eh; iretd	0_2_00CF4CE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAD01B push cs; iretd	0_2_00CAD01E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1199 push cs; retf	0_2_00CB119A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB119C push cs; retf	0_2_00CB11A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB124F pushad ; iretd	0_2_00CB1252
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB124D pushad ; iretd	0_2_00CB124E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1247 pushad ; iretd	0_2_00CB124A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB125F pushad ; iretd	0_2_00CB1262
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1253 pushad ; iretd	0_2_00CB1256
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1263 pushad ; iretd	0_2_00CB1266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF56D8 push eax; iretd	0_2_00CF56DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF56E9 push esp; iretd	0_2_00CF56EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF57E4 push ebx; iretd	0_2_00CF57FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF57E1 push ebx; iretd	0_2_00CF57E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF57FC push esi; iretd	0_2_00CF5802
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF1788 push ss; iretd	0_2_00CF1789
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF5788 push eax; iretd	0_2_00CF578A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF179F push ss; iretd	0_2_00CF17A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF5799 push esp; iretd	0_2_00CF579A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF1797 push ss; iretd	0_2_00CF179D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF17AC push ss; iretd	0_2_00CF17AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF17A8 push ss; iretd	0_2_00CF17A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF17A3 push ss; iretd	0_2_00CF17A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF57B8 push ebx; iretd	0_2_00CF57CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF57B5 push ebx; iretd	0_2_00CF57B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF17B0 push ss; iretd	0_2_00CF17B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF5741 push esp; iretd	0_2_00CF5742

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00CBF98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D31C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00D31C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-96545

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7141			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1775			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.7 %

Source: C:\Users\user\Desktop\file.exe TID: 7488

Thread sleep time: -71410s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7141 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00D0DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D168EE FindFirstFileW,FindClose,	0_2_00D168EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00D1698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00D0D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00D0D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00D19642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00D1979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00D19B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D15C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00D15C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00CA42DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D1EAA2 BlockInput,

0_2_00D1EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00CD2622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00CA42DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CC4CE8 mov eax, dword ptr fs:[00000030h]

0_2_00CC4CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00D00B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00CD2622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00CC083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC09D5 SetUnhandledExceptionFilter,	0_2_00CC09D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00CC0C21

Source: C:\Users\user\Desktop\file.exe

0_2_00D01201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CE2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00CE2BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D0B226 SendInput,keybd_event,

0_2_00D0B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D222DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00D222DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00D00B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D01663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00D01663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CC0698 cpuid

0_2_00CC0698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D18195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00D18195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CFD27A GetUserNameW,

0_2_00CFD27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CDBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00CDBB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00CA42DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D21204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00D21204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D21806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00D21806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	13 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	13 Virtualization/Sandbox Evasion	Cached Domain Credentials	13 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
youtube-ui.l.google.com	142.250.181.238	true	false	unknown
www3.l.google.com	142.250.186.174	true	false	unknown
play.google.com	172.217.16.142	true	false	unknown
www.google.com	172.217.16.132	true	false	unknown
youtube.com	142.250.181.238	true	false	unknown
accounts.youtube.com	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	unknown
https://www.google.com/favicon.ico	false	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_91.13.dr	false		unknown
https://policies.google.com/technologies/location-data	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_91.13.dr	false		unknown
https://apis.google.com/js/api.js	chromecache_80.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_91.13.dr	false		unknown
https://policies.google.com/terms/service-specific	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_80.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_91.13.dr	false		unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_91.13.dr	false		unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_91.13.dr	false		unknown
https://support.google.com/accounts?hl=	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_91.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_91.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.174	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	play.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525824
Start date and time:	2024-10-04 15:16:56 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal72.troj.evad.winEXE@46/32@12/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 41 Number of non-executed functions: 308
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.181.238, 64.233.184.84, 34.104.35.123, 142.250.186.163, 142.250.185.67, 142.250.185.74, 172.217.16.202, 216.58.212.170, 172.217.16.138, 142.250.185.170, 142.250.74.202, 142.250.186.138, 142.250.186.42, 142.250.185.106, 142.250.186.106, 216.58.212.138, 216.58.206.74, 172.217.18.10, 142.250.186.74, 142.250.185.202, 142.250.185.138, 217.20.57.34, 172.217.18.106, 172.217.23.106, 142.250.185.234, 192.229.221.95, 88.221.110.91, 172.217.16.195, 108.177.15.84, 142.250.185.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://beta.adiance.com/wp-content/plugins/arull.php?7088797967704b536932307464507a637a4c7a736c4d7a733752533837503155744a31586533634466584277413d1	Get hash	malicious	HTMLPhisher	Browse
	Payout Receipt.pptx	Get hash	malicious	HTMLPhisher	Browse
	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse
	263528293882.html	Get hash	malicious	HTMLPhisher	Browse
	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse
	https://hblitigation-news.com/	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse
	http://ipscanadvsf.com	Get hash	malicious	Unknown	Browse
	https://www.ceolaser.com.mx	Get hash	malicious	Unknown	Browse
	https://test1web.edukati2.websku.com/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
youtube-ui.l.google.com	https://extensivetraders.org/	Get hash	malicious	Unknown	Browse	172.217.18.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.206
	https://www.thefirsthbcu.com/	Get hash	malicious	HTMLPhisher	Browse	142.250.185.78
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.142
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.186.110
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.238
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.238
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.16.206
	https://go.hginsights.com/rs/214-HYO-692/images/HG	Get hash	malicious	Unknown	Browse	172.217.18.110
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.185.110

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://beta.adiance.com/wp-content/plugins/arull.php?7088797967704b536932307464507a637a4c7a736c4d7a733752533837503155744a31586533634466584277413d1	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	Payout Receipt.pptx	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	263528293882.html	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	https://hblitigation-news.com/	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	https://www.ceolaser.com.mx	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	https://test1web.edukati2.websku.com/	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72
	http://url5892.equipgreen.com/ls/click?upn=u001.QnVyUTRnA6m7Ys04OcfRK-2BmYDxK-2BPvo2SH4SnTHtM2ahAlVLCP5CpZxqdikPch52bwE-2B6FGVTHUfa6r6g-2FUXtg-3D-3DRRNj_h5tndX3XP82u2CVP7HmVo4t-2FDkgNbuc-2FvPQxBNjqhqQfNFsb7fTdfgoFOkzI-2Bxa5KYPUiZS4W-2FgvgYDkntJEAhmsWMOHAu7qmcDzwEsnQtseb3y8TmhK-2BeBLagbYZa-2Fl5PaNGlzycBP9wt-2Bx-2BIF8M6H7XNSfHFanKHmI0XclVmtDLdFtwBZAykMNol-2B1EVQFYL6mFcaqBDNwcneuaiLfRiDR-2FpEOaIMkXlnRLaWty4mFpZlGkJkD2RATf5aYVpVmITUImq0A03rBAVtkq8oTcm0pf7AnRvvjfggEzQM-2FBDJTgvat7iExDFu-2FC1T1blavXJCuw6WT3ULqe7EEFzwLpISA11fryJZChsjBogHU4mmljbR7myqEHYvHOs-2BwDsboMOlR8BgyLszRlTVGoHnspaKXf-2BkOLcDw7PJIrD7-2FlwFq18AGU-2BMCwieNwipGZ43aaplrmL164T9c9GFx1PNH2NTQ8QQdXqSUL2c6Z6-2B1ninN2347XsTbH1kOcG-2Baj-2BmKRd-2BNrQ8HjKbgibY3if2Dc-2FillftKg-2BOAfAsCUg0buauclIIXkY9pJgbAiU0QED9OnFbExZCCtlYAvJNOed7N4zn56A55lVm-2FpSqvOehGwGBaKqQa4ttNoFB-2BYOeC0wYp71SC66lbF9C6FtGbF3Qpgus3-2BPuAKrmA6O2Su9CLsGxY9NfltTk4RJkxZjzDErPRMi6bSkxScSDRk90tJqNxYpDyXtYZlskKpQ4HdVrTPlGs8-2B-2FHPDDSgN-2BZxT1dhGovf81VbcvTPC13GKhBBaLTvYpomEVB24raM-2Fz7Xk5U-2B8zKTebMlP-2B767ISJjSJ4FsIMohGUw1oYLuomExXvt4SjzjZbOP9qyB9S-2BEqd7x6PZREvV2dm-2BJKbb6DwZmKWxW1lJB4QpPTNqpO9GdNhkZb7A-3D-3D	Get hash	malicious	Unknown	Browse	4.245.163.56 184.28.90.27 13.107.253.72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4067
Entropy (8bit):	5.3700036060139436
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoTiw:3mTOImedWOVF6vtUJyA8xJ3
MD5:	FA701F5D7BEF5AF6B676F099A00A1140
SHA1:	4CA8594D1E845605E7F1242AD8E10FD3A41FA3BE
SHA-256:	F1F311E29B597B507EE761AE40185A9BE194BA6498F91DD2A69610EF765B554A
SHA-512:	D53CAD789CED1F1D05546CD9DDA662FF47DF4A9FE382F4936EB1579175B06A95770426E5A83C24EACE04014956F1971A6432D1FCB26F2A9E4B922D8A34FC9875
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744742
Entropy (8bit):	5.792853472193562
Encrypted:	false
SSDEEP:	6144:H5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguPH:HOeKGSpgu/
MD5:	E1EACECE2057677ABF75B712C105209B
SHA1:	9E344321591DF0F0A5070CA740EC5B0A6AE0F652
SHA-256:	8AFE51BFDAE261688E105C2C7EDF8E18A1014157E0F6DDEBB224FDACC000A198
SHA-512:	F2054EAD60C488375EB127744B14138AD5FB141E8F83968C76892BFA51B1B35D53D54C19E1A1C72B46A1E62989BAED5F07E020CC3BAF8D98D8C0C985ED2B24A1
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGb3a8-i7ToyTC_LjURLST5kEgrtQ/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x2046d860, 0x39e1fc40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1307)
Category:	downloaded
Size (bytes):	47307
Entropy (8bit):	5.4763879715900785
Encrypted:	false
SSDEEP:	768:QnoEvN52o6tlv1oq7c2kpD9Akvb0jCPF/zAhrUiQxvKJkJ6z2kP3TElxOdMhvQSx:FKMEoREByMTprz66YO0mdUlJiLEFy
MD5:	F2447D18F8CDC3C05E0E7BBDB66F1F42
SHA1:	D4000E3D3DC5045BE23ED322E56C1FECD1907F4D
SHA-256:	082D869D9E2947CD57A23A5B3283E0297A1FB390A79A79DB081B067C2FBDD665
SHA-512:	2E6D1DD9FEA8DA9E7632940878ABF9F563F5738C86168FD47B31792F15BE9D6AB9ADAA7B8728201EE2F33F59C48120E05D16E79A5DC89944789188DC11209D4C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=soHxf"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var cxa,dxa;cxa=function(a){return a.hasOwnProperty("Ba")?a.Ba:function(){return{}}};.dxa=function(a,b,c){if(!a\|\|a===_.Sh)return _.Ue({});var d=cxa(a).call(a,c),e=_.$da(b,d!=null?d:{});d=Object.getPrototypeOf(a);return dxa(d,b,c).flatMap(function(f){return e.map(function(g){g.Fa=f;return g})}).map(function(f){return f},function(f){var g,m,p=(m=(g=a.displayName)!=null?g:c.toString())!=null?m:a.name;if(f==null)var q=Error("Bc`"+p+"`"+f);else if(typeof f==="string")q=Error("Cc`"+p+"`"+f);else if(f.message){q=f;f="Failed to retrieve dependencies of service "+p+": "+q.message;try{q.message=.f}catch(r){q=Error("Dc`"+f+"`"+r)}}else try{q=Error("Cc`"+p+"`"+JSON.stringify(f))}catch(r){q=Error("Cc`"+p+"`"+f)}return q})};_.mt=function(a,b,c){return b.ctor?b.Wq?b.NN(a,b.ctor,b.mi,c,void 0,!0):b.NN(a,b.ctor,b.mi,c,!0):b.Wq?b.NN(a,b.mi,c,void 0,!0):b.NN(a,b.mi,c,!0)};var exa;exa=function(a

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	8053
Entropy (8bit):	5.382021016834083
Encrypted:	false
SSDEEP:	96:o0mGRcFXkNCEwcXmf2Bh6kIx2T7Ia0U44rS3mtWBIOrAO0F7yqDuttj3w:t7mFYxV97I4Ia0U44rS3mt8IV7ydtdg
MD5:	AC3E86155DB18AC7ACEB24389EC0675C
SHA1:	CC6C959BB00408D8146BD757F2D4E824F4CBB5E2
SHA-256:	2FD1D740275DCA2AA84F3016171DD1DA2CFD225E35E0B83ED99AC22B33B9778E
SHA-512:	7BDE7B9157BB29E780DB549C2E359E8597B74B10FC39816C746BC268DFC5032D197C57CCE87B6DB9FCBB294FBBB186FB64D6022048824A7F77949DA151714806
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	652905
Entropy (8bit):	5.600295198280209
Encrypted:	false
SSDEEP:	6144:Ti3KfEnkxgOYoR+EoQvSXwojVlmGt/ZbJizUvgza5PB1+UO5Hx+BeU2+:T1QkxgOnNag6hJike+
MD5:	8DB71B3E49CD674ED82A90E92DADB22A
SHA1:	4F440EBE11EFC4E8EE3ED9DA3726FD5CC972F067
SHA-256:	7FE6355F70DB829323AF121EDE934B4A17270EF8B7E7FE8D63710A5344F6C0EE
SHA-512:	832B51CE5066E542B5962E911D4E6BA86FBB513FDDC76E55E9882706F2D8E90791CE63A22B0B9AE3C3E9726976AE55F144CE91D8D5AEFEF8BE4C5D5F103C00EF
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc,soHxf/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBi2EQjEH54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlH6JFSI5-VpdjXgYezd9zHeXyoa0g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583807195736551
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	d9f8c3112fa16b9c170a349c0aa6285f
SHA1:	793ad3149d3d4eafe1036b3b381596bcd8f4e54b
SHA256:	5366197d4e722f7a297555268aba3a03310e73056c3a9152fcc48b0c4f71336b
SHA512:	fc2803deed529e75cb7d97cc7abc1bee10ce2538aa9e7d7953d7a0a66b4721bae2ca5e1515e02da11fa236f1938cb14ff7adcc8beef97e5a8e4fe015098c221f
SSDEEP:	24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8a4AK:mTvC/MTQYxsWR7a4
TLSH:	21159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFE977 [Fri Oct 4 13:11:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F1190CBEB73h
jmp 00007F1190CBE47Fh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F1190CBE65Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F1190CBE62Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F1190CC121Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F1190CC1268h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F1190CC1251h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	ef0efb45b47b4d41a3b3e298909a1d4b	False	0.3167568108974359	data	5.332637239658461	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 15:18:05.555819035 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:05.555871964 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:05.556119919 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:05.556329966 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:05.556349993 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.406460047 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.408590078 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:06.408602953 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.409671068 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:06.409702063 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:06.409714937 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.409786940 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:06.409806967 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:06.410778999 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:06.410851955 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.441838026 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:06.441862106 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:06.465527058 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:06.465547085 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:06.511236906 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:07.123301983 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.123369932 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.127944946 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.127955914 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.128284931 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.176007986 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.183942080 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.231391907 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.398499966 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.398575068 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.398622990 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.439470053 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.439498901 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.439511061 CEST	49742	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.439517975 CEST	443	49742	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.478230953 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.478281975 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:07.478343010 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.478619099 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:07.478630066 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.116573095 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.116647959 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.118556023 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.118566990 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.118877888 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.120893955 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.167417049 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.399025917 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.399136066 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.400248051 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.400480986 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.400502920 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:08.400516033 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 4, 2024 15:18:08.400522947 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 4, 2024 15:18:10.265878916 CEST	49672	443	192.168.2.4	173.222.162.32
Oct 4, 2024 15:18:10.265932083 CEST	443	49672	173.222.162.32	192.168.2.4
Oct 4, 2024 15:18:10.842423916 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:10.842454910 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:10.842612028 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:10.842755079 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:10.842768908 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.483710051 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.485054970 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.485069990 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.485611916 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.485719919 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.486356020 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.486468077 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.499015093 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.499128103 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.499439955 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.543400049 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.551007986 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.551038027 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.593781948 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.807760000 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.807830095 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.808149099 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.808223009 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.808235884 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.809603930 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.810031891 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.810523033 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.814820051 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.814985037 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.815356970 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.815591097 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.821362972 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.821787119 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.827644110 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.827827930 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.828257084 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.828277111 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.831408024 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.891320944 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.891365051 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.891514063 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.891630888 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.891642094 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.894501925 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.899231911 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.899276972 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.899303913 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.899312019 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.899348974 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.905452967 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.908746004 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.908756018 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.911010981 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.911236048 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.911243916 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.917625904 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.922508001 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.922519922 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.923645020 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.923783064 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:11.923821926 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.930613041 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.977801085 CEST	49757	443	192.168.2.4	142.250.186.174
Oct 4, 2024 15:18:11.977816105 CEST	443	49757	142.250.186.174	192.168.2.4
Oct 4, 2024 15:18:12.106509924 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.106554985 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.110615015 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.111444950 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.111466885 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.168015957 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.168065071 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.168169022 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.169194937 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.169215918 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.335797071 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:12.335840940 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:12.336045027 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:12.337430000 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:12.337445021 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:12.757977962 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.758266926 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.758285999 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.758692980 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.758753061 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.759450912 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.759505987 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.760606050 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.760672092 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.760806084 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.760812044 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.814318895 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.814584970 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.814594984 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.815056086 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.815139055 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.815403938 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.815905094 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.816003084 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.816179991 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.816247940 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.816323996 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.862505913 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:12.862519979 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:12.909528017 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.070187092 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.070307970 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.070569038 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.070739031 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.070755959 CEST	443	49761	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.070760965 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.070858955 CEST	49761	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.071557999 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.071654081 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.071732998 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.072009087 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.072046041 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.121014118 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.121486902 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.121575117 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.121860027 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.121860027 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.121877909 CEST	443	49763	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.121926069 CEST	49763	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.122591019 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.122629881 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.122689009 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.123091936 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.123104095 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.155782938 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:13.155878067 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:13.158986092 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:13.158993006 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:13.159235001 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:13.206764936 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:13.763359070 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.763581991 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.763602018 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.764004946 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.764074087 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.764867067 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.764921904 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.765079975 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.765156031 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.765230894 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.765230894 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.765252113 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.813322067 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.936489105 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:13.945816994 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 4, 2024 15:18:13.949624062 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:13.952311039 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 4, 2024 15:18:13.952378035 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 4, 2024 15:18:13.983400106 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:13.987422943 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.990031958 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.990104914 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.990849018 CEST	49769	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:13.990861893 CEST	443	49769	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:13.991394043 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.195930958 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.195970058 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.195977926 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.195991039 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.196156025 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.196178913 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.196178913 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.196193933 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.196517944 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.196517944 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.196870089 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.196955919 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:14.196988106 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.202630997 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:14.219031096 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219084978 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219118118 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219142914 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219180107 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:14.219197989 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219213963 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:14.219273090 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:14.219314098 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:14.306499958 CEST	49741	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:18:14.306524992 CEST	443	49741	172.217.16.132	192.168.2.4
Oct 4, 2024 15:18:15.007977962 CEST	49764	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:15.008008003 CEST	443	49764	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:19.909759045 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:19.909811974 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:19.910027027 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:19.910243988 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:19.910255909 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.542762041 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.543008089 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.543031931 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.543405056 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.543771029 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.543822050 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.543926954 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.543950081 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.543955088 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.773808002 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.774826050 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.774957895 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.777250051 CEST	49780	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.777270079 CEST	443	49780	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.935599089 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.935900927 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.935909986 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.936269045 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.936331987 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.936995983 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.937050104 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.937194109 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.937242985 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.937360048 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.937365055 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.937380075 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:20.979393005 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:20.985692024 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:21.260746002 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:21.261641026 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:21.261720896 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:21.262628078 CEST	49768	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:21.262651920 CEST	443	49768	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.066206932 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.066257954 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.066529989 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.066843033 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.066859007 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.698518038 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.700037003 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.700054884 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.700417042 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.703735113 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.703809977 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.703943968 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.706593037 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.706600904 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.945871115 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.946014881 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:43.946238995 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.946629047 CEST	49782	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:43.946650028 CEST	443	49782	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:44.534554005 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:44.534605026 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:44.534708023 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:44.535079956 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:44.535098076 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.183670044 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.184030056 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.184051991 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.184438944 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.184812069 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.184880018 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.185007095 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.185028076 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.185034990 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.604973078 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.605115891 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.605181932 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.608980894 CEST	49783	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:45.609002113 CEST	443	49783	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:45.609097004 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:45.609123945 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:45.609183073 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:45.609685898 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:45.609694004 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.325002909 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.325083017 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.328947067 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.328958988 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.329319000 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.338953018 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.362878084 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:46.362921953 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:46.362999916 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:46.363310099 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:46.363322973 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:46.379400015 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.454498053 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.454536915 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.454554081 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.454627991 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.454642057 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.454684019 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.539875031 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.539906979 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.540064096 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.540076971 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.540149927 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.545412064 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.545435905 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.545542955 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.545552969 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.545592070 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.629869938 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.629894018 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.630002022 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.630012989 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.630043983 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.631308079 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.631329060 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.631392002 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.631401062 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.631443977 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.633172989 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.633192062 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.633259058 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.633268118 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.633300066 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.636614084 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.636634111 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.636708975 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.636718035 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.636758089 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.720797062 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.720824957 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.720968962 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.720983028 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721044064 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.721599102 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721616030 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721684933 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.721688986 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721729994 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.721924067 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721937895 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.721997976 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.722001076 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.722038031 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.723067045 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.723081112 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.723149061 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.723153114 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.723192930 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.724220037 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.724235058 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.724298000 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.724301100 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.724338055 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.731467962 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.731492996 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.731565952 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.731575012 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.731621981 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.772150993 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.772259951 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.772314072 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.772479057 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.772479057 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.772479057 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.814980984 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.815040112 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.815129995 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.815335035 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.815347910 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.817140102 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.817179918 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.817244053 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.817612886 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.817630053 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.817900896 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.817931890 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.817984104 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.818089962 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.818104029 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.819479942 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.819524050 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.819576025 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.820144892 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.820158958 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.820204973 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.820327044 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.820339918 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:46.820440054 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:46.820449114 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.003072977 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.003509045 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.003535032 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.003962994 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.004281998 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.004359007 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.004441977 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.004460096 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.004471064 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.078788042 CEST	49784	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.078820944 CEST	443	49784	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.311078072 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.311999083 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.312076092 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.312427044 CEST	49785	443	192.168.2.4	172.217.16.142
Oct 4, 2024 15:18:47.312442064 CEST	443	49785	172.217.16.142	192.168.2.4
Oct 4, 2024 15:18:47.492836952 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.492935896 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.493305922 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.493324995 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.493799925 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.493804932 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.494050026 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.494071007 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.494560003 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.494565964 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.498414040 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.498714924 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.498744011 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.499125957 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.499135017 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.501801014 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.502495050 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.502507925 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.503273010 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.503278017 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.576066971 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.576663017 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.576699972 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.577162027 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.577167988 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603429079 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603454113 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603559017 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.603576899 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603600979 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603646040 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.603853941 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.603871107 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.603882074 CEST	49789	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.603888035 CEST	443	49789	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.606865883 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.606904984 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.607007980 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.607156992 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.607168913 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.607297897 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.607367992 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.607414007 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.607511044 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.607517958 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.607532978 CEST	49788	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.607537031 CEST	443	49788	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609472990 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609499931 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609577894 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609605074 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609648943 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609699011 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609704018 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609723091 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609802961 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609847069 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609857082 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609888077 CEST	443	49786	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.609898090 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.609945059 CEST	49786	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.611279011 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.611301899 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.612607002 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.612644911 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.612704039 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.612890959 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.612905979 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.617634058 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.617665052 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.617708921 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.617758036 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.617793083 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.617876053 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.617888927 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.617902040 CEST	49787	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.617907047 CEST	443	49787	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.620326996 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.620384932 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.620609045 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.620609045 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.620650053 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.694982052 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.695055962 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.695168972 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.695417881 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.695417881 CEST	49790	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.695441961 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.695451975 CEST	443	49790	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.698586941 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.698633909 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:47.698729038 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.698915958 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:47.698926926 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.264173985 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.264765024 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.264797926 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.265317917 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.265322924 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.312310934 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.312859058 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.312880993 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.313337088 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.313343048 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.320282936 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.320727110 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.320754051 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.321235895 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.321244955 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.345357895 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.345901012 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.345943928 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.346472025 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.346483946 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.381887913 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.382388115 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.382414103 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.382872105 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.382879019 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.393395901 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.393480062 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.393558979 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.393872976 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.393897057 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.393914938 CEST	49791	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.393922091 CEST	443	49791	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.396742105 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.396776915 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.396866083 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.397099972 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.397111893 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.426749945 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.426826954 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.426924944 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.427083015 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.427110910 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.427128077 CEST	49792	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.427138090 CEST	443	49792	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.429744005 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.429792881 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.429869890 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.430012941 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.430027962 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.434319973 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.434395075 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.434499025 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.434673071 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.434673071 CEST	49793	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.434694052 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.434704065 CEST	443	49793	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.437334061 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.437376022 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.437452078 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.437585115 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.437602043 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.461241007 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.461318970 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.461386919 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.461601019 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.461621046 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.461632967 CEST	49794	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.461638927 CEST	443	49794	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.464401960 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.464473009 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.464663982 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.464724064 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.464740992 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.493098021 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.493170977 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.493243933 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.493396997 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.493412971 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.493427038 CEST	49795	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.493432999 CEST	443	49795	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.496067047 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.496121883 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:48.496210098 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.496397018 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:48.496447086 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.059935093 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.060447931 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.060466051 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.060906887 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.060916901 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.110753059 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.111248016 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.111284018 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.111731052 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.111741066 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.138784885 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.139259100 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.139288902 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.139741898 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.139748096 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.149837971 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.150397062 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.150429964 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.150870085 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.150876045 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.185077906 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.185152054 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.185249090 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.185466051 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.185717106 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.185717106 CEST	49796	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.185734034 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.185743093 CEST	443	49796	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.187032938 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.187077999 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.187443018 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.187458992 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.189245939 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.189287901 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.189496040 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.189662933 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.189680099 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.224904060 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.224980116 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.225030899 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.225249052 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.225270033 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.225285053 CEST	49797	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.225291014 CEST	443	49797	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.227998018 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.228030920 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.228101015 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.228236914 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.228247881 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.263811111 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.263874054 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.264205933 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.264523029 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.264539957 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.264553070 CEST	49799	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.264559031 CEST	443	49799	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.271955013 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.272002935 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.272075891 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.272232056 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.272245884 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.277789116 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.277862072 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.277913094 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.278729916 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.278748989 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.278759956 CEST	49798	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.278765917 CEST	443	49798	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.281776905 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.281814098 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.281877995 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.282015085 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.282027960 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.295726061 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.295794964 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.295841932 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.295980930 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.296000004 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.296010017 CEST	49800	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.296015024 CEST	443	49800	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.301369905 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.301407099 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.301474094 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.301670074 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.301687002 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.907754898 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.908221006 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.908246994 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.908694029 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.908699989 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.925591946 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.926563978 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.926580906 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.927606106 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.927613974 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.949136019 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.949768066 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.949800968 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.950310946 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.950315952 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.979351997 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.979816914 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.979836941 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:49.980340004 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:49.980349064 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.014420986 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.015136003 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.015166044 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.015665054 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.015670061 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.021318913 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.021390915 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.021456003 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.021673918 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.021698952 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.021711111 CEST	49801	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.021717072 CEST	443	49801	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.024463892 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.024506092 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.024584055 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.024738073 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.024749041 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.041529894 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.041600943 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.041723013 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.042013884 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.042033911 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.042046070 CEST	49802	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.042052984 CEST	443	49802	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.044979095 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.045030117 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.045125008 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.045295954 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.045306921 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.060832977 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.060909033 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.061008930 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.061233044 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.061253071 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.061264038 CEST	49804	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.061269045 CEST	443	49804	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.064588070 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.064635992 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.064722061 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.064857960 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.064870119 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.102359056 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.102441072 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.102530956 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.102725983 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.102749109 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.102777004 CEST	49803	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.102783918 CEST	443	49803	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.105647087 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.105699062 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.105768919 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.105911970 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.105926037 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.135595083 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.135662079 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.135761023 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.135997057 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.136015892 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.136027098 CEST	49805	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.136033058 CEST	443	49805	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.139067888 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.139103889 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.139190912 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.139400959 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.139410973 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.927618027 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.927723885 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.927824020 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.928098917 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.928108931 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.928186893 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.928198099 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.928688049 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.928694010 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.928909063 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.928914070 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.929044008 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.929152966 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.929161072 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.929814100 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.929817915 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.929898024 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.929913998 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.930120945 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.930253983 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.930258989 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.930407047 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.930414915 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:50.930737019 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:50.930742025 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.098933935 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.099021912 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.099107981 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.099287987 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.099308968 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.099323034 CEST	49806	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.099329948 CEST	443	49806	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100363016 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100434065 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100491047 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.100600004 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.100615025 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100632906 CEST	49809	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.100639105 CEST	443	49809	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100785017 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100841999 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.100877047 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.102072001 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.102121115 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.102196932 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.102842093 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.102873087 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.103059053 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.103060007 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.103069067 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.103071928 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.103080988 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.103087902 CEST	49810	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.103092909 CEST	443	49810	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.103168011 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.103178978 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.104918957 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.104985952 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.105038881 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105055094 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105096102 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.105144978 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105197906 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105221033 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.105232954 CEST	49807	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105240107 CEST	443	49807	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.105309963 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.105324984 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.107032061 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.107043028 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.107119083 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.107238054 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.107249022 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.108838081 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.108911037 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.108954906 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.109046936 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.109057903 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.109069109 CEST	49808	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.109075069 CEST	443	49808	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.112170935 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.112207890 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.112401009 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.112401009 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.112426996 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.542753935 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:51.542798042 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:51.542886972 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:51.543246031 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:51.543256044 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:51.773772001 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.773874044 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.774471045 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.774477959 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.774488926 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.774521112 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.775001049 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.775006056 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.775032997 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.775038958 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.782406092 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.782882929 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.782892942 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.783323050 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.783329010 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.785909891 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.786170006 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.786180019 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.786515951 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.786520004 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.886605024 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.886668921 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.886754990 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.886975050 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.886986017 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.886997938 CEST	49814	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.887003899 CEST	443	49814	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890101910 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890134096 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890218973 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890394926 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890403986 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890656948 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890721083 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890769958 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890923977 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890944004 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.890971899 CEST	49811	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.890980005 CEST	443	49811	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.893151999 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.893161058 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.893229008 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.893395901 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.893403053 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.895972013 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.896038055 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.896094084 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.896183014 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.896190882 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.896217108 CEST	49812	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.896220922 CEST	443	49812	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.898277998 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.898317099 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.898396015 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.898525953 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.898540020 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.899095058 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.899357080 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.899409056 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.899432898 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.899437904 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.899449110 CEST	49813	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.899452925 CEST	443	49813	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.901350021 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.901377916 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:51.901434898 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.901557922 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:51.901568890 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.325256109 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.325408936 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.327066898 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.327078104 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.327322006 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.336378098 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.379396915 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.563237906 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.563795090 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.563815117 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.564462900 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.564469099 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.565654039 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.566894054 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.566917896 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.567282915 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.567290068 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.573460102 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.574187040 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.574202061 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.574601889 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.574608088 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.584204912 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.584650993 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.584667921 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.585083008 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.585087061 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.651679993 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.651706934 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.651721954 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.651868105 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.651895046 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.652000904 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.653086901 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.653130054 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.653151989 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.653158903 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.653179884 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.653194904 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.653232098 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.656915903 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.656936884 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.656946898 CEST	49816	443	192.168.2.4	4.245.163.56
Oct 4, 2024 15:18:52.656953096 CEST	443	49816	4.245.163.56	192.168.2.4
Oct 4, 2024 15:18:52.673547983 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.673621893 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.673816919 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.673885107 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.673907995 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.673923016 CEST	49818	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.673928976 CEST	443	49818	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.676279068 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.676342010 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.676523924 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.676562071 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.676562071 CEST	49820	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.676580906 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.676594019 CEST	443	49820	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.676968098 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.677009106 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.677201033 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.677280903 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.677289963 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.678926945 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.678951979 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.679014921 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.679155111 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.679164886 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.692188025 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.692245960 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.692341089 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.692648888 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.692648888 CEST	49819	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.692673922 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.692683935 CEST	443	49819	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.694801092 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.694840908 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.694912910 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.695053101 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.695066929 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.699341059 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.699414015 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.699474096 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.699657917 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.699672937 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.699683905 CEST	49817	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.699688911 CEST	443	49817	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.701905966 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.701936960 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:52.702020884 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.702131987 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:52.702143908 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.390680075 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.391179085 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.391204119 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.392010927 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.392019987 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.406948090 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.407449961 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.407478094 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.408603907 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.408611059 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.409377098 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.409774065 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.409782887 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.410141945 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.410146952 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.411664009 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.411971092 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.411997080 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.412401915 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.412411928 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.502234936 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.502320051 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.502404928 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.502701998 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.502722979 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.502736092 CEST	49823	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.502742052 CEST	443	49823	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.505333900 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.505386114 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.505464077 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.505616903 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.505631924 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.522447109 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.522521973 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.522613049 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.522778988 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.522797108 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.522829056 CEST	49821	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.522835016 CEST	443	49821	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.524245024 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.524302959 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.524353027 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.524435043 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.524444103 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.524460077 CEST	49822	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.524465084 CEST	443	49822	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.525558949 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.525585890 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.525656939 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.525803089 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.525813103 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.526252031 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.526293039 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.526345015 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.526441097 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.526453018 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.528065920 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.528126955 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.528170109 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.528248072 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.528255939 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.528270006 CEST	49824	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.528274059 CEST	443	49824	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.530320883 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.530355930 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:53.530507088 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.530591011 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:53.530605078 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.209670067 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.210500956 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.210525036 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.210984945 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.210989952 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.227116108 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.227636099 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.227669954 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.228106022 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.228113890 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.230268002 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.230325937 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.230740070 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.230766058 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.231121063 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.231121063 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.231153011 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.231168032 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.231188059 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.231194019 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342324972 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342400074 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342489004 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.342667103 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.342677116 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342689037 CEST	49827	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.342694998 CEST	443	49827	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342910051 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.342968941 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.343008995 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.343998909 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.344022036 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.344037056 CEST	49825	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.344043016 CEST	443	49825	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.346810102 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.346838951 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.346892118 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.348284006 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.348298073 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.349199057 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.349205971 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.349261999 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.349411964 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.349422932 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.352874041 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.352935076 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.353080988 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.353080988 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.353080988 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.353554964 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.353615046 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.353657007 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.354223013 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.354240894 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.354252100 CEST	49826	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.354258060 CEST	443	49826	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.355223894 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.355261087 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.356090069 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.356090069 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.356122971 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.357250929 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.357275009 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.357316971 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.357449055 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.357458115 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.659421921 CEST	49828	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.659471989 CEST	443	49828	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.785223961 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.785701036 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.785725117 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:54.786432981 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:54.786438942 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.046629906 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.046700001 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.046791077 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.046978951 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.046998978 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.047013044 CEST	49815	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.047018051 CEST	443	49815	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.049964905 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.050013065 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.050111055 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.050266027 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.050282955 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.234390020 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.234838009 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.234859943 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.235485077 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.235490084 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.237246037 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.237718105 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.237734079 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.238224030 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.238233089 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.241276026 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.241626024 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.241636992 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.242017984 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.242022038 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.242769957 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.243221045 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.243232965 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.243552923 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.243556976 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.348452091 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.348541021 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.348588943 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.348776102 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.348798990 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.348813057 CEST	49831	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.348819971 CEST	443	49831	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.349158049 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.349221945 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.349313974 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.350074053 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.350094080 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.350142002 CEST	49829	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.350147963 CEST	443	49829	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.352641106 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.352690935 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.352760077 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.353255987 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.353310108 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.353387117 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.353390932 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.353404045 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.353584051 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.353598118 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.360050917 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.360126019 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.360203028 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.360977888 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.361037970 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.361077070 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.361520052 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.361558914 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.361578941 CEST	49832	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.361584902 CEST	443	49832	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.361615896 CEST	49830	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.361624956 CEST	443	49830	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.365051031 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365103006 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.365178108 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365639925 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365679979 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.365758896 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365801096 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365820885 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.365901947 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.365916014 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.743932962 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.746498108 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.746531963 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.749857903 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.749864101 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.856875896 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.856955051 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.857004881 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.857214928 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.857235909 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.857250929 CEST	49833	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.857255936 CEST	443	49833	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.864753008 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.864789963 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:55.864855051 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.865097046 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:55.865108967 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.027899027 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.028428078 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.028446913 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.028887033 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.028897047 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.034784079 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.035204887 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.035229921 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.035737991 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.035744905 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.050088882 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.050568104 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.050584078 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.051001072 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.051007986 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.052288055 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.052582979 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.052601099 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.052923918 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.052928925 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.145332098 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.145401955 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.145479918 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.145723104 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.145746946 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.145760059 CEST	49835	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.145766020 CEST	443	49835	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.146349907 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.146414995 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.146462917 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.146593094 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.146612883 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.146625996 CEST	49834	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.146631956 CEST	443	49834	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.148691893 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.148732901 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.148772001 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.148808956 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.148809910 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.148860931 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.148947954 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.148958921 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.149002075 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.149013996 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.164015055 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.164084911 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.164136887 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.164331913 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.164345026 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.164355040 CEST	49836	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.164361000 CEST	443	49836	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.166589022 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.166662931 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.166716099 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.166757107 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.166770935 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.166781902 CEST	49837	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.166788101 CEST	443	49837	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.167135000 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.167177916 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.167227030 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.167371988 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.167391062 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.168654919 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.168668032 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.168720961 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.168853045 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.168863058 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.550333977 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.550844908 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.550875902 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.551922083 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.551927090 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.665605068 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.665683985 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.665764093 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.666115046 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.666131973 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.666147947 CEST	49838	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.666153908 CEST	443	49838	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.669363976 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.669404030 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.669506073 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.669691086 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.669702053 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.829931021 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.830581903 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.830632925 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.831069946 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.831079960 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.832226992 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.832629919 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.832650900 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.832947016 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.832952976 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.834198952 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.834570885 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.834597111 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.834888935 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.834893942 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.840955973 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.841341972 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.841371059 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.841705084 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.841711044 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.945449114 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.945540905 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.945621014 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.945852995 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.945872068 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.945882082 CEST	49839	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.945888996 CEST	443	49839	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.948879957 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.948914051 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.949089050 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.949153900 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.949167013 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.951723099 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.951802015 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.952099085 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.952099085 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.952126980 CEST	49842	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.952143908 CEST	443	49842	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.955054045 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.955125093 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.955176115 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.955678940 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.955714941 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.955784082 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.955916882 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.955926895 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.957006931 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.957022905 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.957036018 CEST	49841	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.957041979 CEST	443	49841	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.959534883 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.959558010 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.959620953 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.959744930 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.959755898 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.968636990 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.968699932 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.968746901 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.968926907 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.968951941 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.968964100 CEST	49840	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.968971014 CEST	443	49840	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.975404978 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.975445032 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:56.975563049 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.975979090 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:56.975995064 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.360528946 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.362126112 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.362142086 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.362584114 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.362591982 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.816246986 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.819164038 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.819199085 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.819686890 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.819699049 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.856631041 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.856714964 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.856808901 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.857034922 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.857058048 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.857069016 CEST	49843	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.857074976 CEST	443	49843	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.859579086 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.859627008 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.859704971 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.860157013 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.860169888 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.917764902 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.918464899 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.919197083 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.919228077 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.919627905 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.919635057 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.919843912 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.919861078 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.920211077 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.920214891 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.924895048 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.925360918 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.925369978 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.925779104 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.925781965 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.956154108 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.956233978 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.956332922 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.956554890 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.956578970 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.956592083 CEST	49847	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.956598997 CEST	443	49847	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.959218025 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.959256887 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:57.959336996 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.959520102 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:57.959528923 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.034488916 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.034547091 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.034641027 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.035682917 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.035751104 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.035806894 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.038121939 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.038208008 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.038678885 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.053896904 CEST	49846	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.053919077 CEST	443	49846	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.077311039 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.077323914 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.077337027 CEST	49845	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.077342033 CEST	443	49845	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.078097105 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.078126907 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.078141928 CEST	49844	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.078149080 CEST	443	49844	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.079932928 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 4, 2024 15:18:58.082592964 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.082636118 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.082724094 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.083431005 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.083442926 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.085016966 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.085052967 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.085105896 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.085278034 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.085287094 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.085669994 CEST	80	49724	93.184.221.240	192.168.2.4
Oct 4, 2024 15:18:58.085716963 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 4, 2024 15:18:58.086380005 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.086412907 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.086571932 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.086857080 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.086868048 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.558012962 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.558662891 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.558686972 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.559189081 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.559194088 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.658418894 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.659070969 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.659101963 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.659543991 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.659552097 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.668636084 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.668711901 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.668777943 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.669008970 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.669029951 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.669044971 CEST	49848	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.669050932 CEST	443	49848	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.672038078 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.672079086 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.672178030 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.672446012 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.672455072 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.753720999 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.754337072 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.754368067 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.754848957 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.754856110 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.755238056 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.755539894 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.755564928 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.755893946 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.755903959 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.759404898 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.759882927 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.759907961 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.760315895 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.760325909 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.774770021 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.774833918 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.774939060 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.775283098 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.775283098 CEST	49849	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.775335073 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.775362015 CEST	443	49849	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.778477907 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.778518915 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.778628111 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.778820038 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.778830051 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.867104053 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.867185116 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.867249966 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.867508888 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.867561102 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.867590904 CEST	49850	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.867609024 CEST	443	49850	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870313883 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870376110 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870388985 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870424032 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.870748997 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.870769978 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870779991 CEST	49852	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.870786905 CEST	443	49852	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870836020 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.870886087 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.870994091 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.871006012 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.871020079 CEST	49851	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.871026039 CEST	443	49851	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.872744083 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.872785091 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.872842073 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874012947 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874042988 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.874104977 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874546051 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874617100 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.874696016 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874813080 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874835014 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.874924898 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.874936104 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:58.875024080 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:58.875056028 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.354084015 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.354851961 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.354870081 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.355359077 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.355364084 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.432152987 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.432878971 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.432913065 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.433389902 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.433398962 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.474611044 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.474700928 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.474746943 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.474970102 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.474987984 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.474997997 CEST	49853	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.475003958 CEST	443	49853	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.477859974 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.477906942 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.477987051 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.478143930 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.478153944 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.530303001 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.530910969 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.530940056 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.531382084 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.531394958 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.541507006 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542052031 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.542079926 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542084932 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542169094 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542417049 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.542509079 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.542509079 CEST	49854	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.542530060 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542537928 CEST	443	49854	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.542728901 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.542737007 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.545253038 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.545289993 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.545382977 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.545533895 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.545543909 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.547987938 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.548398018 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.548417091 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.548840046 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.548846960 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.643848896 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.643919945 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.643997908 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.647706032 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.647725105 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.647757053 CEST	49855	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.647763014 CEST	443	49855	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650300980 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650324106 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650428057 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650568008 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650579929 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650685072 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650757074 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650809050 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650860071 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650887966 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.650901079 CEST	49857	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.650907993 CEST	443	49857	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.653541088 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.653594971 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.653681993 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.654793024 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.654804945 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.661245108 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.661322117 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.661382914 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.664802074 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.664825916 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.664841890 CEST	49856	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.664849043 CEST	443	49856	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.668391943 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.668436050 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:18:59.668518066 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.669354916 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:18:59.669364929 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.141109943 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.143311024 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.143342018 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.143755913 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.143760920 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.204623938 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.205409050 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.205435038 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.206005096 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.206017971 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.322247028 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.322387934 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.322480917 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.322618961 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.322638988 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.322653055 CEST	49859	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.322659969 CEST	443	49859	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.324791908 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.325395107 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.325438976 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.325558901 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.325933933 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.325942993 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.326405048 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.326409101 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.326545954 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.326556921 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.327054977 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.327414989 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.327436924 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.327754974 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.327763081 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.333838940 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.334060907 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.334157944 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.341515064 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.341515064 CEST	49858	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.341552019 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.341564894 CEST	443	49858	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.347295046 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.347342968 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.347413063 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.347579002 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.347593069 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.361756086 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.362489939 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.362519026 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.362970114 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.362978935 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.439985991 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.440062046 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.440156937 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.440330982 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.440351963 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.440366983 CEST	49860	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.440373898 CEST	443	49860	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.443176985 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.443219900 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.443315983 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.443479061 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.443494081 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.456052065 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.456115007 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.456250906 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.456408978 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.456434011 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.456479073 CEST	49861	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.456490040 CEST	443	49861	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.459588051 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.459619045 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.459714890 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.459877014 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.459889889 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.475231886 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.475260019 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.475317001 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.475378036 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.475420952 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.475784063 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.475784063 CEST	49862	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.475811958 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.475825071 CEST	443	49862	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.478786945 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.478838921 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:00.478938103 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.479171038 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:00.479182005 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.260462046 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.261087894 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.261121035 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.261554003 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.261568069 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.265037060 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.265475035 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.265506029 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.266067028 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.266072989 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.266546011 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.266936064 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.266948938 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.267354012 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.267358065 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.270380020 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.270812035 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.270832062 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.271243095 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.271248102 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.272160053 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.272449017 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.272469997 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.272799015 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.272809982 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.373565912 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.373699903 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.373760939 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.373913050 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.373931885 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.373943090 CEST	49863	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.373949051 CEST	443	49863	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.378035069 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.378077984 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.378144026 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.378387928 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.378401041 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381289959 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381305933 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381319046 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381331921 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381388903 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.381403923 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381431103 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.381437063 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381484985 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.381593943 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.381597996 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381613016 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.381743908 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381776094 CEST	443	49866	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.381820917 CEST	49866	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.382383108 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.382431030 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.389013052 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.389034033 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.389046907 CEST	49865	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.389055014 CEST	443	49865	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391088009 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.391128063 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391191959 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.391375065 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391419888 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391460896 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.391488075 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391802073 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.391815901 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391942024 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.391952991 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.391961098 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392167091 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392222881 CEST	443	49867	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392261982 CEST	49867	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392404079 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392451048 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392504930 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392503977 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392561913 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392602921 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392615080 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392627954 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392931938 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392946005 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.392955065 CEST	49864	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.392961025 CEST	443	49864	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.394618034 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.394639969 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.394695997 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.394953966 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.394979954 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.395050049 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.395103931 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.395116091 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:01.395164013 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:01.395174026 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.035722017 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.036133051 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.036149025 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.036592007 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.036596060 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.046757936 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.048345089 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.048368931 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.049165010 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.049170017 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.050165892 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.050817013 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.051248074 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.051270962 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.051908016 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.051915884 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.052674055 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.052690029 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.053518057 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.053522110 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.078984976 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.079905033 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.079931974 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.080559969 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.080564976 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.155369997 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.155433893 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.155499935 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.155762911 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.155781984 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.155796051 CEST	49869	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.155802011 CEST	443	49869	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.158806086 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.158842087 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.158947945 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.159116030 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.159126997 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.160207987 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.160218954 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.160577059 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.160672903 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.160674095 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.160707951 CEST	49872	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.160725117 CEST	443	49872	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.161511898 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.161869049 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.161926031 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.161973000 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.161978960 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.161993027 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.162007093 CEST	49873	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.162012100 CEST	443	49873	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.162024021 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.162081957 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.162096977 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.162106991 CEST	49871	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.162112951 CEST	443	49871	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.163373947 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.163412094 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.163543940 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.163887978 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.163897991 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.164541006 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.164580107 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.164645910 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.164781094 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.164802074 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.165066004 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.165083885 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.165138960 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.165263891 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.165272951 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.197668076 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.198111057 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.198172092 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.198209047 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.198226929 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.198240995 CEST	49870	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.198246956 CEST	443	49870	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.201023102 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.201052904 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.201132059 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.201263905 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.201275110 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.825956106 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.826072931 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.826772928 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.826809883 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.827227116 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.827236891 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.827444077 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.827466011 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.827796936 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.827802896 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.842639923 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.855037928 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.858834028 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.858861923 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.859292984 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.859302044 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.860905886 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.860934973 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.864686966 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.864700079 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.866071939 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.868249893 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.868263006 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.869565964 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.869573116 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.935972929 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.936045885 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.936106920 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.936327934 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.936350107 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.936361074 CEST	49875	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.936367989 CEST	443	49875	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.940766096 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.940813065 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.940893888 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.941057920 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.941068888 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.953933954 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.954638004 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.954737902 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.955868006 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.955887079 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.955898046 CEST	49876	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.955904007 CEST	443	49876	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.959048033 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.959091902 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.959183931 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.959333897 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.959347010 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.976809025 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.976964951 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.977029085 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.977076054 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.977166891 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.977186918 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.977202892 CEST	49878	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.977210045 CEST	443	49878	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.978410006 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.978482962 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.978545904 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.978554964 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.978576899 CEST	49874	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.978581905 CEST	443	49874	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.980490923 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980557919 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.980654955 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980684996 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980694056 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.980731010 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980784893 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980794907 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:02.980885029 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:02.980892897 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.008081913 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.008152962 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.008248091 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.008462906 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.008476973 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.008488894 CEST	49877	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.008495092 CEST	443	49877	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.011603117 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.011631012 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.011732101 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.011905909 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.011917114 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.639730930 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.639834881 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.640209913 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.640398979 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.640400887 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.640430927 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.640433073 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.640867949 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.640873909 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.640949011 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.640978098 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.641115904 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.641129017 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.641468048 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.641474009 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.683362007 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.683983088 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.684016943 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.684415102 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.684422970 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.686832905 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.687288046 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.687320948 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.687720060 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.687725067 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.757771969 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.757803917 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.757860899 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.757908106 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.757941961 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.757994890 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758001089 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758076906 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758076906 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758131981 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758131981 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758254051 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758281946 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758292913 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758292913 CEST	49880	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758300066 CEST	49879	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758306026 CEST	443	49879	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758311987 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758322954 CEST	443	49880	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758953094 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758971930 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.758991003 CEST	49882	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.758996964 CEST	443	49882	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.761439085 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761471987 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.761522055 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761548042 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761564016 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.761614084 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761729956 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761743069 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.761869907 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.761881113 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.762425900 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.762437105 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.762499094 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.762614012 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.762623072 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.797102928 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.797173023 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.797245026 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.797622919 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.797642946 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.797662020 CEST	49883	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.797667980 CEST	443	49883	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.800643921 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.800681114 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.800781965 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.800982952 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.800995111 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.817176104 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.817212105 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.817255020 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.817393064 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.817748070 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.817768097 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.817805052 CEST	49881	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.817820072 CEST	443	49881	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.820910931 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.820951939 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:03.821044922 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.821233034 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:03.821247101 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.440304041 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.441015005 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.441042900 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.441526890 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.441531897 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.447550058 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.448064089 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.448087931 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.448223114 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.448460102 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.448465109 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.448508978 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.448527098 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.449013948 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.449018002 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.486375093 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.487013102 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.487040043 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.487529039 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.487535954 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.502702951 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.503242016 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.503263950 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.503577948 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.503585100 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.557224035 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.557727098 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.557784081 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.557802916 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.557842016 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.557892084 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.557912111 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.557926893 CEST	49885	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.557933092 CEST	443	49885	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.560822010 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.560859919 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.560934067 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.561074972 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.561086893 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.565808058 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566092014 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566149950 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566186905 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566206932 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566220999 CEST	49884	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566226959 CEST	443	49884	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566627979 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566709042 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566756010 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566871881 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566894054 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.566906929 CEST	49886	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.566912889 CEST	443	49886	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.568731070 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.568770885 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.568837881 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.568965912 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.568979979 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.568984985 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.569014072 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.569061041 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.569164991 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.569179058 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.601047993 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.601185083 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.601291895 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.601730108 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.601748943 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.601763964 CEST	49887	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.601769924 CEST	443	49887	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.604943037 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.604984045 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.605101109 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.605283976 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.605298996 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.615104914 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.615212917 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.615298033 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.615400076 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.615415096 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.615451097 CEST	49888	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.615457058 CEST	443	49888	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.617978096 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.618016958 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:04.618079901 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.618240118 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:04.618248940 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.279628038 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.286907911 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.297349930 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.302274942 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.306621075 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.306648970 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.318075895 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.318114996 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.324985981 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.330557108 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.330583096 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.331260920 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.331268072 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.331502914 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.331523895 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.331866980 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.331872940 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.332065105 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.332087040 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.332421064 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.332427025 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.337305069 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.337330103 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.337788105 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.337795019 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.428710938 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.428993940 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.429063082 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.429100990 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.429124117 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.429136038 CEST	49890	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.429142952 CEST	443	49890	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.432437897 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.432476997 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.432549953 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.433298111 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.433309078 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.438626051 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.438672066 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.438715935 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.438726902 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.438771009 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.439703941 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.439825058 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.439868927 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.439871073 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.439925909 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.440231085 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.440243959 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440270901 CEST	49889	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.440275908 CEST	443	49889	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440334082 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.440352917 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440365076 CEST	49891	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.440371037 CEST	443	49891	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440484047 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440541029 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.440579891 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.443440914 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.443455935 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.443469048 CEST	49893	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.443475008 CEST	443	49893	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.444192886 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.444226980 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.444286108 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.445509911 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.445548058 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.445602894 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.445727110 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.445735931 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.445848942 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.445862055 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.447189093 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.447218895 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.447283983 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.447405100 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.447417974 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.450664997 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.451149940 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.451208115 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.451231003 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.451241016 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.451270103 CEST	49892	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.451275110 CEST	443	49892	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.453218937 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.453238010 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.453308105 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.453430891 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:05.453438997 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:05.611995935 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:05.612052917 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:05.612138987 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:05.612533092 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:05.612545967 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:06.109333992 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.110096931 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.110145092 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.110603094 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.110610008 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.116378069 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.116898060 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.116935015 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.117516994 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.117522001 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.126219034 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.126723051 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.126740932 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.127139091 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.127218008 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.127223969 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.127511024 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.127526045 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.127963066 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.127969027 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.128375053 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.128688097 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.128701925 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.129062891 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.129066944 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.218954086 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.219511986 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.219593048 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.219656944 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.219679117 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.219691038 CEST	49894	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.219696045 CEST	443	49894	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.224075079 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.224133968 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.224236965 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.224411964 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.224422932 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.226692915 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.226764917 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.226814985 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.227216959 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.227236986 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.227252007 CEST	49896	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.227257967 CEST	443	49896	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.230515957 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.230570078 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.230690002 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.230866909 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.230885029 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.237487078 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.238282919 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.238337994 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.238358021 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.238410950 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.238460064 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.238471031 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.238483906 CEST	49895	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.238490105 CEST	443	49895	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.239834070 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.239866018 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.239931107 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.239981890 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.240083933 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.240093946 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.240107059 CEST	49898	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.240112066 CEST	443	49898	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.240622044 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.240675926 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241544962 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241575003 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.241576910 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241585970 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.241605997 CEST	49897	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241610050 CEST	443	49897	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.241636038 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241755962 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.241765976 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.242670059 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.242706060 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.242906094 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.242906094 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.242933035 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.243659019 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.243717909 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.243783951 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.243910074 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:06.243920088 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:06.274585009 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:06.274983883 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:06.275012016 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:06.275340080 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:06.275718927 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:06.275773048 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:06.328577042 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:07.040509939 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.041130066 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.041157961 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.041735888 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.041743994 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.049871922 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.050276995 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.050497055 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.050523043 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.050993919 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.051022053 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.051170111 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.051177979 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.051404953 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.051410913 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.054869890 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.055218935 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.055231094 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.055630922 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.055635929 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.060646057 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.061008930 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.061032057 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.061446905 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.061454058 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.160741091 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.160772085 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.160818100 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.160897970 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.160934925 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.161179066 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.161191940 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.161201000 CEST	49900	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.161206007 CEST	443	49900	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.164117098 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.164160013 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.164239883 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.164388895 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.164402008 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.165009022 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.165076971 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.165129900 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.165236950 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.165255070 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.165267944 CEST	49902	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.165273905 CEST	443	49902	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.167793989 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.167825937 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.167896986 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.168005943 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.168016911 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169276953 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169346094 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169359922 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169401884 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169403076 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169433117 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169460058 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169480085 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169543982 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169549942 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169590950 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169605970 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169614077 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169614077 CEST	49901	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169619083 CEST	49903	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.169625998 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169626951 CEST	443	49903	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.169637918 CEST	443	49901	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.170319080 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.170346975 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.170363903 CEST	49904	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.170371056 CEST	443	49904	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.175754070 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.175798893 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.175883055 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.176327944 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.176346064 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.177706957 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.177742958 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.177794933 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.177992105 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.178006887 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.178468943 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.178512096 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.178576946 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.179218054 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.179229021 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.833584070 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.848475933 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.848828077 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.848854065 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.849370003 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.849380970 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.849644899 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.849673986 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.850037098 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.850048065 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.850503922 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.850816965 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.850840092 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.851229906 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.851238012 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.881880999 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.888113976 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.895323992 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.895337105 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.908615112 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.908628941 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.909126043 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.909152031 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.909532070 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.909543991 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.964298010 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.964369059 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.964435101 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.964591026 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.964770079 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.964793921 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.964806080 CEST	49907	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.964812994 CEST	443	49907	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.965223074 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.965287924 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.965325117 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.965342045 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.965356112 CEST	49908	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.965362072 CEST	443	49908	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.968313932 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.968349934 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.968421936 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.969512939 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.969544888 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.969593048 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.969741106 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.969753981 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.970175028 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.970187902 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.974698067 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.974790096 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.974847078 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.974921942 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.974935055 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.974945068 CEST	49906	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.974950075 CEST	443	49906	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.977319002 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.977350950 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:07.977427959 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.977560997 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:07.977572918 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.020401001 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.020431042 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.020490885 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.020494938 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.020544052 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.020765066 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.020783901 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.020796061 CEST	49909	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.020802021 CEST	443	49909	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.021832943 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.022181988 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.022253036 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.022290945 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.022311926 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.022324085 CEST	49905	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.022330999 CEST	443	49905	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.024169922 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024214983 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.024353027 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024461985 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024473906 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.024605989 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024612904 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.024838924 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024840117 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.024858952 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.632440090 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.633153915 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.633203983 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.633621931 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.633632898 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.638500929 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.638974905 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.639000893 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.639368057 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.639377117 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.663204908 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.663868904 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.663897991 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.664427042 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.664434910 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.687370062 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.687889099 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.687915087 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.688399076 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.688410044 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.692923069 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.693464994 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.693486929 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.694030046 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.694044113 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.741851091 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.741950989 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.742052078 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.742239952 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.742270947 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.742291927 CEST	49911	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.742299080 CEST	443	49911	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.745441914 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.745491028 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.745606899 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.745800018 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.745820045 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.753087997 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.753122091 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.753165007 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.753206015 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.753249884 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.753505945 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.753523111 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.753535986 CEST	49910	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.753541946 CEST	443	49910	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.756366014 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.756403923 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.756499052 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.756690025 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.756705046 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.778806925 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.779169083 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.779217005 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.779247999 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.779298067 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.779349089 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.779367924 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.779380083 CEST	49912	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.779395103 CEST	443	49912	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.782370090 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.782418013 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.782495975 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.782630920 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.782645941 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.796624899 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.796706915 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.796781063 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.797007084 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.797043085 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.797076941 CEST	49913	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.797084093 CEST	443	49913	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.800331116 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.800384998 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.800498962 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.800687075 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.800702095 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.816812038 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.816849947 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.816896915 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.816968918 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.816968918 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.817230940 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.817230940 CEST	49914	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.817264080 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.817289114 CEST	443	49914	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.820360899 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.820403099 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:08.820499897 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.820681095 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:08.820691109 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.400238991 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.401063919 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.401093006 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.401580095 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.401591063 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.438693047 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.440613985 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.440649986 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.441086054 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.441093922 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.720411062 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.720463991 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.720583916 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.720755100 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.720773935 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.720787048 CEST	49915	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.720792055 CEST	443	49915	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.722291946 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.722790956 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.722816944 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.723223925 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.723233938 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.723526955 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.723643064 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.723795891 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.723824024 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.724174023 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.724180937 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.724879980 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.724910975 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.724967957 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.725227118 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.725248098 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.725595951 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.725605011 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.725625038 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.725636959 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.824909925 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.824978113 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.825061083 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.825283051 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.825306892 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.825323105 CEST	49917	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.825330019 CEST	443	49917	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.828536034 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.828578949 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.828645945 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.828819036 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.828830957 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.839745998 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.839781046 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.839827061 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.839937925 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.839971066 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.840312958 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.840329885 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.840344906 CEST	49916	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.840349913 CEST	443	49916	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.843605042 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.843631983 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.843729973 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.844273090 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.844284058 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.852369070 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.853216887 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.853322029 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.853344917 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.853353977 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.853365898 CEST	49919	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.853370905 CEST	443	49919	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.856431007 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.856477022 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:09.856559038 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.856698990 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:09.856709957 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.123033047 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.123121023 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.123169899 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.133277893 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.133301020 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.133311033 CEST	49918	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.133317947 CEST	443	49918	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.139122009 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.139149904 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.139199972 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.139832020 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.139839888 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.377567053 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.406083107 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.406099081 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.406614065 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.406620026 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.488370895 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.488830090 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.488862038 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.489288092 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.489294052 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.506385088 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.506856918 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.506884098 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.507419109 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.507431030 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.526345968 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.526384115 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.526447058 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.526503086 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.526503086 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.526814938 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.526834011 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.526966095 CEST	49920	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.526973009 CEST	443	49920	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.529716015 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.529763937 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.529861927 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.530023098 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.530035019 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.542287111 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.542779922 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.542794943 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.543262005 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.543267965 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.606364012 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.606563091 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.606648922 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.606736898 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.606756926 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.606771946 CEST	49921	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.606779099 CEST	443	49921	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.609718084 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.609761000 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.609863997 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.610203981 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.610215902 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.615655899 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.615875959 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.615923882 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.615938902 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.615969896 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.616022110 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.616041899 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.616054058 CEST	49922	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.616060972 CEST	443	49922	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.618449926 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.618498087 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.618562937 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.618690968 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.618704081 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.665566921 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.665668964 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.665728092 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.665931940 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.665931940 CEST	49923	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.665954113 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.665966988 CEST	443	49923	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.669163942 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.669209003 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.669311047 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.669503927 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.669522047 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.817787886 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.818444967 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.818461895 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.818912029 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.818917036 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.926934004 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.927241087 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.927320004 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.927376986 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.927397966 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.927412987 CEST	49924	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.927418947 CEST	443	49924	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.930124998 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.930156946 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:10.930218935 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.930355072 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:10.930362940 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.201057911 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.201508045 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.201535940 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.201978922 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.201983929 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.213295937 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.213737965 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.213758945 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.214194059 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.214199066 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.256941080 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.257504940 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.257536888 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.257982016 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.257989883 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.293970108 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.294491053 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.294518948 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.295006037 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.295021057 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.313455105 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.313839912 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.313894033 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.313934088 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.313987970 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.314091921 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.314111948 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.314126968 CEST	49926	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.314132929 CEST	443	49926	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.318295956 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.318347931 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.318447113 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.318640947 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.318651915 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.324474096 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.324876070 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.324944973 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.325014114 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.325028896 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.325057983 CEST	49925	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.325063944 CEST	443	49925	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.329806089 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.329834938 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.330010891 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.330238104 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.330250025 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.369590044 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.369632959 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.369678974 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.369714022 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.369767904 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.369931936 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.369941950 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.369954109 CEST	49928	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.369959116 CEST	443	49928	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.373471975 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.373498917 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.373559952 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.373740911 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.373752117 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.418718100 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.418791056 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.418858051 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.419074059 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.419096947 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.419112921 CEST	49927	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.419118881 CEST	443	49927	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.422053099 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.422091961 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.422163010 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.422305107 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.422317982 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.632117033 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.632591009 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.632611036 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.633073092 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.633079052 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.746831894 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.746918917 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.746978045 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.747189999 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.747210979 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.747225046 CEST	49929	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.747231960 CEST	443	49929	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.750471115 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.750518084 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:11.750577927 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.750834942 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:11.750844955 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.076481104 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.078589916 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.079135895 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.079157114 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.079170942 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.079195976 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.079672098 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.079674959 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.079679012 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.079684973 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.189356089 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.189590931 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.189755917 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.190769911 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.190789938 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.190799952 CEST	49930	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.190805912 CEST	443	49930	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.193932056 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.193969965 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.194086075 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.194236040 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.194243908 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.263436079 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.264292955 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.264316082 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.265396118 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.265405893 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.271404028 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.271902084 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.271918058 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.272361040 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.272366047 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.277546883 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.277883053 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.277940035 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.277992964 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.278013945 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.278026104 CEST	49931	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.278032064 CEST	443	49931	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.280989885 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.281039953 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.281228065 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.281317949 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.281327963 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.374830008 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.374970913 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.375029087 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.375473022 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.375498056 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.375509977 CEST	49933	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.375518084 CEST	443	49933	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.378846884 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.378887892 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.379039049 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.379188061 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.379199028 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.384413004 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.384995937 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.385055065 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.385332108 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.385348082 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.385361910 CEST	49932	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.385369062 CEST	443	49932	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.388082981 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.388103962 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.388206959 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.388360977 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.388370037 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.418364048 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.418893099 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.418920994 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.419491053 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.419496059 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.531219006 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.531322956 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.531402111 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.531625032 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.531625032 CEST	49934	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.531646013 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.531658888 CEST	443	49934	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.536457062 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.536511898 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.536603928 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.536777973 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.536794901 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.880605936 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.881273031 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.881290913 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.881779909 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.881787062 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.945394039 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.945837021 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.945866108 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.946280003 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.946285009 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.994111061 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.994837046 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.998763084 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.998804092 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.998817921 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:12.998826027 CEST	49935	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:12.998831034 CEST	443	49935	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.001702070 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.001745939 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.001882076 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.002029896 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.002041101 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.054001093 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.056276083 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.056302071 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.056341887 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.056410074 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.056452990 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.062412977 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.062446117 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.062895060 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.062908888 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.064002037 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.064022064 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.064048052 CEST	49936	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.064054966 CEST	443	49936	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.066816092 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.066852093 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.066965103 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.067101002 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.067117929 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.090311050 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.091223001 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.091249943 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.091666937 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.091671944 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.167248011 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.167320013 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.167412996 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.167629004 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.167653084 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.167659044 CEST	49938	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.167665005 CEST	443	49938	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.170520067 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.170619965 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.170763969 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.171025991 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.171067953 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.207643032 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.208303928 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.208343029 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.208771944 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.208781958 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.222451925 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.222567081 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.222740889 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.222798109 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.222819090 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.222831011 CEST	49937	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.222836971 CEST	443	49937	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.226025105 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.226063967 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.226177931 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.226408958 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.226423025 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.315352917 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.315923929 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.316055059 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.316317081 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.316340923 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.316359043 CEST	49939	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.316365004 CEST	443	49939	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.319140911 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.319179058 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.319252968 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.319402933 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.319418907 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.665302992 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.666138887 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.666155100 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.666549921 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.666562080 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.737562895 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.739415884 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.739433050 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.743191957 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.743220091 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775305986 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775331974 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775547981 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.775568008 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775604010 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775847912 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.775847912 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.775885105 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.775898933 CEST	49941	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.775907040 CEST	443	49941	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.779588938 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.779633045 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.780366898 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.780549049 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.780565023 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.839113951 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.839770079 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.839793921 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.840251923 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.840259075 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.850398064 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.850577116 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.850625038 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.850689888 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.850771904 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.851008892 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.851035118 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.851408005 CEST	49942	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.851418972 CEST	443	49942	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.854716063 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.854762077 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.854875088 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.855432987 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.855443001 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.908005953 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.909630060 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.909651995 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.909833908 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.909838915 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.969280005 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.970086098 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.970139980 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.970338106 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.970588923 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.970606089 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.970612049 CEST	49943	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.970618963 CEST	443	49943	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.974447012 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.974509001 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:13.974695921 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.974838972 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:13.974853992 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.029865980 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.030926943 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.030950069 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.031512976 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.031518936 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.041115999 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.041187048 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.041927099 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.041927099 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.041927099 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.044390917 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.044434071 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.044507027 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.044640064 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.044653893 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.151488066 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.151563883 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.151652098 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.151705980 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.151838064 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.151855946 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.151870012 CEST	49945	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.151878119 CEST	443	49945	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.154625893 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.154664993 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.154797077 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.155124903 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.155138016 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.344171047 CEST	49944	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.344196081 CEST	443	49944	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.444183111 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.447125912 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.447144985 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.448410988 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.448417902 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.452267885 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.452846050 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.452873945 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.453217983 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.453224897 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.560734034 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.560761929 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.560863972 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.560995102 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.560995102 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.561290979 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.561290979 CEST	49947	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.561315060 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.561368942 CEST	443	49947	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.564923048 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.564984083 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.565608978 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.565609932 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.565651894 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.567878008 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.567945957 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.568000078 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.568216085 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.568234921 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.568247080 CEST	49946	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.568253040 CEST	443	49946	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.570957899 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.571016073 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.571132898 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.571305990 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.571326017 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.645091057 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.647022009 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.647022009 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.647056103 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.647070885 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.715517998 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.716073036 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.716099977 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.716555119 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.716561079 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.760175943 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.760272980 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.760325909 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.762692928 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.762692928 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.831845999 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.831895113 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.831939936 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.831953049 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.832010031 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.833703041 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.833715916 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.833714008 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.833714008 CEST	49948	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.833728075 CEST	49949	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.833733082 CEST	443	49949	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.833767891 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.833786011 CEST	443	49948	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.841221094 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.841962099 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.841979980 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.842058897 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.854130983 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.854146004 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.854249001 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.861844063 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.861854076 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.866031885 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.866036892 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.869916916 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.869929075 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.874023914 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.874032021 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.973061085 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.973153114 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.973208904 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.973856926 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.973881006 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:14.973893881 CEST	49950	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:14.973900080 CEST	443	49950	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.007428885 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.007472992 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.007560968 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.007925987 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.007939100 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.151495934 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.154711962 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.154711962 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.154750109 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.154762030 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.195888996 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.195921898 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.196027040 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.196516991 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.196528912 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.201957941 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.202481985 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.202493906 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.203226089 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.203244925 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.274058104 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.274128914 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.274219990 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.274470091 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.274470091 CEST	49951	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.274497986 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.274507999 CEST	443	49951	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.277345896 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.277393103 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.277487040 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.277646065 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.277658939 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.338589907 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.338658094 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.342521906 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342571020 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.342698097 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342698097 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342698097 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342713118 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342842102 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.342854023 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.550412893 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.551280022 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.551322937 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.551631927 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.551639080 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.568087101 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.568629980 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.568639994 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.569092035 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.569097042 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.640381098 CEST	49952	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.640415907 CEST	443	49952	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.661542892 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.662014008 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.662061930 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.662072897 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.662097931 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.662134886 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.662317991 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.662323952 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.662337065 CEST	49953	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.662341118 CEST	443	49953	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.665467024 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.665513992 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.665601015 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.665735006 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.665749073 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.693296909 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.693562984 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.693620920 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.693694115 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.693711042 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.693728924 CEST	49954	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.693733931 CEST	443	49954	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.696993113 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.697017908 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.697088957 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.697251081 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.697264910 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.727833033 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.729281902 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.729283094 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.729330063 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.729346991 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.855817080 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.856240988 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.856273890 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.856683969 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.856987953 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.857063055 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.857150078 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.857281923 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:15.857287884 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:15.879983902 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.880013943 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.880064964 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.880131960 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.880131960 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.880521059 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.880521059 CEST	49955	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.880558968 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.880579948 CEST	443	49955	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.883553982 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.883595943 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.883883953 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.883987904 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.883996010 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.978858948 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.979532957 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.979556084 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:15.980011940 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:15.980016947 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.089143991 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.089235067 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.089401007 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.089802027 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.089823008 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.089840889 CEST	49957	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.089848042 CEST	443	49957	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.092890024 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.092943907 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.093187094 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.093286037 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.093295097 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.158720016 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:16.160693884 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:16.160782099 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:16.161043882 CEST	49956	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:16.161067963 CEST	443	49956	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:16.181421041 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:16.181482077 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:16.181529999 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:16.397578001 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.398545980 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.398566961 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.399075031 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.399081945 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.403316021 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.404112101 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.404135942 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.404490948 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.404496908 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.520389080 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.520452023 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.520575047 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.520884991 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.520884991 CEST	49960	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.520909071 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.520924091 CEST	443	49960	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.524353981 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.524394989 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.524513960 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.524765015 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.524780989 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.531708956 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.531868935 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.531959057 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.532228947 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.532249928 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.532291889 CEST	49959	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.532299995 CEST	443	49959	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.535347939 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.535396099 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.535489082 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.535722017 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.535738945 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.577164888 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.577868938 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.577896118 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.578335047 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.578341961 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.688297033 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.688579082 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.688664913 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.688937902 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.688937902 CEST	49961	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.688961029 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.688970089 CEST	443	49961	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.692219973 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.692267895 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.692373991 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.692589998 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.692600965 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.775871038 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.776746988 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.776762962 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.777142048 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.777146101 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.946023941 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.946491003 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.946652889 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.946738005 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.946738005 CEST	49962	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.946763039 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.946774006 CEST	443	49962	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.949912071 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.949955940 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:16.950062990 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.950280905 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:16.950290918 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.266530991 CEST	49899	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:19:17.266566038 CEST	443	49899	172.217.16.132	192.168.2.4
Oct 4, 2024 15:19:17.279397964 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.279426098 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.279459000 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.279524088 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.286335945 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.318506956 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.318537951 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.321136951 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.321161032 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.321640968 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.321647882 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.321898937 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.321924925 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.322294950 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.322302103 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.386672974 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.407490969 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.407536030 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.422559023 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.422796011 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.422856092 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.422877073 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.422910929 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.429594994 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.429722071 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.429802895 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.443490982 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.443516970 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.491633892 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.491633892 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.491666079 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.491676092 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.491702080 CEST	49964	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.491703033 CEST	49963	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.491709948 CEST	443	49964	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.491715908 CEST	443	49963	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.495054960 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.495088100 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.495158911 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.495619059 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.495631933 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.497056961 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.497098923 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.501040936 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.501040936 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.501072884 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.692899942 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.692972898 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.693044901 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.693304062 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.693324089 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.693335056 CEST	49965	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.693341017 CEST	443	49965	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.694941998 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.695400000 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.695424080 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.695872068 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.695880890 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.696736097 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.696793079 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.699628115 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.699628115 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.699681997 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.837675095 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.837707043 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.837754011 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.837831020 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.837868929 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.838074923 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.838094950 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.838109016 CEST	49958	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.838115931 CEST	443	49958	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.841204882 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.841228008 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.841300964 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.841478109 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.841489077 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.883016109 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.883620977 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.883657932 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.884123087 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:17.884129047 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:17.975864887 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.976299047 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.976325989 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.976702929 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.977025986 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.977190018 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.977199078 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:17.977205992 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:17.977303028 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:18.003485918 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.003626108 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.003673077 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.003707886 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.003757954 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.004000902 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.004026890 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.004038095 CEST	49966	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.004045010 CEST	443	49966	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.006937027 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.006983042 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.007055044 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.007196903 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.007210016 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.032140970 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:18.278166056 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.278858900 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.278875113 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.279323101 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.279328108 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.301083088 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:18.301239967 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:18.301316023 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:18.301963091 CEST	49967	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:18.301980972 CEST	443	49967	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:18.410749912 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.412703991 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.412703991 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.412729025 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.412740946 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.415249109 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.420869112 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.421000957 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.421118975 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.421129942 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.421165943 CEST	49968	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.421169996 CEST	443	49968	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.424542904 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.424592018 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.424671888 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.424890995 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.424901962 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.537168026 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.537796974 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.537816048 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.538260937 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.538265944 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.541568995 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.542082071 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.542100906 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.542522907 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.542529106 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.657181978 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.657212973 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.657265902 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.657325029 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.657368898 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.657933950 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.657953978 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.657977104 CEST	49971	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.657982111 CEST	443	49971	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.661187887 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.661238909 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.661448002 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.661497116 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.661509037 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.664611101 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.665123940 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.665136099 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.665597916 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.665610075 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.668467999 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.668746948 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.668800116 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.668845892 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.668914080 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.668941021 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.668941021 CEST	49969	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.668962955 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.668975115 CEST	443	49969	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.671633959 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.671643019 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.671731949 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.672024012 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.672035933 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.743980885 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.744271040 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.744343042 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.744384050 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.744406939 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.744420052 CEST	49970	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.744426012 CEST	443	49970	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.747526884 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.747569084 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.747638941 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.747777939 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.747787952 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.787852049 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.787904978 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.787970066 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.788167953 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.788182974 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.788209915 CEST	49972	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.788216114 CEST	443	49972	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.790787935 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.790827036 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:18.790901899 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.791153908 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:18.791165113 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.091528893 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.092142105 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.092176914 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.092638969 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.092645884 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.222908020 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.222935915 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.222992897 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.223006964 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.223082066 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.223268032 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.223288059 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.223299026 CEST	49973	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.223304987 CEST	443	49973	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.226200104 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.226239920 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.226303101 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.226484060 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.226496935 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.408504963 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.409028053 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.409061909 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.409475088 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.409485102 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.414313078 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.414937973 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.414964914 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.415390968 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.415395975 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.418222904 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.418668032 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.418714046 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.419039965 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.419044971 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.510893106 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.511439085 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.511462927 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.511904001 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.511909008 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.573426008 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.573493004 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.573580027 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.576276064 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.576298952 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.576349974 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.576369047 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.576392889 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.579863071 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.580471992 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.580516100 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.580529928 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.580579996 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.610193014 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.610232115 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.610261917 CEST	49976	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.610270023 CEST	443	49976	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.611512899 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.611538887 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.611551046 CEST	49974	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.611557007 CEST	443	49974	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.621974945 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.622009039 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.622037888 CEST	49975	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.622045040 CEST	443	49975	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.622562885 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.622600079 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.622653008 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.622653008 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.622697115 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.624197960 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.624216080 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.624228001 CEST	49977	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.624233961 CEST	443	49977	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.655020952 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.655071020 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.655136108 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.655697107 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.655728102 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.655771971 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.705676079 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.705724001 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.705794096 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.705926895 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.705965996 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.706053019 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.706073999 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.706718922 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.706727982 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.706777096 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.706902027 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.706912041 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.717046976 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:19.717056990 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.908852100 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:19.953910112 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.012141943 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.012176037 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.012628078 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.012636900 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.118441105 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.119503021 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.119581938 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.119648933 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.119648933 CEST	49978	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.119666100 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.119678974 CEST	443	49978	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.122673035 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.122699022 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.122766018 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.122909069 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.122917891 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.389597893 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.390252113 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.390280962 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.390733957 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.390739918 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.393202066 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.393558025 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.393593073 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.393929005 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.393934965 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.396342039 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.396675110 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.396691084 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.397042036 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.397047997 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.440140963 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.440687895 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.440735102 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.441167116 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.441179037 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.514070034 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.515126944 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.515235901 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.515289068 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.515316963 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.515336037 CEST	49979	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.515343904 CEST	443	49979	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.519090891 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.519150972 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.519287109 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.519552946 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.519572973 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.522222996 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.526782990 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.526918888 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.527045012 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.527065039 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.527077913 CEST	49982	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.527082920 CEST	443	49982	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.530231953 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.530260086 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.530340910 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.530524015 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.530533075 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.532731056 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.532773972 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.532824993 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.532923937 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.532924891 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.533219099 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.533252001 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.533262014 CEST	49980	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.533267975 CEST	443	49980	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.536628962 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.536657095 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.536770105 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.537067890 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.537084103 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.561594963 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.561625004 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.561675072 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.561808109 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.561873913 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.562252998 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.562297106 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.562341928 CEST	49981	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.562361002 CEST	443	49981	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.565768957 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.565840006 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.565973997 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.566240072 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.566262007 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.869218111 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.870296001 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.870311022 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.870688915 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.870693922 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.982057095 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.982095957 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.982144117 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.982379913 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.982666969 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.982666969 CEST	49983	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.982690096 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.982702971 CEST	443	49983	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.986192942 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.986239910 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:20.986337900 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.986592054 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:20.986604929 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.317097902 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.317584038 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.317600012 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.318069935 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.318074942 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.318345070 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.318841934 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.318852901 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.318948030 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.318952084 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.319858074 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.320275068 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.320298910 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.320625067 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.320631981 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.333570004 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.334036112 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.334044933 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.334472895 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.334477901 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.427045107 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.427361012 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.427449942 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.427494049 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.427517891 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.427531004 CEST	49984	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.427536964 CEST	443	49984	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430510998 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430552959 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430614948 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430650949 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430708885 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430753946 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430861950 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430871010 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430886030 CEST	49987	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430890083 CEST	443	49987	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.430901051 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.430913925 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.432003975 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.432116985 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.432174921 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.432198048 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.432209969 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.432219028 CEST	49985	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.432224035 CEST	443	49985	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.433717966 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.433746099 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.433836937 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.433962107 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.433974981 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.434007883 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.434056044 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.434156895 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.434546947 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.434559107 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.452313900 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.452461958 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.452523947 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.452577114 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.452610016 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.452961922 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.452961922 CEST	49986	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.452985048 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.452996016 CEST	443	49986	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.456262112 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.456306934 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.456429958 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.456633091 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.456648111 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.685982943 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.686494112 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.686506033 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.686954021 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.686958075 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.798001051 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.798074007 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.798181057 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.798826933 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.798847914 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.798857927 CEST	49988	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.798863888 CEST	443	49988	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.801512003 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.801558971 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:21.801659107 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.801803112 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:21.801811934 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.117481947 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.118181944 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.118208885 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.118630886 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.118642092 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.141804934 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.142874956 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.142895937 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.143331051 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.143337011 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.365255117 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.365286112 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.365331888 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.365422010 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.365449905 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.367113113 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.369780064 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.406682968 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.425667048 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.455075979 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.455116034 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.455147028 CEST	49989	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.455152988 CEST	443	49989	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.462805033 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.463114023 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.463207006 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.464107990 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.464124918 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.464135885 CEST	49990	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.464142084 CEST	443	49990	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.465295076 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.465322018 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.465760946 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.465766907 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.465974092 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.465990067 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.466320992 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.466325998 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.468231916 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.468280077 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.468337059 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.469029903 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.469074011 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.469135046 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.469183922 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.469194889 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.469536066 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.469549894 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.561690092 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.562266111 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.562297106 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.562732935 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.562741041 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.569773912 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.569849014 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.569895983 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.570107937 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.570127964 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.570137978 CEST	49992	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.570143938 CEST	443	49992	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571348906 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571378946 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571436882 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.571455956 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571490049 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571530104 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.571693897 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.571712971 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.571722984 CEST	49991	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.571728945 CEST	443	49991	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.574057102 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.574104071 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.574181080 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.574297905 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.574309111 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.575372934 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.575423002 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.575486898 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.575624943 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.575638056 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.673598051 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.673659086 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.673805952 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.674084902 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.674104929 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.674114943 CEST	49993	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.674122095 CEST	443	49993	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.677225113 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.677264929 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:22.677395105 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.677583933 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:22.677593946 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.130290985 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.130755901 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.130784988 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.131207943 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.131218910 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.135806084 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.136209011 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.136238098 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.136750937 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.136756897 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425278902 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425282955 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425324917 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425359011 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425378084 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425398111 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425446033 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425658941 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425658941 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425658941 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425682068 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425693989 CEST	49994	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425698996 CEST	49995	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.425705910 CEST	443	49995	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.425707102 CEST	443	49994	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.428709030 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.428750992 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.428772926 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.428801060 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.428818941 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.428853989 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.428989887 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.428997993 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.429019928 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.429029942 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.431142092 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.431577921 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.431608915 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.431786060 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.432033062 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.432046890 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.432069063 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.432073116 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.432533026 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.432538033 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.433051109 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.433360100 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.433381081 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.433762074 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.433769941 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.539972067 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.540436029 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.540501118 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.540535927 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.540556908 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.540566921 CEST	49998	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.540574074 CEST	443	49998	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.543539047 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.543576956 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.543673992 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.543859959 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.543869972 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545109034 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545124054 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545156956 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545200109 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.545201063 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545241117 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.545352936 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.545356989 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.545367956 CEST	49997	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.545371056 CEST	443	49997	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.546464920 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.546538115 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.546571970 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.546588898 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.546602011 CEST	49996	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.546607971 CEST	443	49996	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.547914028 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.547938108 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.547991037 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.548202991 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.548212051 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.548717976 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.548758030 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:23.548813105 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.548914909 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:23.548928022 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.148017883 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.148504972 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.148528099 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.148947954 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.148952961 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.149986029 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.150228977 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.150240898 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.150556087 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.150559902 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.261178970 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.261616945 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.261636972 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.262059927 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.262063980 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.263312101 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.263669968 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.263686895 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.264014959 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.264019966 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.306854010 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.307506084 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.307533979 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.307966948 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.307972908 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.308835030 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.308907032 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.308950901 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.309032917 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.309051991 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.309063911 CEST	50000	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.309070110 CEST	443	50000	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.311588049 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.311630964 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.311700106 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.311825037 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.311836958 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330383062 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330434084 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330476999 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.330491066 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330518961 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330554962 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.330648899 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.330662012 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.330673933 CEST	49999	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.330677986 CEST	443	49999	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.333448887 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.333472967 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.333530903 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.333719015 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.333729029 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.386960983 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.387046099 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.387078047 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.387129068 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.387204885 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.387301922 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.387711048 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.387727022 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.387752056 CEST	50003	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.387758017 CEST	443	50003	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.388375044 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.388427973 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.388482094 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.388499022 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.388509035 CEST	50001	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.388514042 CEST	443	50001	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.390520096 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390536070 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.390588045 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390754938 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390762091 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.390760899 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390795946 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.390851974 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390935898 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.390947104 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.426887035 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.427336931 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.427397966 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.427433014 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.427450895 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.427463055 CEST	50002	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.427469015 CEST	443	50002	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.430598974 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.430629015 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:24.430689096 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.430828094 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:24.430836916 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.062468052 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.062972069 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.062994957 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.063597918 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.063604116 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.065223932 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.066160917 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.066189051 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.066662073 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.066668034 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.168090105 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.168709993 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.168777943 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.169177055 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.169192076 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.172359943 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.172954082 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.172976971 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.173923016 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.173928976 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.179963112 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.180416107 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.180479050 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.180798054 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.180810928 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.185715914 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.185869932 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.185883045 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.185960054 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186016083 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186031103 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.186041117 CEST	50004	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186045885 CEST	443	50004	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.186211109 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.186254025 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186260939 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.186294079 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186337948 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186358929 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.186368942 CEST	50005	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.186373949 CEST	443	50005	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.191190958 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.191232920 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.191314936 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.191442013 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.191452980 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.191494942 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.192225933 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.192243099 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.192321062 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.192337036 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.292234898 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.292727947 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.292855024 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.292918921 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.292918921 CEST	50006	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.292956114 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.292979002 CEST	443	50006	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.295684099 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.295728922 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.295821905 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.295945883 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.295965910 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.298290968 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.298593998 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.298638105 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.298640966 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.298695087 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.299362898 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.299376011 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.299398899 CEST	50007	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.299403906 CEST	443	50007	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.301673889 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.301714897 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.301793098 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.301913977 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.301924944 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.317329884 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.317411900 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.317471981 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.317629099 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.317652941 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.317667961 CEST	50008	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.317673922 CEST	443	50008	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.320159912 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.320193052 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.320275068 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.320380926 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.320393085 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.873374939 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.873929977 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.873960972 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.874387980 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.874396086 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.889945984 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.890475988 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.890501022 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.890945911 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.890953064 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.976372957 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.976985931 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.977013111 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.977475882 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.977483988 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.983584881 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.984613895 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.984678984 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.984716892 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.984716892 CEST	50010	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.984735012 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.984747887 CEST	443	50010	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.987560987 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.987597942 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.987668037 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.987802029 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.987813950 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.993761063 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.994115114 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.994134903 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:25.994546890 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:25.994551897 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.001821041 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.001883984 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.001934052 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.002065897 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.002085924 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.002100945 CEST	50009	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.002108097 CEST	443	50009	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.004506111 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.004534006 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.004610062 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.004740953 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.004750013 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.026102066 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.026689053 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.026736021 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.026992083 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.026999950 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.088469982 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.088499069 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.088548899 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.088604927 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.088637114 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.088884115 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.088907003 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.088920116 CEST	50011	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.088927031 CEST	443	50011	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.091557026 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.091598988 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.091869116 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.091869116 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.091928959 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.158863068 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.158932924 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.159048080 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.159235954 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.159257889 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.159290075 CEST	50012	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.159296989 CEST	443	50012	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.162007093 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.162050009 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.162126064 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.162281036 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.162292957 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.173408031 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.173974037 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.174021959 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.175179005 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.175196886 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.175213099 CEST	50013	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.175219059 CEST	443	50013	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.178524971 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.178561926 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.178632021 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.178782940 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.178793907 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.665865898 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.666474104 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.666491032 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.666941881 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.666946888 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.681634903 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.682159901 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.682180882 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.682604074 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.682610989 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.780112982 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.780632973 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.780646086 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.781100035 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.781104088 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.823329926 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.823415041 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.823513985 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.823777914 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.823800087 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.823811054 CEST	50015	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.823817015 CEST	443	50015	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.824242115 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.826673985 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.826772928 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.826812029 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.826833010 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.826844931 CEST	50014	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.826850891 CEST	443	50014	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.826961994 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.826998949 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.827065945 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.827210903 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.827223063 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.829324961 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.829363108 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.829437017 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.829615116 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.829624891 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.881428957 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.881967068 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.881980896 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.882455111 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.882458925 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.897912979 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.897974014 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.898020983 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.898231030 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.898245096 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.898253918 CEST	50016	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.898260117 CEST	443	50016	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.900974989 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.901016951 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.901088953 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.901227951 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.901238918 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.996686935 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.996790886 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.996881962 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.997155905 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.997174025 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:26.997185946 CEST	50017	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:26.997191906 CEST	443	50017	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.000276089 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.000314951 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.000420094 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.000595093 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.000607967 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.100084066 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.102041006 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.102070093 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.102540970 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.102545977 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.289493084 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.289585114 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.289655924 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.299263000 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.299288034 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.299316883 CEST	50018	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.299323082 CEST	443	50018	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.343878984 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.343928099 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.344024897 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.344151020 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.344162941 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.654025078 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.654962063 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.655006886 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.655031919 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.655303955 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.655325890 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.655504942 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.655510902 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.655853987 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.655862093 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.773895025 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.774166107 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.774266005 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.774360895 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.774383068 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.774399042 CEST	50020	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.774405003 CEST	443	50020	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.777409077 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.777451992 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.777542114 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.777718067 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.777729988 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.778325081 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.778350115 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.778393984 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.778418064 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.778763056 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.778763056 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.778763056 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.783139944 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.783183098 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.783243895 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.783406973 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.783422947 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.852415085 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.853280067 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.853311062 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.853338003 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.853832960 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.853838921 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.854095936 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.854104042 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.855406046 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.855412006 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.986644983 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.986711979 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.987051010 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.987152100 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.987207890 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.987231016 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.987246037 CEST	50022	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.987251997 CEST	443	50022	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.988112926 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.988166094 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.988169909 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.988218069 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.988317966 CEST	50021	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.988329887 CEST	443	50021	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.990268946 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990317106 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.990396976 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990520954 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990533113 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.990569115 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990607023 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:27.990672112 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990761995 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:27.990777016 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.080234051 CEST	50019	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.080262899 CEST	443	50019	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.256926060 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.257798910 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.257822990 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.258363008 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.258373976 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.372987032 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.373719931 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.373779058 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.373806953 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.373883009 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.373934031 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.373934031 CEST	50023	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.373980999 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.374012947 CEST	443	50023	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.377074957 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.377130985 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.377203941 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.377360106 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.377373934 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.457232952 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.457871914 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.457912922 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.458353043 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.458362103 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.462393999 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.462866068 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.462949991 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.463253021 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.463268042 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.568799019 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.569363117 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.569433928 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.569479942 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.569480896 CEST	50025	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.569504976 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.569515944 CEST	443	50025	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.572755098 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.572793961 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.573183060 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.573183060 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.573210955 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.573434114 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.573504925 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.573545933 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.573626041 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.573643923 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.573657036 CEST	50024	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.573662996 CEST	443	50024	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.575712919 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.575736046 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.575925112 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.575925112 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.575938940 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.663804054 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.663852930 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.664449930 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.664449930 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.664475918 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.664478064 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.664928913 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.664943933 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.665044069 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.665055990 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.772579908 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.772645950 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.772695065 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.772924900 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.772944927 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.772955894 CEST	50026	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.772962093 CEST	443	50026	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.776034117 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.776074886 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.776144981 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.776289940 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.776302099 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778305054 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778363943 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778417110 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.778440952 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778467894 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778521061 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.778584003 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.778595924 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.778609991 CEST	50027	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.778614998 CEST	443	50027	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.781184912 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.781219006 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:28.781285048 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.781419992 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:28.781431913 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.154123068 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.154809952 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.154844046 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.155512094 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.155520916 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.263113976 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.263185024 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.263227940 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.263518095 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.263534069 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.263550997 CEST	50028	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.263556957 CEST	443	50028	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.267097950 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.267144918 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.267210007 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.267446995 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.267461061 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.343056917 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.343662024 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.343682051 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.344609022 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.344615936 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.352806091 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.353507042 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.353519917 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.354064941 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.354072094 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.450489044 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.451225042 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.451255083 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.451822996 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.451828957 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.454050064 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.454121113 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.454205036 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.454431057 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.454431057 CEST	50029	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.454452038 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.454462051 CEST	443	50029	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.457606077 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.457648993 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.457743883 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.457906008 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.457918882 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.477467060 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.477499008 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.477579117 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.477716923 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.477804899 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.478202105 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.478219032 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.478230000 CEST	50030	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.478243113 CEST	443	50030	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.481472969 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.481518984 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.481698036 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.481808901 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.481826067 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.491759062 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.492295980 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.492326021 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.492966890 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.492985010 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.572712898 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.572789907 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.572921038 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.575464010 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.575489998 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.575504065 CEST	50031	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.575510025 CEST	443	50031	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.579200983 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.579233885 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.579329014 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.603522062 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.603544950 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.630791903 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.630853891 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.630964994 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.630994081 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.631032944 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.631213903 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.631340981 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.631356001 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.631367922 CEST	50032	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.631372929 CEST	443	50032	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.634731054 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.634778023 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.634872913 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.635087013 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:29.635102987 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:29.993031025 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.048429966 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.100162029 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.100189924 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.100709915 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.100719929 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.133739948 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.134196997 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.134222984 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.134637117 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.134644032 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.136667013 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.137054920 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.137082100 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.137545109 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.137550116 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.207786083 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.207926989 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.207988024 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.208018064 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.208070993 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.208120108 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.210303068 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.210330963 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.210345030 CEST	50033	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.210351944 CEST	443	50033	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.213342905 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.213385105 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.213450909 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.213577986 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.213592052 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.270845890 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.270875931 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.270915031 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.270941973 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.271019936 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.271055937 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.274038076 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.274066925 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.274084091 CEST	50035	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.274090052 CEST	443	50035	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.279536963 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.279563904 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.279608011 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.279620886 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.279635906 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.279673100 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.280067921 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.280082941 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.280122042 CEST	50034	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.280128002 CEST	443	50034	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.281944990 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.281984091 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.282052994 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.286729097 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.286746979 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.286844015 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.286886930 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.286943913 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.287070990 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.287084103 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.291704893 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.292134047 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.292164087 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.292593956 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.292599916 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.321429014 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.322056055 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.322094917 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.322527885 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.322535992 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.398175001 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.398247957 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.398312092 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.398490906 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.398509979 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.398530960 CEST	50036	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.398536921 CEST	443	50036	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.401535034 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.401578903 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.401668072 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.401823044 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.401833057 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.431248903 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.431327105 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.431380987 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.431560040 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.431580067 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.431603909 CEST	50037	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.431610107 CEST	443	50037	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.434329033 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.434367895 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.434442043 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.434613943 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.434626102 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.882451057 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.883169889 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.883203983 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.883635044 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.883640051 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.966586113 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.967324972 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.967345953 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.967781067 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.967789888 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.976331949 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.976973057 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.977015018 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.977349043 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.977360964 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.992384911 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.992959976 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.993083954 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.994781971 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.994781971 CEST	50038	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.994808912 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.994820118 CEST	443	50038	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.995959997 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.996052027 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:30.996198893 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.996325970 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:30.996354103 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.068617105 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.069250107 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.069278002 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.069780111 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.069787025 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.098624945 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.098653078 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.098710060 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.098726034 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.098757029 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.099314928 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.099343061 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.099349976 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.099359989 CEST	50040	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.099364042 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.099381924 CEST	443	50040	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.105146885 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.105180025 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.105252981 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.105392933 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.105406046 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.120536089 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.120995998 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.121016979 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.121520996 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.121526003 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.126625061 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.126698017 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.126758099 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.126914024 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.126934052 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.126949072 CEST	50039	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.126955032 CEST	443	50039	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.130531073 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.130573034 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.130662918 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.130805969 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.130820990 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.179976940 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.180016994 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.180140018 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.180160046 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.180383921 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.180389881 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.180408001 CEST	50041	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.180428982 CEST	443	50041	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.183235884 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.183284998 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.183392048 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.183545113 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.183562040 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.243052959 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.243078947 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.243133068 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.243133068 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.243158102 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.243184090 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.243206024 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.322525024 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.322594881 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.322619915 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.322638035 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.322689056 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.322864056 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.322881937 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.322894096 CEST	50042	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.322900057 CEST	443	50042	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.326828003 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.326877117 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.326962948 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.327132940 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.327142954 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.713002920 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.713624001 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.713649035 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.714112043 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.714116096 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.748003960 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.748703003 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.748738050 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.749136925 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.749150991 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.822514057 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.822535992 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.822592974 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.822643995 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.822693110 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.822957039 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.822973967 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.822984934 CEST	50044	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.822990894 CEST	443	50044	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.826129913 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.826172113 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.826282024 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.826474905 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.826493979 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.853571892 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.854275942 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.854310989 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.854756117 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.854768038 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.865088940 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.865118980 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.865158081 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.865237951 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.865262985 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.865304947 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.946302891 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.946377039 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.946399927 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.946420908 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.946463108 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.946609974 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.946623087 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.946630955 CEST	50045	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.946638107 CEST	443	50045	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.946643114 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.947067022 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.947108030 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.947603941 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.947611094 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.949872017 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.949909925 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.949995041 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.950131893 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.950139999 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.971718073 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.971752882 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.971811056 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.971813917 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.971848011 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.971995115 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.972009897 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.972023010 CEST	50046	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.972028971 CEST	443	50046	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.985847950 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.985907078 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:31.985975981 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.986382961 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:31.986393929 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.051203012 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.051727057 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.051764965 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.052191019 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.052196980 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.059947014 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.059968948 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.060017109 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.060029984 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.060070992 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.060333967 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.060354948 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.060362101 CEST	50047	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.060367107 CEST	443	50047	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.063750029 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.063791990 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.063915014 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.064927101 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.064940929 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.161475897 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.161539078 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.161799908 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.161801100 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.161842108 CEST	50048	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.161864042 CEST	443	50048	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.164380074 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.164419889 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.164527893 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.164685011 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.164699078 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.478072882 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.479528904 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.479548931 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.485964060 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.485970974 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.591955900 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.592134953 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.592339993 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.592987061 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.593008995 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.593020916 CEST	50049	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.593027115 CEST	443	50049	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.596829891 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.596870899 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.597428083 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.597625971 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.597641945 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.603617907 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.607172012 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.607192993 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.607652903 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.607657909 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.637507915 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.638595104 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.638627052 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.639211893 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.639219046 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.712485075 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.712685108 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.712759972 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.712990999 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.713010073 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.713021040 CEST	50050	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.713027000 CEST	443	50050	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.715779066 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.715821981 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.715893030 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.716069937 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.716088057 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.735450983 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.736418009 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.736438036 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.737008095 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.737014055 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.745992899 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.746475935 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.746547937 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.746700048 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.746700048 CEST	50051	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.746721983 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.746732950 CEST	443	50051	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.749478102 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.749525070 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.749615908 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.749788046 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.749799967 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.829535961 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.830116987 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.830141068 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.830612898 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.830625057 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.851355076 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.851392984 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.851444960 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.851491928 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.851651907 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.851876020 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.851876974 CEST	50052	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.851906061 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.851914883 CEST	443	50052	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.945398092 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.945494890 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:32.945827007 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.945827007 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:32.945827007 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.251034975 CEST	50053	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.251066923 CEST	443	50053	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.259258986 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.259919882 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.259949923 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.260457039 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.260468960 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.391026974 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.392019987 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.392041922 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.392486095 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.392491102 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.393703938 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.393852949 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.393922091 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.393985033 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.394009113 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.394030094 CEST	50054	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.394040108 CEST	443	50054	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.437624931 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.438276052 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.438302040 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.438894987 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.438903093 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.514535904 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.514616013 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.514847994 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.515042067 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.515064955 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.515077114 CEST	50055	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.515084028 CEST	443	50055	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.598000050 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.598073959 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.598181963 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.598644018 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.598692894 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:33.598727942 CEST	50056	443	192.168.2.4	13.107.253.72
Oct 4, 2024 15:19:33.598747015 CEST	443	50056	13.107.253.72	192.168.2.4
Oct 4, 2024 15:19:47.503881931 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.503928900 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:47.504048109 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.504450083 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.504471064 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:47.534732103 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.534775019 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:47.534847021 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.535149097 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:47.535161972 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.201744080 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.202135086 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.202167988 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.202572107 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.202936888 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.203000069 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.203110933 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.203135014 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.203141928 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.207547903 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.207828999 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.207844973 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.208241940 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.208575010 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.208657980 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.208743095 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.208760977 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.208772898 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.540529966 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.540915966 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.540992022 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.541831970 CEST	50058	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.541853905 CEST	443	50058	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.544840097 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.544969082 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:19:48.545021057 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.545295954 CEST	50057	443	192.168.2.4	142.250.185.110
Oct 4, 2024 15:19:48.545311928 CEST	443	50057	142.250.185.110	192.168.2.4
Oct 4, 2024 15:20:05.674680948 CEST	50059	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:20:05.674742937 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:05.674834013 CEST	50059	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:20:05.675224066 CEST	50059	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:20:05.675244093 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:06.314095974 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:06.314492941 CEST	50059	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:20:06.314513922 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:06.314865112 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:06.315175056 CEST	50059	443	192.168.2.4	172.217.16.132
Oct 4, 2024 15:20:06.315253019 CEST	443	50059	172.217.16.132	192.168.2.4
Oct 4, 2024 15:20:06.360368013 CEST	50059	443	192.168.2.4	172.217.16.132

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 15:18:00.954301119 CEST	60872	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:00.956232071 CEST	51782	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:00.962151051 CEST	53	60872	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:00.965334892 CEST	53	51782	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:00.965383053 CEST	53	64165	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:00.979614973 CEST	53	54719	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:01.975614071 CEST	64412	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:01.975774050 CEST	49481	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:01.990142107 CEST	53	64412	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:01.990381956 CEST	53	49481	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:02.070187092 CEST	53	51851	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:05.547939062 CEST	60746	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:05.548094988 CEST	58134	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:05.554754019 CEST	53	60746	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:05.555032969 CEST	53	58134	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:08.188323975 CEST	53	62606	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:09.591092110 CEST	138	138	192.168.2.4	192.168.2.255
Oct 4, 2024 15:18:10.825871944 CEST	53945	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:10.826201916 CEST	64968	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:10.837294102 CEST	53	64968	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:10.837652922 CEST	53	53945	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:12.089205980 CEST	55145	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:12.089456081 CEST	51925	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:18:12.097146988 CEST	53	55145	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:12.099136114 CEST	53	51925	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:13.740410089 CEST	53	64428	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:19.150142908 CEST	53	60485	1.1.1.1	192.168.2.4
Oct 4, 2024 15:18:38.141819954 CEST	53	53872	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:01.056381941 CEST	53	50302	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:01.261473894 CEST	53	55569	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:12.925580025 CEST	53	59924	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:15.177397966 CEST	54931	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:19:15.177671909 CEST	63722	53	192.168.2.4	1.1.1.1
Oct 4, 2024 15:19:15.189532042 CEST	53	54931	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:15.195379019 CEST	53	63722	1.1.1.1	192.168.2.4
Oct 4, 2024 15:19:30.090723038 CEST	53	52624	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 4, 2024 15:18:00.954301119 CEST	192.168.2.4	1.1.1.1	0x5f0c	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:00.956232071 CEST	192.168.2.4	1.1.1.1	0xcced	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 4, 2024 15:18:01.975614071 CEST	192.168.2.4	1.1.1.1	0x741	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.975774050 CEST	192.168.2.4	1.1.1.1	0xce9	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 4, 2024 15:18:05.547939062 CEST	192.168.2.4	1.1.1.1	0xba04	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:05.548094988 CEST	192.168.2.4	1.1.1.1	0x7b04	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 4, 2024 15:18:10.825871944 CEST	192.168.2.4	1.1.1.1	0xc6eb	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:10.826201916 CEST	192.168.2.4	1.1.1.1	0xe88b	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 4, 2024 15:18:12.089205980 CEST	192.168.2.4	1.1.1.1	0x6478	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:12.089456081 CEST	192.168.2.4	1.1.1.1	0xbb05	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 4, 2024 15:19:15.177397966 CEST	192.168.2.4	1.1.1.1	0x35e4	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:19:15.177671909 CEST	192.168.2.4	1.1.1.1	0x5a69	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 4, 2024 15:18:00.962151051 CEST	1.1.1.1	192.168.2.4	0x5f0c	No error (0)	youtube.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:00.965334892 CEST	1.1.1.1	192.168.2.4	0xcced	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990142107 CEST	1.1.1.1	192.168.2.4	0x741	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990381956 CEST	1.1.1.1	192.168.2.4	0xce9	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:18:01.990381956 CEST	1.1.1.1	192.168.2.4	0xce9	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 4, 2024 15:18:05.554754019 CEST	1.1.1.1	192.168.2.4	0xba04	No error (0)	www.google.com		172.217.16.132	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:05.555032969 CEST	1.1.1.1	192.168.2.4	0x7b04	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 4, 2024 15:18:10.837294102 CEST	1.1.1.1	192.168.2.4	0xe88b	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:18:10.837652922 CEST	1.1.1.1	192.168.2.4	0xc6eb	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:18:10.837652922 CEST	1.1.1.1	192.168.2.4	0xc6eb	No error (0)	www3.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:18:12.097146988 CEST	1.1.1.1	192.168.2.4	0x6478	No error (0)	play.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:19:15.189532042 CEST	1.1.1.1	192.168.2.4	0x35e4	No error (0)	play.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-04 13:18:07 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=185226 Date: Fri, 04 Oct 2024 13:18:07 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-04 13:18:08 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=185300 Date: Fri, 04 Oct 2024 13:18:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-04 13:18:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49757	142.250.186.174	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:11 UTC	1224	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1541343132&timestamp=1728047889786 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:11 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-wtuuLlkO7Wce7qf_Nesgrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 04 Oct 2024 13:18:11 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw15BikPj6kkkLiJ3SZ7CGAHHSv_OsJUB8ufsS63UgVu25xGoOxEUSV1hbgFiIh2Pytf_b2QQaZkw_zKSkl5RfGJ-ZkppXkllSmZKfm5iZl5yfn52ZWlycWlSWWhRvZGBkYmBpZKlnYBFfYAAA2WQtWg" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 77 74 75 75 4c 6c 6b 4f 37 57 63 65 37 71 66 5f 4e 65 73 67 72 77 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="wtuuLlkO7Wce7qf_Nesgrw">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-04 13:18:11 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49761	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:12 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:13 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:12 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49763	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:12 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:13 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:13 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49769	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:13 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:13 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 34 37 38 39 31 30 35 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728047891054",null,null,null
2024-10-04 13:18:13 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=B6_o8cSvS2PXleDUvx8pC0yQQElp3c0MCWW_QMkY2XdLq7kPiqJn-VsyO0S16p7Zt1XcSXF9Ba-R1XQukztTz7NPkR-zHm10RqANPGTYCtooN8XAyTtVpvvzv3TbjywEH-wpNxV_YiDKpvobJPGAKSRLUUPbcmiNW5zC_GrAZHu-IQDZyw; expires=Sat, 05-Apr-2025 13:18:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:13 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 13:18:13 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:13 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49764	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:13 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sk955dmeMn4XMfx&MD=OBK8ZXp7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 13:18:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: bb39a313-1446-4025-963e-55f15688b8df MS-RequestId: 7400cd4b-d752-4d91-bfef-e5b7691c8687 MS-CV: kpUXbfOu8Uy1Wxo/.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 13:18:13 GMT Connection: close Content-Length: 24490
2024-10-04 13:18:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-04 13:18:14 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49741	172.217.16.132	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:13 UTC	1025	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:14 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 04 Oct 2024 11:56:30 GMT Expires: Sat, 12 Oct 2024 11:56:30 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 4904 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-04 13:18:14 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-04 13:18:14 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-04 13:18:14 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-04 13:18:14 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-04 13:18:14 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49780	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:20 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:18:20 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 34 37 38 39 31 31 33 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728047891134",null,null,null
2024-10-04 13:18:20 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=kHBxsZkbiLw2dASZVpv-Yq4teGlDGkim8sg-dAj0WzYgVqHtPAq0IZ_Cd5o19gAD7FCN2ofEtKEEclKVmYP87Vq64Msz5DR9dMkmD5MbWptQiUHmAz5j453zpN7C6aLqYI9YcSuD1iZJTFgT-L4MnRe0HGrNRRR52pL4al6ERM5jGvbs3w; expires=Sat, 05-Apr-2025 13:18:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:20 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 13:18:20 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:20 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49768	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:20 UTC	1306	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1218 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=B6_o8cSvS2PXleDUvx8pC0yQQElp3c0MCWW_QMkY2XdLq7kPiqJn-VsyO0S16p7Zt1XcSXF9Ba-R1XQukztTz7NPkR-zHm10RqANPGTYCtooN8XAyTtVpvvzv3TbjywEH-wpNxV_YiDKpvobJPGAKSRLUUPbcmiNW5zC_GrAZHu-IQDZyw
2024-10-04 13:18:20 UTC	1218	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 30 34 37 38 38 38 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728047888000",null,null,null,
2024-10-04 13:18:21 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=gFtSnYFnaJoRAiXhfh2_X6OHVszW_ZNXsizA-mSwcXnOdcbzz4zUdA6S5wJ9HsaPtTsw9YuEUAFnShe06LvARDNXLByFASmE5C_AxwYzRDecNQNJpSCpA_Selbk88TYUV-eFYlvcU0vbmUmisvVNJAwau9cGg0J2w2xCPUWLtd4pBky5i1Ofw0Pz-w; expires=Sat, 05-Apr-2025 13:18:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:21 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 04 Oct 2024 13:18:21 GMT Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:21 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49782	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:43 UTC	1297	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1068 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=gFtSnYFnaJoRAiXhfh2_X6OHVszW_ZNXsizA-mSwcXnOdcbzz4zUdA6S5wJ9HsaPtTsw9YuEUAFnShe06LvARDNXLByFASmE5C_AxwYzRDecNQNJpSCpA_Selbk88TYUV-eFYlvcU0vbmUmisvVNJAwau9cGg0J2w2xCPUWLtd4pBky5i1Ofw0Pz-w
2024-10-04 13:18:43 UTC	1068	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-04 13:18:43 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:43 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:43 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49783	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:45 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1273 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=gFtSnYFnaJoRAiXhfh2_X6OHVszW_ZNXsizA-mSwcXnOdcbzz4zUdA6S5wJ9HsaPtTsw9YuEUAFnShe06LvARDNXLByFASmE5C_AxwYzRDecNQNJpSCpA_Selbk88TYUV-eFYlvcU0vbmUmisvVNJAwau9cGg0J2w2xCPUWLtd4pBky5i1Ofw0Pz-w
2024-10-04 13:18:45 UTC	1273	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 34 37 39 32 33 35 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728047923501",null,null,null
2024-10-04 13:18:45 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:45 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:45 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49784	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:46 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:46 UTC	540	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:46 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT ETag: "0x8DCE1521DF74B57" x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131846Z-1767f7688dcjgr4ssr2c6t2x2s0000000mt000000000mvk5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:46 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-04 13:18:46 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49785	172.217.16.142	443	8060	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	1337	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1301 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=gFtSnYFnaJoRAiXhfh2_X6OHVszW_ZNXsizA-mSwcXnOdcbzz4zUdA6S5wJ9HsaPtTsw9YuEUAFnShe06LvARDNXLByFASmE5C_AxwYzRDecNQNJpSCpA_Selbk88TYUV-eFYlvcU0vbmUmisvVNJAwau9cGg0J2w2xCPUWLtd4pBky5i1Ofw0Pz-w
2024-10-04 13:18:47 UTC	1301	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 34 37 39 32 35 33 33 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728047925330",null,null,null
2024-10-04 13:18:47 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 04 Oct 2024 13:18:47 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-04 13:18:47 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-04 13:18:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49788	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:47 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:47 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: eb718e1d-001e-000b-2c22-1615a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131847Z-r154656d9bccl8jh8cxn9cxxcs0000000a4g00000000d45b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:47 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49789	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:47 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:47 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131847Z-1767f7688dcbnsdm0gwhnpm7xw0000000750000000004c1x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:47 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49786	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:47 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:47 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131847Z-1767f7688dc6trhkx0ckh4u3qn0000000n00000000001pcd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:47 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49787	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:47 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:47 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131847Z-r154656d9bc6m642udcg3mq41n000000063g00000000rwwg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:47 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49790	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:47 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:47 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:47 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131847Z-1767f7688dc4gvn6w3bs6a6k900000000mt00000000094qt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:47 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49791	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:48 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:48 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:48 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131848Z-r154656d9bcq72z5pzdegcf4nn000000032g00000000kaqs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:48 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49792	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:48 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:48 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:48 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131848Z-1767f7688dck2l7961u6s0hrtn0000000mrg00000000gx1t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:48 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49793	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:48 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:48 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:48 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131848Z-r154656d9bc4v6bg39gwnbf5vn00000002a000000000506y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:48 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49794	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:48 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:48 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:48 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131848Z-r154656d9bczbzfnyr5sz58vdw0000000a50000000007a4q x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:48 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49795	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:48 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:48 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:48 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131848Z-1767f7688dcp6rq9vksdbz5r100000000mn0000000005v3k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:48 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49796	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:49 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-r154656d9bcfd2bs2ymcm7xz980000000a3000000000gb6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:49 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49797	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:49 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-1767f7688dc97m2se6u6hv4664000000038g00000000scsu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:49 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49798	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:49 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-r154656d9bc7mtk716cm75thbs0000000mbg00000000q84h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:49 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49799	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:49 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-1767f7688dcpgsfr1x222ta0gg00000002c0000000000qc0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:49 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49800	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:49 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 53b222f3-a01e-0098-419e-158556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-r154656d9bcmxqxrqrw0qrf8hg000000069g00000000npuy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:49 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49801	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:50 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-1767f7688dctps2t8qk28fz8yg0000000mh000000000fq7c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:50 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49802	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:50 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: dae66c3e-d01e-0066-08a4-15ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-1767f7688dc6trhkx0ckh4u3qn0000000mz0000000005tc1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:50 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49804	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:50 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:49 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131849Z-1767f7688dc5std64kd3n8sca4000000042000000000e4g5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:50 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49803	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:49 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:50 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:50 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131850Z-r154656d9bcvjnbgheqhz2uek80000000mmg00000000nhnk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:50 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49805	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:50 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:50 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 79ade187-001e-0065-788c-150b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131850Z-r154656d9bcx62tnuqgh46euy400000003kg00000000kgnm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:50 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49806	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:50 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131850Z-1767f7688dc6trhkx0ckh4u3qn0000000mwg00000000f1zs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49808	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-1767f7688dcwt84hd6d7u4c7700000000mp000000000k9ph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49810	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-1767f7688dcp6rq9vksdbz5r100000000me000000000pa4g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49807	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:50 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: eee776c4-301e-001f-2622-16aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131850Z-r154656d9bc5qmxtyvgyzcay0c0000000a1g00000000k432 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49809	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:50 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:50 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: f71a7e49-201e-000c-5aa4-1579c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131850Z-1767f7688dcg8z9lsdchk59ycs000000024g000000004d5n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49814	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:51 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-1767f7688dcxjm7c0w73xyx8vs0000000mwg00000000363f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49811	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:51 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-r154656d9bcwbfnhhnwdxge6u000000001y000000000f9ss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49812	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:51 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-r154656d9bclprr71vn2nvcemn0000000mk000000000nqnq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49813	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:51 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:51 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:51 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: a910d2e0-401e-005b-72a6-159c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131851Z-1767f7688dcrlt4tm55zgvcmun0000000mk00000000072he x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:51 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49816	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:52 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sk955dmeMn4XMfx&MD=OBK8ZXp7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 13:18:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: b08be531-9c2a-461a-ad9c-e3af4a6aa87c MS-RequestId: 4028d50f-8f9f-42d5-8027-9f45b55565d8 MS-CV: 4Cv3FMOIXEKLSxCA.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 13:18:52 GMT Connection: close Content-Length: 30005
2024-10-04 13:18:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-04 13:18:52 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49818	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:52 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:52 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:52 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: cc1dda0d-101e-0079-139e-155913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131852Z-1767f7688dcxjm7c0w73xyx8vs0000000mug00000000br6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:52 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49820	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:52 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:52 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:52 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 4fef4e97-801e-007b-44c7-15e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131852Z-r154656d9bcjfw87mb0kw1h2480000000a2g00000000a2zq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:52 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49819	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:52 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:52 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:52 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: f2e4aee0-401e-0064-329e-1554af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131852Z-r154656d9bcq2kvl18ms22apk80000000btg00000000b9u8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:52 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49817	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:52 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:52 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:52 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131852Z-r154656d9bclprr71vn2nvcemn0000000mm000000000m2th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:52 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49823	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:53 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:53 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:53 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 4700277e-801e-008f-589e-152c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131853Z-r154656d9bclprr71vn2nvcemn0000000mrg000000004erf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:53 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49821	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:53 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:53 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:53 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 4ee1628f-b01e-0098-52a6-15cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131853Z-1767f7688dcrlt4tm55zgvcmun0000000mm0000000002z80 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:53 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49822	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:53 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:53 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:53 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131853Z-1767f7688dcg8z9lsdchk59ycs000000020g00000000hcfh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:53 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49824	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:53 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:53 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:53 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131853Z-r154656d9bczbzfnyr5sz58vdw0000000a4000000000bns9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:53 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49827	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:54 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:54 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:54 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: cbb781ac-501e-0047-14a6-15ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131854Z-1767f7688dcg8z9lsdchk59ycs00000001y000000000qev9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:54 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49825	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:54 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:54 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:54 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131854Z-r154656d9bc5qmxtyvgyzcay0c0000000a1000000000k40t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:54 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49828	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:54 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:54 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:54 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131854Z-1767f7688dc97m2se6u6hv466400000003bg00000000mqh7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:54 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49826	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:54 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:54 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:54 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: ed9c017d-601e-000d-3e22-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131854Z-r154656d9bcc4snr2sy7ntt13c000000074000000000081f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:54 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49815	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:54 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:54 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: cce90406-001e-005a-059e-15c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131854Z-1767f7688dc2kzqgyrtc6e2gp40000000mg000000000cqqa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49829	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:55 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:55 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131855Z-1767f7688dc88qkvtwr7dy4vdn0000000620000000000c05 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49831	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:55 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:55 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 4b3baa61-c01e-00ad-4e9e-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131855Z-r154656d9bc4v6bg39gwnbf5vn000000025g00000000kegw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49830	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:55 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:55 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131855Z-1767f7688dc5std64kd3n8sca400000003xg00000000rkdh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49832	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:55 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:55 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 1513c2df-001e-0017-1f9e-150c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131855Z-1767f7688dcxs7gvbd5dcgxeys0000000mdg000000007usf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49833	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:55 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:55 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:55 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: cc687b4d-101e-0079-45b6-155913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131855Z-r154656d9bcwbfnhhnwdxge6u000000001vg00000000nqek x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:55 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49835	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: c276760a-301e-0051-159c-1538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-r154656d9bcq72z5pzdegcf4nn000000030g00000000ny77 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49834	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-1767f7688dcr9sxxmettbmaaq40000000mqg00000000mz24 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49836	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-1767f7688dck2l7961u6s0hrtn0000000mqg00000000mprm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49837	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-r154656d9bc4v6bg39gwnbf5vn000000023g00000000q5p8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49838	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-1767f7688dctps2t8qk28fz8yg0000000mgg00000000gaek x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49839	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-1767f7688dcrppb7pkfhksct680000000md0000000006gwp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49842	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-1767f7688dc7tjsxtc1ffgx97w0000000mkg00000000mhge x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49841	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: cce0beff-001e-0082-398c-155880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-r154656d9bcc2bdtn1pd2qfd4c0000000mp0000000008t71 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49840	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:56 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:56 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:56 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131856Z-r154656d9bc5qmxtyvgyzcay0c0000000a2000000000gtgh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:56 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49843	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:57 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:57 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:57 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131857Z-r154656d9bcfd2bs2ymcm7xz980000000a1000000000pm8n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:57 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49847	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:57 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:57 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:57 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: b016881e-e01e-0051-2da6-1584b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131857Z-1767f7688dc9hz5543dfnckp1w0000000bs000000000nysd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:57 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49844	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:57 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:57 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 100292b0-a01e-0032-2127-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131857Z-r154656d9bcjpgqtzd4z33r5yn0000000a3000000000eayk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49845	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:57 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:57 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131857Z-1767f7688dcbnsdm0gwhnpm7xw000000074g000000006kf1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49846	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:57 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:57 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 7d6f734e-e01e-0071-31a4-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131857Z-r154656d9bc2dpb46dmu3uezks00000009zg00000000qam5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49848	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:58 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:58 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131858Z-1767f7688dctps2t8qk28fz8yg0000000md000000000s7mp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49849	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:58 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:58 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 6ff3ba62-001e-0082-1536-165880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131858Z-r154656d9bcwd5vj3zknz7qfhc00000002r000000000nfh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49850	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:58 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:58 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131858Z-1767f7688dc2kzqgyrtc6e2gp40000000mm00000000006t7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49851	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:58 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:58 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: e1dbe94c-b01e-0021-72a4-15cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131858Z-r154656d9bczmvnbrzm0xmzrs40000000a5g00000000ap12 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49852	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:58 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:58 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:58 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: b1d18621-e01e-0020-19b6-15de90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131858Z-1767f7688dc4gvn6w3bs6a6k900000000mpg00000000mg2c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:58 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49853	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:59 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:59 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131859Z-1767f7688dcwt84hd6d7u4c7700000000mn000000000mutx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:59 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49854	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:59 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:59 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:59 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: a2a32d5b-101e-0028-479c-158f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131859Z-r154656d9bc94jg685tuhe75qw0000000a5g000000004fxm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:18:59 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49855	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:59 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:59 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131859Z-1767f7688dcrlt4tm55zgvcmun0000000me000000000nay7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:59 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49857	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:59 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131859Z-r154656d9bcpkd87yvea8r1dfg00000009p000000000chue x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49856	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:18:59 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:18:59 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:18:59 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131859Z-1767f7688dc7tjsxtc1ffgx97w0000000mm000000000k4pq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:18:59 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49858	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:00 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:00 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131900Z-r154656d9bcq72z5pzdegcf4nn000000031000000000mupa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:00 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49859	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:00 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:00 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: d59d44fd-601e-003e-698c-153248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131900Z-1767f7688dc5std64kd3n8sca4000000041g00000000ez8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:00 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49860	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:00 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:00 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:00 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131900Z-r154656d9bc4v6bg39gwnbf5vn000000027000000000g07a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:00 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49861	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:00 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:00 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: aa7acf5b-101e-0034-7ca4-1596ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131900Z-1767f7688dcrppb7pkfhksct680000000mb000000000dh6s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:00 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49862	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:00 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:00 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:00 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131900Z-r154656d9bc5gm9nqxzv5c87e8000000013000000000h42t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:00 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49863	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:01 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:01 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:01 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 3f7faba8-401e-0016-01a4-1553e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131901Z-1767f7688dcrlt4tm55zgvcmun0000000mk00000000073b3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:01 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49865	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:01 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:01 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:01 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131901Z-r154656d9bcq72z5pzdegcf4nn000000034000000000esn0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:01 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49866	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:01 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:01 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:01 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131901Z-1767f7688dcr9sxxmettbmaaq40000000mv0000000005vrw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:01 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49867	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:01 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:01 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:01 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131901Z-1767f7688dcdplk6tmg02e519n0000000mr000000000pcmk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:01 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49864	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:01 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:01 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:01 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 8a28721d-501e-008f-3e9c-159054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131901Z-r154656d9bcwbfnhhnwdxge6u00000000210000000004g0v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:01 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49869	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 7b1dd74b-e01e-0085-7ca6-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-r154656d9bczmvnbrzm0xmzrs40000000a4000000000fpvu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49873	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dc97m2se6u6hv466400000003a000000000q7ve x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49872	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: eb40c01e-101e-000b-509e-155e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-r154656d9bcgk58qzsfr5pfzg40000000mt0000000000v51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49871	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 7afec079-601e-000d-468c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dcpgsfr1x222ta0gg000000027g00000000kp29 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49870	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 5498e0eb-b01e-0084-19a4-15d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dczvnhxbpcveghk5g000000070g00000000nuww x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49876	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dcjtlndds9yaebhvs00000004y000000000cs1x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49875	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-r154656d9bcv7txsqsufsswrks0000000a2000000000dhb1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49877	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-r154656d9bcc2bdtn1pd2qfd4c0000000mp0000000008tws x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49874	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dc5std64kd3n8sca400000003zg00000000mfy9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49878	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:02 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:02 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:02 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131902Z-1767f7688dcdplk6tmg02e519n0000000mrg00000000nrta x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:02 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49882	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:03 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:03 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 7b16f29d-e01e-0085-0da4-15c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131903Z-r154656d9bcc2bdtn1pd2qfd4c0000000mg000000000puk7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49879	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:03 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:03 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131903Z-r154656d9bcc2bdtn1pd2qfd4c0000000mm000000000emun x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49880	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:03 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:03 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131903Z-1767f7688dc88qkvtwr7dy4vdn00000005wg00000000mfcy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49881	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:03 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:03 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131903Z-1767f7688dcbnsdm0gwhnpm7xw0000000750000000004dp4 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49883	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:03 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:03 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:03 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: dae695f2-d01e-0066-14a4-15ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131903Z-r154656d9bc6m642udcg3mq41n000000066g00000000k052 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:03 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49885	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:04 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:04 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:04 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131904Z-r154656d9bcq72z5pzdegcf4nn000000030000000000xta7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:04 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49884	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:04 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:04 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:04 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131904Z-r154656d9bc2dpb46dmu3uezks0000000a1g00000000kmrn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:04 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49886	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:04 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:04 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:04 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 2fb43ddb-b01e-0070-339e-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131904Z-1767f7688dccc6lkbm0py95vf00000000mqg00000000rbn8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:04 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49887	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:04 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:04 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:04 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131904Z-r154656d9bczbzfnyr5sz58vdw0000000a4000000000bpd7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:04 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49888	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:04 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:04 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:04 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131904Z-1767f7688dcp6rq9vksdbz5r100000000mn0000000005x7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:04 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49890	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:05 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:05 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:05 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131905Z-1767f7688dcdss7lwsep0egpxs0000000mh000000000bs4m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:05 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49893	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:05 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:05 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:05 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 36849ebb-001e-000b-539c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131905Z-r154656d9bclprr71vn2nvcemn0000000mm000000000m3rb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:05 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49891	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:05 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:05 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:05 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 6e08d1a6-401e-0067-5736-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131905Z-r154656d9bc5gm9nqxzv5c87e8000000012g00000000k1vn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:05 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49889	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:05 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:05 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:05 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131905Z-1767f7688dcxfh5bcu3z8cgqmn0000000mz0000000003bma x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:05 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49892	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:05 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:05 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:05 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131905Z-1767f7688dc97m2se6u6hv466400000003eg000000008xsw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:05 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49894	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:06 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:06 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:06 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: f8396f12-d01e-002b-7b9c-1525fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131906Z-1767f7688dc5plpppuk35q59aw0000000mkg00000000b8ua x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:06 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49896	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:06 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:06 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:06 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131906Z-1767f7688dc97m2se6u6hv466400000003eg000000008xva x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:06 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49895	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:06 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:06 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:06 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 15872d8d-001e-0017-36c7-150c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131906Z-1767f7688dcrlt4tm55zgvcmun0000000mh000000000b96d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:06 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49898	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:06 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:06 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:06 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131906Z-r154656d9bc6m642udcg3mq41n000000066000000000m4wx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:06 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49897	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:06 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:06 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:06 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 3bdd86cb-801e-0048-3722-16f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131906Z-r154656d9bcq72z5pzdegcf4nn000000033g00000000g0s7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:06 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49900	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: b7a8ce39-d01e-0014-539c-15ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-r154656d9bcx62tnuqgh46euy400000003pg00000000buu7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49904	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-1767f7688dctps2t8qk28fz8yg0000000mk000000000cc3x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49902	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-r154656d9bc4v6bg39gwnbf5vn000000029g000000006s7f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49901	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: c27d0d21-301e-0051-279e-1538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-r154656d9bczmvnbrzm0xmzrs40000000a2000000000ng7v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49903	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-1767f7688dcp6rq9vksdbz5r100000000mng000000002xyk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49906	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: b8be4ea8-f01e-003f-27b6-15d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-1767f7688dc5std64kd3n8sca400000003xg00000000rmew x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49908	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-r154656d9bcmwdvs7m27y2y3200000000me000000000n27f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49907	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:07 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 9b3e322a-d01e-005a-239e-157fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-1767f7688dcdvjcfkw13t1btbs0000000ms000000000grry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:07 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49909	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: f2606c2f-301e-000c-2d9e-15323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-r154656d9bczmvnbrzm0xmzrs40000000a70000000004ufa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49905	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:07 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:07 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: c2a9b967-801e-0067-089e-15fe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131907Z-1767f7688dc5smv9fdkth3nru00000000mgg00000000q8rs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49911	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:08 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:08 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131908Z-r154656d9bcrxcdc4sxf91b6u4000000048g00000000p2hw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49910	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:08 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:08 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131908Z-1767f7688dcpgsfr1x222ta0gg000000025000000000tter x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49912	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:08 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:08 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131908Z-1767f7688dc4zx8hzkgqpgqkb400000005b000000000gp4q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49913	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:08 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:08 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131908Z-1767f7688dcxjm7c0w73xyx8vs0000000mpg00000000s3z6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49914	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:08 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:08 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:08 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131908Z-r154656d9bcjfw87mb0kw1h24800000009yg00000000psga x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:08 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49915	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:09 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:09 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:09 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 06e88621-201e-0051-35a6-157340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131909Z-r154656d9bcclz9cswng83z0t00000000680000000008x0n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:09 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49917	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:09 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:09 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:09 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131909Z-r154656d9bc5qmxtyvgyzcay0c0000000a60000000002dxr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:09 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49916	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:09 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:09 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:09 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131909Z-1767f7688dc7bfz42qn9t7yq500000000mk000000000nskd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:09 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49918	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:09 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:10 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:10 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131909Z-1767f7688dc5smv9fdkth3nru00000000mhg00000000nq2q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:10 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49919	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:09 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:09 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:09 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 9907ad7d-f01e-0096-6293-1510ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131909Z-1767f7688dcxs7gvbd5dcgxeys0000000meg000000003gyd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:09 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49920	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:10 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:10 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:10 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131910Z-1767f7688dcpgsfr1x222ta0gg000000026g00000000nbyb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:10 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49921	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:10 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:10 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:10 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131910Z-r154656d9bcclz9cswng83z0t0000000067g00000000bfpx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:10 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49922	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:10 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:10 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:10 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: c27691d9-301e-0051-769c-1538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131910Z-r154656d9bczbzfnyr5sz58vdw0000000a1g00000000k4cn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-04 13:19:10 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49923	13.107.253.72	443

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:19:10 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:19:10 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:19:10 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 0dcb9a48-e01e-0003-1c8c-150fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131910Z-1767f7688dck2l7961u6s0hrtn0000000mt000000000drde x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:19:10 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Target ID:	0
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xca0000
File size:	919'040 bytes
MD5 hash:	D9F8C3112FA16B9C170A349C0AA6285F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	09:17:56
Start date:	04/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	09:17:57
Start date:	04/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:17:57
Start date:	04/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	09:17:57
Start date:	04/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x4d0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	09:17:57
Start date:	04/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	09:17:58
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	09:17:59
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	09:18:11
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	09:18:11
Start date:	04/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1992,i,14836501360661866991,3102711465060655827,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	1628
Total number of Limit Nodes:	65

Executed Functions

Function 00CA42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00CA430D

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

GetCurrentProcess.KERNEL32(?,00D3CB64,00000000,?,?), ref: 00CA4422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00CA4429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00CA4454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00CA4466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00CA4474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00CA447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00CA44A0

Strings

|O, xrefs: 00CE36F8
GetNativeSystemInfo, xrefs: 00CA4460
kernel32.dll, xrefs: 00CA444F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 567128170a557ce9e7456b261e16ec9ad56ea7ac1bd90cb97b237dc007736731
Instruction ID: 7daf463096d3fe05b5a96b5a660e5c2827013d1bbd0124c06e19a44fdc6e7310
Opcode Fuzzy Hash: 567128170a557ce9e7456b261e16ec9ad56ea7ac1bd90cb97b237dc007736731
Instruction Fuzzy Hash: 64A1F37A91A3C0CFC715CB7E7C451A57FA47B67304B085A9AE08DD7BA2F2604688DB31

Function 00CA42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00CA50AA,?,?,00000000,00000000), ref: 00CA42B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00CA50AA,?,?,00000000,00000000), ref: 00CA42C9
LoadResource.KERNEL32(?,00000000,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20), ref: 00CE35BE
SizeofResource.KERNEL32(?,00000000,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20), ref: 00CE35D3
LockResource.KERNEL32(00CA50AA,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20,?), ref: 00CE35E6

Strings

SCRIPT, xrefs: 00CA42BF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 3d9c1951c1989699f48eab2a8ee3bd5c8681c24d2c16f7afdf057dc5ed975762
Instruction ID: 16cdc337e22fae8ca31e96f1b14659934c6ecc9cfb362e20642e4bc8e7e1a4a8
Opcode Fuzzy Hash: 3d9c1951c1989699f48eab2a8ee3bd5c8681c24d2c16f7afdf057dc5ed975762
Instruction Fuzzy Hash: 80118E75240701BFD7258B65DC48F277BB9EBC6B55F104269F412EA250DBB1DD008730

Function 00CE2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00CA2B6B

Part of subcall function 00CA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00D71418,?,00CA2E7F,?,?,?,00000000), ref: 00CA3A78

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00D62224), ref: 00CE2C10
ShellExecuteW.SHELL32(00000000,?,?,00D62224), ref: 00CE2C17

Strings

runas, xrefs: 00CE2C0B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 49e838549ee89ca8503f9b17c6ede3b460e99dd924959a8493221d51fdfc92ac
Instruction ID: 14a410c24147b5da4991358393bb32eef250b34925ec1ba647e6ca82c9dd0c20
Opcode Fuzzy Hash: 49e838549ee89ca8503f9b17c6ede3b460e99dd924959a8493221d51fdfc92ac
Instruction Fuzzy Hash: 7F11B4312083835BC714FF68E8669BE77A49B9335CF44552DF057521A2DF208A4AA732

Function 00D2A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00D2A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00D2A6BA

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Process32NextW.KERNEL32(00000000,?), ref: 00D2A79C
CloseHandle.KERNELBASE(00000000), ref: 00D2A7AB

Part of subcall function 00CBCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00CE3303,?), ref: 00CBCE8A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 07d19e929e1060e875066c3e5eef9c5f28577c7782402fa79a20599cce44cabd
Instruction ID: bc074a1bb16904c66819e642838657b8e9713a7bc1a093069bf2008b80c2ef08
Opcode Fuzzy Hash: 07d19e929e1060e875066c3e5eef9c5f28577c7782402fa79a20599cce44cabd
Instruction Fuzzy Hash: 41516F715083119FD710EF24D886A6BBBE8FF89758F04891DF585D72A1EB30D904DBA2

Function 00D0DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00CE5222), ref: 00D0DBCE
GetFileAttributesW.KERNELBASE(?), ref: 00D0DBDD
FindFirstFileW.KERNEL32(?,?), ref: 00D0DBEE
FindClose.KERNEL32(00000000), ref: 00D0DBFA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 72101fbcc153c051422b1d5290610a1d9178e43264c8eedae0f70726e1a0288f
Instruction ID: 99e105c7f183cf2045e32cf12e286e5c5438b736e4e211dd8a9b3975ad87a8a6
Opcode Fuzzy Hash: 72101fbcc153c051422b1d5290610a1d9178e43264c8eedae0f70726e1a0288f
Instruction Fuzzy Hash: EEF0A73142062057D2206BB89C0D56F3B7D9E05334B144703F879D11E0EBB0595486BD

Function 00CC4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000,?,00CD28E9), ref: 00CC4D09
TerminateProcess.KERNEL32(00000000,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000,?,00CD28E9), ref: 00CC4D10
ExitProcess.KERNEL32 ref: 00CC4D22

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 6864ccffeaa6ed9c9adb2a9afa475a1a159908ea8b3686c85cc156b5c86a239b
Instruction ID: 9b75b0f127e5c9ac33c5fd6944e8002fa164041f2ddb4902c8182de7b42955f2
Opcode Fuzzy Hash: 6864ccffeaa6ed9c9adb2a9afa475a1a159908ea8b3686c85cc156b5c86a239b
Instruction Fuzzy Hash: 60E0B631010248ABCF15BF64DD1AF983B69FB41791B148418FD16DA222CB35DE52DB90

Function 00D2AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00D2B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B1D4
_wcslen.LIBCMT ref: 00D2B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B236
_wcslen.LIBCMT ref: 00D2B332

Part of subcall function 00D105A7: GetStdHandle.KERNEL32(000000F6), ref: 00D105C6

_wcslen.LIBCMT ref: 00D2B34B
_wcslen.LIBCMT ref: 00D2B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D2B3B6
GetLastError.KERNEL32(00000000), ref: 00D2B407
CloseHandle.KERNEL32(?), ref: 00D2B439
CloseHandle.KERNEL32(00000000), ref: 00D2B44A
CloseHandle.KERNEL32(00000000), ref: 00D2B45C
CloseHandle.KERNEL32(00000000), ref: 00D2B46E
CloseHandle.KERNEL32(?), ref: 00D2B4E3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 00e14e3310133c154c46e95fa0556424466e282c9c4ee4b0f22be48752e9f1eb
Instruction ID: 46dc00a78bccf2dfd4424939369b9c840b04c59a9468470192deb6de4e13d63e
Opcode Fuzzy Hash: 00e14e3310133c154c46e95fa0556424466e282c9c4ee4b0f22be48752e9f1eb
Instruction Fuzzy Hash: E4F1BD315043119FC714EF24D891B6EBBE5BF85328F18855EF8959B2A2CB71EC41CB62

Function 00CAD731 Relevance: 21.6, APIs: 14, Instructions: 624windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00CAD807
timeGetTime.WINMM ref: 00CADA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CADB28
TranslateMessage.USER32(?), ref: 00CADB7B
DispatchMessageW.USER32(?), ref: 00CADB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CADB9F
Sleep.KERNELBASE(0000000A), ref: 00CADBB1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 3eb709e66aaf7faee37ba107666a02a291252a2e78b16b5b39cbaafc9d645c3c
Instruction ID: f0e7da320600481fb9aeb052921aca58a0bbcdba6e2d8dfd62aac1f8a5fadfce
Opcode Fuzzy Hash: 3eb709e66aaf7faee37ba107666a02a291252a2e78b16b5b39cbaafc9d645c3c
Instruction Fuzzy Hash: A242D130608346DFD768CF25C884BBAB7E0BF46318F144619E967876A1D770E984DBA3

Function 00CA2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00CA2D07
RegisterClassExW.USER32(00000030), ref: 00CA2D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CA2D42
InitCommonControlsEx.COMCTL32(?), ref: 00CA2D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CA2D6F
LoadIconW.USER32(000000A9), ref: 00CA2D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CA2D94

Strings

+, xrefs: 00CA2CF0
TaskbarCreated, xrefs: 00CA2D37
0, xrefs: 00CA2CE9
AutoIt v3 GUI, xrefs: 00CA2D23

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 13ff7899c5ff3461d3ec67ffec0fc217f0ad6f1c379808fad1ed9d318440c1d0
Instruction ID: 1611533b31fd5b976eaf2a4497ea232bef6b2c5f60b6251900ac8bdfd1ecc788
Opcode Fuzzy Hash: 13ff7899c5ff3461d3ec67ffec0fc217f0ad6f1c379808fad1ed9d318440c1d0
Instruction Fuzzy Hash: 8E21E7B9911309AFDB00DFA8E849BDDBBB4FB08700F10521AEA15F6390E7B145448FA0

Function 00CE065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CE039A: CreateFileW.KERNELBASE(00000000,00000000,?,00CE0704,?,?,00000000,?,00CE0704,00000000,0000000C), ref: 00CE03B7

GetLastError.KERNEL32 ref: 00CE076F
__dosmaperr.LIBCMT ref: 00CE0776
GetFileType.KERNELBASE(00000000), ref: 00CE0782
GetLastError.KERNEL32 ref: 00CE078C
__dosmaperr.LIBCMT ref: 00CE0795
CloseHandle.KERNEL32(00000000), ref: 00CE07B5
CloseHandle.KERNEL32(?), ref: 00CE08FF
GetLastError.KERNEL32 ref: 00CE0931
__dosmaperr.LIBCMT ref: 00CE0938

Strings

H, xrefs: 00CE08BD

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 287cec263b0eb354977916f226bb563c9eccfe30e7a29fbab20e4ac96cfd789a
Instruction ID: 915c3f220dff9d35e70168e6f3c222c6fe255576b369fd69b104543b1706c0f8
Opcode Fuzzy Hash: 287cec263b0eb354977916f226bb563c9eccfe30e7a29fbab20e4ac96cfd789a
Instruction Fuzzy Hash: 19A13732A002848FDF19AF68D851BAE7BA1AB06320F24015DF815EB3D1D7719D93DBA1

Function 00CA344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00D71418,?,00CA2E7F,?,?,?,00000000), ref: 00CA3A78

Part of subcall function 00CA3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00CA3379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00CA356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00CE318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00CE31CE
RegCloseKey.ADVAPI32(?), ref: 00CE3210
_wcslen.LIBCMT ref: 00CE3277
_wcslen.LIBCMT ref: 00CE3286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00CA3560
\Include\, xrefs: 00CA3527
\, xrefs: 00CE328C
Include, xrefs: 00CE3184, 00CE31C5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 5fec34620559a665f1c3639554704cd8ba0a54bd8fbc9840fc84ec8a564df960
Instruction ID: 9b198f330af10d291e6cac08757f8afcc3cd607650009b6d93e7e209fef4696b
Opcode Fuzzy Hash: 5fec34620559a665f1c3639554704cd8ba0a54bd8fbc9840fc84ec8a564df960
Instruction Fuzzy Hash: 8571A1714043819EC304EF65DC869ABBBE8FF85354F40482EF589D72A1EB749A88DB71

Function 00CA2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00CA2B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00CA2B9D
LoadIconW.USER32(00000063), ref: 00CA2BB3
LoadIconW.USER32(000000A4), ref: 00CA2BC5
LoadIconW.USER32(000000A2), ref: 00CA2BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00CA2BEF
RegisterClassExW.USER32(?), ref: 00CA2C40

Part of subcall function 00CA2CD4: GetSysColorBrush.USER32(0000000F), ref: 00CA2D07
Part of subcall function 00CA2CD4: RegisterClassExW.USER32(00000030), ref: 00CA2D31
Part of subcall function 00CA2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CA2D42
Part of subcall function 00CA2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00CA2D5F
Part of subcall function 00CA2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CA2D6F
Part of subcall function 00CA2CD4: LoadIconW.USER32(000000A9), ref: 00CA2D85
Part of subcall function 00CA2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CA2D94

Strings

AutoIt v3, xrefs: 00CA2C2F
0, xrefs: 00CA2C0F
#, xrefs: 00CA2C16

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 62b08dd94e092f6bcbf6b99c9bc68b36ab19facfd9cdecf4b6d6fd368d8f3102
Instruction ID: fd8648db7f8c348b520a83cec27cc8d4b4705b30a5c3794adb7e19eca370a7c7
Opcode Fuzzy Hash: 62b08dd94e092f6bcbf6b99c9bc68b36ab19facfd9cdecf4b6d6fd368d8f3102
Instruction Fuzzy Hash: 77212CB9E10314ABDB109FA9EC56B9D7FB4FB48B50F10411AF508E67A0E7B15584CFA0

Function 00CA3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00CA316A,?,?), ref: 00CA31D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00CA316A,?,?), ref: 00CA3204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00CA3227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00CA316A,?,?), ref: 00CA3232
CreatePopupMenu.USER32 ref: 00CA3246
PostQuitMessage.USER32(00000000), ref: 00CA3267

Strings

TaskbarCreated, xrefs: 00CA322D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: ab7c0d78f265c021238184fd6161ad2e569433d24e34a0f3d91513252216dcc8
Instruction ID: e687aa99a59146e4452019a33a07ee454b27fc6dd5b33ebd11b6ba0829319a59
Opcode Fuzzy Hash: ab7c0d78f265c021238184fd6161ad2e569433d24e34a0f3d91513252216dcc8
Instruction Fuzzy Hash: DC412739250386ABDB151B7C9C2EB7D3A19E747348F040315FA2AD63E2E7618B40D7B1

Function 00CA1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00CA1459
CoUninitialize.COMBASE ref: 00CA14F8
UnregisterHotKey.USER32(?), ref: 00CA16DD
DestroyWindow.USER32(?), ref: 00CE24B9
FreeLibrary.KERNEL32(?), ref: 00CE251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00CE254B

Strings

close all, xrefs: 00CA1454

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 1e272252c3d08bfab5dc4e2672f006f46bbebea2a7d479b6d13175d8670024f4
Instruction ID: 9dc60aca8246a7c830ded049da99e5b2c8517db9bccabc5791043959cca6ceae
Opcode Fuzzy Hash: 1e272252c3d08bfab5dc4e2672f006f46bbebea2a7d479b6d13175d8670024f4
Instruction Fuzzy Hash: 34D15F31702252CFCB19EF16C995B69F7A4BF06704F1942ADE84AAB251DB30ED12DF60

Function 00CA2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00CA2C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00CA2CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00CA1CAD,?), ref: 00CA2CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00CA1CAD,?), ref: 00CA2CCF

Strings

AutoIt v3, xrefs: 00CA2C89, 00CA2C8E, 00CA2C8F
edit, xrefs: 00CA2CAC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: dcb022980bea03d569288eb51f73eda80ef56eb36c50282fcb72ac2d29eda040
Instruction ID: 934f8234dbc14a1fd1feb8f02a986a2c6eefb233be447ee9fa665208bdae47de
Opcode Fuzzy Hash: dcb022980bea03d569288eb51f73eda80ef56eb36c50282fcb72ac2d29eda040
Instruction Fuzzy Hash: 3CF0DA795503A07AEB31176BAC09F773EBDD7C6F50F01515AF908E27A0E6611890DEB0

Function 00CA3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B83

Strings

Control Panel\Mouse, xrefs: 00CA3B3E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 0aa221730c27bd8f5516bc6ddce5f0d8f3a55824b4476226ea3ad2638ddfd241
Instruction ID: 4a83c00bd1c8bf4384e12433d51a38e91afa87ee58cddcb96c8222704af525c1
Opcode Fuzzy Hash: 0aa221730c27bd8f5516bc6ddce5f0d8f3a55824b4476226ea3ad2638ddfd241
Instruction Fuzzy Hash: 19112AB5521249FFDB208FA5EC99AAEB7B9EF05748B104459B805E7210D3319F409770

Function 00CA3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00CE33A2

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00CA3A04

Strings

Line: , xrefs: 00CE33EB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: 256aea2ffe7e512705de79d69950e580eda5b7df7f5290fe5f46f2971e04804a
Instruction ID: 6b343658e39a09eb598346af34bacafc2d8f326851dd289bc0fe10e913fb22eb
Opcode Fuzzy Hash: 256aea2ffe7e512705de79d69950e580eda5b7df7f5290fe5f46f2971e04804a
Instruction Fuzzy Hash: 5931F671408341AFC721EB64DC56FEBB7E8AB41318F00461EF499931A1EB709B49D7D2

Function 00CBFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00CC0668

Part of subcall function 00CC32A4: RaiseException.KERNEL32(?,?,?,00CC068A,?,00D71444,?,?,?,?,?,?,00CC068A,00CA1129,00D68738,00CA1129), ref: 00CC3304

__CxxThrowException@8.LIBVCRUNTIME ref: 00CC0685

Strings

Unknown exception, xrefs: 00CC0692

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 0fdb1bb6129c9da020d37375f4a286b4b1eda81a80ae787485337fbe19a3951f
Instruction ID: b5dc62cbdae627264de5b3ce80366b5032d589ac00861a7c3a469a1bf82c604c
Opcode Fuzzy Hash: 0fdb1bb6129c9da020d37375f4a286b4b1eda81a80ae787485337fbe19a3951f
Instruction Fuzzy Hash: D8F04F3490020DB78F04BAB5EC4AE9E7B6C5E40350F70853DF92496692EF71DB6AA690

Function 00CA10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CA1BF4
Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00CA1BFC
Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CA1C07
Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CA1C12
Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00CA1C1A
Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00CA1C22

Part of subcall function 00CA1B4A: RegisterWindowMessageW.USER32(00000004,?,00CA12C4), ref: 00CA1BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00CA136A
OleInitialize.OLE32 ref: 00CA1388
CloseHandle.KERNEL32(00000000,00000000), ref: 00CE24AB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 19fef8929afa70b41d08ba3abbc5d91b24e356e7251c943d8db5092ce024f856
Instruction ID: 54032aad866597610aa886c5944869049180585a9c3074a6d1aabb101b0a6b9b
Opcode Fuzzy Hash: 19fef8929afa70b41d08ba3abbc5d91b24e356e7251c943d8db5092ce024f856
Instruction Fuzzy Hash: C07199BC9213019EC388EF7DA8466993AF5FB89348B58832A940ED7361FB304484DF71

Function 00D0C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00CA3A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00D0C259
KillTimer.USER32(?,00000001,?,?), ref: 00D0C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D0C270

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 39b40d65c60f021e9a730d102358517aca6f25dd4e3356d061b39fea4b150a62
Instruction ID: 65e143a133c998823c6b98dcbfa2cc02b4538fde9e387c77d9af46a757ac9be8
Opcode Fuzzy Hash: 39b40d65c60f021e9a730d102358517aca6f25dd4e3356d061b39fea4b150a62
Instruction Fuzzy Hash: AA31C370914344AFEB228F748855BEBBBEC9F06308F04149EE5DEA7281C7745A84CB65

Function 00CD86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00CD85CC,?,00D68CC8,0000000C), ref: 00CD8704
GetLastError.KERNEL32(?,00CD85CC,?,00D68CC8,0000000C), ref: 00CD870E
__dosmaperr.LIBCMT ref: 00CD8739

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: b66575f25cf9d80adb10f1e21809c4085fa74e9dba93cd07b2b691f3933cf16b
Instruction ID: 09dc2cca28b36c94b2bff036bf9c6288d960e780a01e005f3f3872c3d69718f1
Opcode Fuzzy Hash: b66575f25cf9d80adb10f1e21809c4085fa74e9dba93cd07b2b691f3933cf16b
Instruction Fuzzy Hash: 3001613360576026D6246734A845B7E6B498F81774F39011FFB28DB3E2DEB0CDC69260

Function 00CADB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00CADB7B
DispatchMessageW.USER32(?), ref: 00CADB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CADB9F
Sleep.KERNELBASE(0000000A), ref: 00CADBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00CF1CC9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: fff6562f27599e9db8d3b927193a43d11dc6f0d70e824cc89c272dfe7a02d445
Instruction ID: 5d00de99afb74336a04089a58226bae02be72223961806d89ee74de8d20b82a4
Opcode Fuzzy Hash: fff6562f27599e9db8d3b927193a43d11dc6f0d70e824cc89c272dfe7a02d445
Instruction Fuzzy Hash: E9F05E706043459BEB30CB609C49FEA73A8EB45710F104618EA6BD31C0EB3095888B76

Function 00CB1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00CB17F6

Strings

CALL, xrefs: 00CB17C6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: f1e0e927d493c288b326fb56e67e4418529d71a849289ebaaf6cbcfb1231144a
Instruction ID: 614b49d53bf130771da19a123a7ff1aad2400a89132f6e4faedae1c73197fd93
Opcode Fuzzy Hash: f1e0e927d493c288b326fb56e67e4418529d71a849289ebaaf6cbcfb1231144a
Instruction Fuzzy Hash: 6622AB706083419FC714CF25C8A0AAABBF1FF85314F68891DF9968B3A1D731E945DB92

Function 00CA2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00CE2C8C

Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2

Part of subcall function 00CA2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00CA2DC4

Strings

X, xrefs: 00CE2C5A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 0f9d3798246b517a842a8df4b55cf9828519ec9f9e7e7ea231f2f22d031ba133
Instruction ID: 94154f4a640e1a4af54b232b5783fc2c9544b9fe45d30c3f3234b6446dba0140
Opcode Fuzzy Hash: 0f9d3798246b517a842a8df4b55cf9828519ec9f9e7e7ea231f2f22d031ba133
Instruction Fuzzy Hash: CB219371A002989BDB05DF99C845BEE7BFCAF49308F004059E505F7341DBB49A899BA1

Function 00CA3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CA3908

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: b6c1f08c6d3ad757efff66a8bfe3a5f5bab2351fe0ad7f02e7a415a0b8700ddd
Instruction ID: 340dacf86898e224f3e3c9b0d030e95968ca23ab199fc56772e5d2a25eed2789
Opcode Fuzzy Hash: b6c1f08c6d3ad757efff66a8bfe3a5f5bab2351fe0ad7f02e7a415a0b8700ddd
Instruction Fuzzy Hash: 383180705043419FD720DF64D895797BBE8FB49708F00092EF599D7390E775AA44CB62

Function 00CBF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00CBF661

Part of subcall function 00CAD731: GetInputState.USER32 ref: 00CAD807

Sleep.KERNEL32(00000000), ref: 00CFF2DE

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: c30519fc0cb0b257158808aa617b6e27dc85603a10539c399d49e725be53ef70
Instruction ID: e9a6bceb34c88a2141dbcc919fd5bea1962100b2715286169ff149ef06f478c1
Opcode Fuzzy Hash: c30519fc0cb0b257158808aa617b6e27dc85603a10539c399d49e725be53ef70
Instruction Fuzzy Hash: 05F082312403069FD314EF69D855BAAB7E5EF46760F004029F85AD7361DB70AC00DBA1

Function 00CAB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00CABB4E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: 345956354b85694e8833c87dfe2e0b0389bb73b7d5f11632f8d4f7f719b71c23
Instruction ID: c31b63f9ac6112cb229261c46bbc5cceb3f66f37fa3735ff7d549f06d47008f9
Opcode Fuzzy Hash: 345956354b85694e8833c87dfe2e0b0389bb73b7d5f11632f8d4f7f719b71c23
Instruction Fuzzy Hash: 1732C134A0020ADFDB14CF64C894BBEB7B5EF45718F248059EA15AB362D774EE81CB61

Function 00CA4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E9C
Part of subcall function 00CA4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CA4EAE
Part of subcall function 00CA4E90: FreeLibrary.KERNEL32(00000000,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EFD

Part of subcall function 00CA4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E62
Part of subcall function 00CA4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CA4E74
Part of subcall function 00CA4E59: FreeLibrary.KERNEL32(00000000,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E87

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 3dea37b7f619cdbdaebbbe7818db61ef5d83e789f45772d3dba45fc3a1a56b95
Instruction ID: 9912364e94fa306e3394ebb9f403862c877fcd44b19db9d21a481c6ffdf86861
Opcode Fuzzy Hash: 3dea37b7f619cdbdaebbbe7818db61ef5d83e789f45772d3dba45fc3a1a56b95
Instruction Fuzzy Hash: F811E732610206AECB18ABA5DC06FADB7A59F81714F20842DF552B71C1DEB1AE45A760

Function 00CD8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00CD8440

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 517608472ca71d8fd715736d144a4877f4f8d7f6c3065a3a28b6688149758821
Instruction ID: f849ac841ef32f91c291cdda71be5466d358a1e651e9b4b61425ea5d1722ad05
Opcode Fuzzy Hash: 517608472ca71d8fd715736d144a4877f4f8d7f6c3065a3a28b6688149758821
Instruction Fuzzy Hash: 8511187590420AAFCB05DF58E941A9F7BF5FF48314F10405AF918AB312DB31EA15CBA5

Function 00CD5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00CD4C7D: RtlAllocateHeap.NTDLL(00000008,00CA1129,00000000,?,00CD2E29,00000001,00000364,?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?), ref: 00CD4CBE

_free.LIBCMT ref: 00CD506C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: 8027b9d558863091732c92e195847d1970dedc5b1329384418793bec94e9ee61
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: AC0126722047046BE3218E659881A5AFBECFB89370F25051EE294833C0EA30A905C6B4

Function 00D329BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00D314B5,?), ref: 00D32A01

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: b5a34f77769747940f42b68a6af3c0851fcabeec57c42736c028c0b06ba95189
Instruction ID: 32f7936a1d6210120e5b20c31cea8745990878bea7353ac279c3c4feeefd1bbc
Opcode Fuzzy Hash: b5a34f77769747940f42b68a6af3c0851fcabeec57c42736c028c0b06ba95189
Instruction Fuzzy Hash: BD01B136B80A41AFD325CA2CC495B3237A2EB85354F2D8468C1878B251DB32FC42CBB0

Function 00CCE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 93ab542fed98b12c4feb0f467adf10fce37e101716b445e7020471521c490bcf
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: 2EF0F432521A18D7C6313A7ACC05F9A339C9F63330F10072EF621922D2DB74E906A6A5

Function 00CD4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00CA1129,00000000,?,00CD2E29,00000001,00000364,?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?), ref: 00CD4CBE

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6fb95648a456e4b801c73f792273babacaff3b658f407f29a64b62eda623f0be
Instruction ID: 9ff0f6fa4f846b7597f77e728e944781f53545768b99ccd6d2f1a1bc6d619227
Opcode Fuzzy Hash: 6fb95648a456e4b801c73f792273babacaff3b658f407f29a64b62eda623f0be
Instruction Fuzzy Hash: 7DF0E93172222467DB295F66DC05F5A3789BFD17A1B15811BFB29EA380CB70D90196E0

Function 00CD3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9bbffe3c9b4482090ee36f780f49a80b90c1cf6d0250ad88ed9aaf8c380e65da
Instruction ID: 3c18f9799b70245a11804a227fcb8014105e5330f95af80cd13a3ed9c8137507
Opcode Fuzzy Hash: 9bbffe3c9b4482090ee36f780f49a80b90c1cf6d0250ad88ed9aaf8c380e65da
Instruction Fuzzy Hash: 71E0E5312003A456D7212667DC00F9A374AAB427B0F09012BFE24D67C0DB50DF01B2F2

Function 00CA4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4F6D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 0c979c33aa4d999ce06b9255a17ef8aa2f4a89236afa4c8b8bcd4096d876ef5d
Instruction ID: 360abd2ee178dcfba583855524182e7571c18ba082a4cb405ec391100ff12bb8
Opcode Fuzzy Hash: 0c979c33aa4d999ce06b9255a17ef8aa2f4a89236afa4c8b8bcd4096d876ef5d
Instruction Fuzzy Hash: 5BF03971105752CFDB389FA5D890822BBE4AF5632D320997EE1EA82621C7B19844EF51

Function 00D32A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00D32A66

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: b0a3579688fe8180c6a7d808a38fee1bbbf585b10988d12aa228a712df84fede
Instruction ID: a651f0058c8f4182f8e74027b22fc2c6c94283777ab3d29db410941029d17bcb
Opcode Fuzzy Hash: b0a3579688fe8180c6a7d808a38fee1bbbf585b10988d12aa228a712df84fede
Instruction Fuzzy Hash: ECE0DF36750216ABC710EA30EC809FA735CEF10390B004036FC1AC2140DB30C99186B0

Function 00CA30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00CA314E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 4b4618f12f218992f936deef515b8d176c4ce5bedc188dbf6941df7735fb14d3
Instruction ID: 76a3f06e9714d7296cd1b729bbfa99a971333e9fa4c99bae95d8def06e34772b
Opcode Fuzzy Hash: 4b4618f12f218992f936deef515b8d176c4ce5bedc188dbf6941df7735fb14d3
Instruction Fuzzy Hash: 0CF0A7709103549FE7529B24DC4A7D97BBCA70170CF0001E9A24CD6292EB7457C8CF61

Function 00CA2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00CA2DC4

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 3c8fdf593d830b4a48727aa77bc32dadc1bab160bf9812b944d391fde7befad5
Instruction ID: c75159b90437ab19d606c36d68b0c49bdc82ba737e5877443bfdfb1ed12bcc8a
Opcode Fuzzy Hash: 3c8fdf593d830b4a48727aa77bc32dadc1bab160bf9812b944d391fde7befad5
Instruction Fuzzy Hash: 72E0C276A002245BCB21E7989C06FEA77EDDFC8790F0800B1FD09E7248DA70AD8096A0

Function 00CA2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00CA3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CA3908

Part of subcall function 00CAD731: GetInputState.USER32 ref: 00CAD807

SetCurrentDirectoryW.KERNEL32(?), ref: 00CA2B6B

Part of subcall function 00CA30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00CA314E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: a331ed096982a3d8ceef104429a396d2787023552c7bf0c5275b9c2093b0f12c
Instruction ID: 0d1c2a78e5813a545ea6f2909ea8c270e99392706b9bafdb51f6b872948d8e02
Opcode Fuzzy Hash: a331ed096982a3d8ceef104429a396d2787023552c7bf0c5275b9c2093b0f12c
Instruction Fuzzy Hash: 53E0262230028607C608BB38A8264BDA349CBD335DF40153EF047832A2DE2446455321

Function 00CE039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00CE0704,?,?,00000000,?,00CE0704,00000000,0000000C), ref: 00CE03B7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ac93ffc9345b96b0bd5d01fe81fefae57dd35afa5012a91119cc6f8af98ad5ad
Instruction ID: c6e7d4edb44bd459e0938956ed05e221a4429cd43705fe1294d43f5370eec8d3
Opcode Fuzzy Hash: ac93ffc9345b96b0bd5d01fe81fefae57dd35afa5012a91119cc6f8af98ad5ad
Instruction Fuzzy Hash: B2D06C3205020DBBDF028F84DD06EDA3BAAFB48714F014000BE18A6120C732E821AB90

Function 00CA1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00CA1CBC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: a5dca6a1dd0f4cc68294065b10d30d443789fb6c7b67a1893e0d6898eda5ef97
Instruction ID: cf7a8a48fe4a40550f5c48fb5f297a564ea801b99605ea061d6ad5a1f9361af9
Opcode Fuzzy Hash: a5dca6a1dd0f4cc68294065b10d30d443789fb6c7b67a1893e0d6898eda5ef97
Instruction Fuzzy Hash: 21C0923B290304EFF2148B94BC4BF207764A348B00F048001F64DE9BE3E3A228A0EB70

Non-executed Functions

Function 00D39576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00D3961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00D3965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00D3969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D396C9
SendMessageW.USER32 ref: 00D396F2
GetKeyState.USER32(00000011), ref: 00D3978B
GetKeyState.USER32(00000009), ref: 00D39798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00D397AE
GetKeyState.USER32(00000010), ref: 00D397B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D397E9
SendMessageW.USER32 ref: 00D39810
SendMessageW.USER32(?,00001030,?,00D37E95), ref: 00D39918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00D3992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00D39941
SetCapture.USER32(?), ref: 00D3994A
ClientToScreen.USER32(?,?), ref: 00D399AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00D399BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00D399D6
ReleaseCapture.USER32 ref: 00D399E1
GetCursorPos.USER32(?), ref: 00D39A19
ScreenToClient.USER32(?,?), ref: 00D39A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00D39A80
SendMessageW.USER32 ref: 00D39AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00D39AEB
SendMessageW.USER32 ref: 00D39B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00D39B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00D39B4A
GetCursorPos.USER32(?), ref: 00D39B68
ScreenToClient.USER32(?,?), ref: 00D39B75
GetParent.USER32(?), ref: 00D39B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00D39BFA
SendMessageW.USER32 ref: 00D39C2B
ClientToScreen.USER32(?,?), ref: 00D39C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00D39CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00D39CDE
SendMessageW.USER32 ref: 00D39D01
ClientToScreen.USER32(?,?), ref: 00D39D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00D39D82

Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952

GetWindowLongW.USER32(?,000000F0), ref: 00D39E05

Strings

F, xrefs: 00D39D07
@GUI_DRAGID, xrefs: 00D3997D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: e98efbbe14a24927e94ccf307ab21b6ec6b2c92d1f7e65307e9df76ed767b4d8
Instruction ID: 2920cacada72f44b01cfd09caa680de86f2511781aaa0d014ef65aedf3a7eec7
Opcode Fuzzy Hash: e98efbbe14a24927e94ccf307ab21b6ec6b2c92d1f7e65307e9df76ed767b4d8
Instruction Fuzzy Hash: DF42AA35205301AFDB24CF28CCA5AAABBE5FF49310F180619F699D72A1D7B1E851CF61

Function 00D34873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00D348F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00D34908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00D34927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00D3494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00D3495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00D3497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00D349AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00D349D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00D34A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00D34A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00D34A7E
IsMenu.USER32(?), ref: 00D34A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D34AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D34B20
GetWindowLongW.USER32(?,000000F0), ref: 00D34B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00D34BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00D34C82
wsprintfW.USER32 ref: 00D34CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D34CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00D34CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00D34D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D34D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00D34D5A

Strings

%d/%02d/%02d, xrefs: 00D34CA8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: e46119a69f31a941bdcacff3312353620d582a460a8ef8ab1be72e33fba12f45
Instruction ID: b40f60e5fa4656143811ff181a6b1095ccd0ec246c02ee1fb6b29550ef4c3ad9
Opcode Fuzzy Hash: e46119a69f31a941bdcacff3312353620d582a460a8ef8ab1be72e33fba12f45
Instruction Fuzzy Hash: CE12D071600354ABEB248F28DC49FAE7BF8EF45710F184129F515EA2E1DB78E941CB60

Function 00CBF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00CBF998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00CFF474
IsIconic.USER32(00000000), ref: 00CFF47D
ShowWindow.USER32(00000000,00000009), ref: 00CFF48A
SetForegroundWindow.USER32(00000000), ref: 00CFF494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00CFF4AA
GetCurrentThreadId.KERNEL32 ref: 00CFF4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00CFF4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00CFF4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00CFF4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00CFF4DE
SetForegroundWindow.USER32(00000000), ref: 00CFF4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF4F6
keybd_event.USER32(00000012,00000000), ref: 00CFF501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF50B
keybd_event.USER32(00000012,00000000), ref: 00CFF510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF519
keybd_event.USER32(00000012,00000000), ref: 00CFF51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF528
keybd_event.USER32(00000012,00000000), ref: 00CFF52D
SetForegroundWindow.USER32(00000000), ref: 00CFF530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00CFF557

Strings

Shell_TrayWnd, xrefs: 00CFF46F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 212bcfb8870ce12baa89b785c525e378db48320f53a9ae95dd3977714b0503eb
Instruction ID: 081399163b3d8fd074d740167a5402e8651bb6a45bbb19d4a3c5648b4e93adcf
Opcode Fuzzy Hash: 212bcfb8870ce12baa89b785c525e378db48320f53a9ae95dd3977714b0503eb
Instruction Fuzzy Hash: B4313E71A50318BBEB206BB55C4AFBF7E6CEB44B50F141069FA01F62D1C6B19901ABB1

Function 00D01201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00D016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
Part of subcall function 00D016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
Part of subcall function 00D016C3: GetLastError.KERNEL32 ref: 00D0174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00D01286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00D012A8
CloseHandle.KERNEL32(?), ref: 00D012B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00D012D1
GetProcessWindowStation.USER32 ref: 00D012EA
SetProcessWindowStation.USER32(00000000), ref: 00D012F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00D01310

Part of subcall function 00D010BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D011FC), ref: 00D010D4
Part of subcall function 00D010BF: CloseHandle.KERNEL32(?,?,00D011FC), ref: 00D010E9

Strings

default, xrefs: 00D0130B
, xrefs: 00D0125A
winsta0, xrefs: 00D012CC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: b7be5562ca7a6a6de5dc3720a453e0be790eb741a96e1cd05c5236d61c932e17
Instruction ID: 08b3faed44d2c28a640f62ace9d6701c6e1a4f0c5cf7e74f569852876c20989f
Opcode Fuzzy Hash: b7be5562ca7a6a6de5dc3720a453e0be790eb741a96e1cd05c5236d61c932e17
Instruction Fuzzy Hash: 2C816575900249ABDF219FA4DC49BEE7BB9EF04704F184129F918F62A0C771DA58CB30

Function 00D00B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
Part of subcall function 00D010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
Part of subcall function 00D010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
Part of subcall function 00D010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D00BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D00C00
GetLengthSid.ADVAPI32(?), ref: 00D00C17
GetAce.ADVAPI32(?,00000000,?), ref: 00D00C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D00C6D
GetLengthSid.ADVAPI32(?), ref: 00D00C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D00C8C
HeapAlloc.KERNEL32(00000000), ref: 00D00C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D00CB4
CopySid.ADVAPI32(00000000), ref: 00D00CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D00CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D00D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D00D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D45
HeapFree.KERNEL32(00000000), ref: 00D00D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D55
HeapFree.KERNEL32(00000000), ref: 00D00D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D65
HeapFree.KERNEL32(00000000), ref: 00D00D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00D00D78
HeapFree.KERNEL32(00000000), ref: 00D00D7F

Part of subcall function 00D01193: GetProcessHeap.KERNEL32(00000008,00D00BB1,?,00000000,?,00D00BB1,?), ref: 00D011A1
Part of subcall function 00D01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D00BB1,?), ref: 00D011A8
Part of subcall function 00D01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D00BB1,?), ref: 00D011B7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 357ae1b1a9afac5bb23ae605c8341ae082ba9caba71e0868cc7b38781d000da4
Instruction ID: a04c49032243b9394daad2c2cc587767cc46d739c82ddfb01e1eaa454080618d
Opcode Fuzzy Hash: 357ae1b1a9afac5bb23ae605c8341ae082ba9caba71e0868cc7b38781d000da4
Instruction Fuzzy Hash: 1D711676A0020ABBDF10DFA4DC45BEEBBBDAF04310F184525E919E6291D775AA05CBB0

Function 00D1EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00D3CC08), ref: 00D1EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00D1EB37
GetClipboardData.USER32(0000000D), ref: 00D1EB43
CloseClipboard.USER32 ref: 00D1EB4F
GlobalLock.KERNEL32(00000000), ref: 00D1EB87
CloseClipboard.USER32 ref: 00D1EB91
GlobalUnlock.KERNEL32(00000000), ref: 00D1EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00D1EBC9
GetClipboardData.USER32(00000001), ref: 00D1EBD1
GlobalLock.KERNEL32(00000000), ref: 00D1EBE2
GlobalUnlock.KERNEL32(00000000), ref: 00D1EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00D1EC38
GetClipboardData.USER32(0000000F), ref: 00D1EC44
GlobalLock.KERNEL32(00000000), ref: 00D1EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00D1EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D1EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D1ECD2
GlobalUnlock.KERNEL32(00000000), ref: 00D1ECF3
CountClipboardFormats.USER32 ref: 00D1ED14
CloseClipboard.USER32 ref: 00D1ED59

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 000b56a6d723c015785c530dd1d4cf6f6320c049da273b3866189cb262bdcce0
Instruction ID: 96c52d07a82a68100b43a27375df346871c3805709661b0aa883ffd8debb84ee
Opcode Fuzzy Hash: 000b56a6d723c015785c530dd1d4cf6f6320c049da273b3866189cb262bdcce0
Instruction Fuzzy Hash: 9261C135204302AFD300EF24E889FAA77A4EF85714F085519F856D72A2DF71D985DBB2

Function 00D1698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00D169BE
FindClose.KERNEL32(00000000), ref: 00D16A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D16A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D16A75

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00D16AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00D16ADF

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00D16B6A
%02d, xrefs: 00D16C00, 00D16C0A, 00D16C5A, 00D16CAA, 00D16CFA, 00D16D4A
%4d, xrefs: 00D16BB1
%4d%02d%02d%02d%02d%02d%03d, xrefs: 00D16B32
%03d, xrefs: 00D16DA2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 5da9047a6273b8394bebbc88f5ac36ea204dfea72b0f15ed6bcf9055a691d05c
Instruction ID: 55204b5afb840e6d5df06157a92e626db567aba1698a7ba8f6861e0bc1eed585
Opcode Fuzzy Hash: 5da9047a6273b8394bebbc88f5ac36ea204dfea72b0f15ed6bcf9055a691d05c
Instruction Fuzzy Hash: C6D14F72508301AFC710EBA4DC86EABB7ECEF89708F04491DF585D6291EB74DA44DB62

Function 00D19642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00D19663
GetFileAttributesW.KERNEL32(?), ref: 00D196A1
SetFileAttributesW.KERNEL32(?,?), ref: 00D196BB
FindNextFileW.KERNEL32(00000000,?), ref: 00D196D3
FindClose.KERNEL32(00000000), ref: 00D196DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00D196FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00D1974A
SetCurrentDirectoryW.KERNEL32(00D66B7C), ref: 00D19768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00D19772
FindClose.KERNEL32(00000000), ref: 00D1977F
FindClose.KERNEL32(00000000), ref: 00D1978F

Strings

*.*, xrefs: 00D196F5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: f2134b68af531f0e0c20300495a79e312751aa696fbf965b1b59ce5619feb879
Instruction ID: f4ca51ebe6ad5e0191b0631743f7a0607aba82da63e58f92c14d1f9f00e49080
Opcode Fuzzy Hash: f2134b68af531f0e0c20300495a79e312751aa696fbf965b1b59ce5619feb879
Instruction Fuzzy Hash: A831A036650219BFDB14AFB4EC69ADEB7ACAF09321F144165F815E21E0DB30DA84CB34

Function 00D1979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00D197BE
FindNextFileW.KERNEL32(00000000,?), ref: 00D19819
FindClose.KERNEL32(00000000), ref: 00D19824
FindFirstFileW.KERNEL32(*.*,?), ref: 00D19840
SetCurrentDirectoryW.KERNEL32(?), ref: 00D19890
SetCurrentDirectoryW.KERNEL32(00D66B7C), ref: 00D198AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00D198B8
FindClose.KERNEL32(00000000), ref: 00D198C5
FindClose.KERNEL32(00000000), ref: 00D198D5

Part of subcall function 00D0DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00D0DB00

Strings

*.*, xrefs: 00D1983B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: c2bced4d5ab484b80a8f97ae996867f45b612a68c5d68022fc20899939aa6dce
Instruction ID: 8502e3deeafe49d749ad17cdb6ffae921503a83e2ec7f43cd7421508642a7212
Opcode Fuzzy Hash: c2bced4d5ab484b80a8f97ae996867f45b612a68c5d68022fc20899939aa6dce
Instruction Fuzzy Hash: 333183325406197EDB14AFB4FC68ADEB7ACAF06320F144166E854E2190DF31D9C5CB74

Function 00D2BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00D2BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00D2BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00D2C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00D2C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D2C382
RegCloseKey.ADVAPI32(00000000), ref: 00D2C38F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: abeb59ad1f97eb948f7b2c5ddbac8cf659f6758fd927789b588475b08ec546d7
Instruction ID: 1532460314465470d9bc36a3b575959903835e206090ea2a67e7a4f3b04c43eb
Opcode Fuzzy Hash: abeb59ad1f97eb948f7b2c5ddbac8cf659f6758fd927789b588475b08ec546d7
Instruction Fuzzy Hash: 00026E716142109FC714DF28D895E2ABBE5EF49318F18C89DF84ADB2A2DB31EC45CB61

Function 00D18195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00D18257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00D18267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00D18273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D18310
SetCurrentDirectoryW.KERNEL32(?), ref: 00D18324
SetCurrentDirectoryW.KERNEL32(?), ref: 00D18356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D1838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00D18395

Strings

*.*, xrefs: 00D1839B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: c1ba882cdce423c6a6b3c5fe387b79f1d94c1745b68be5336783d58ac74a4520
Instruction ID: c9aba1711a3798c3bbec89af6614ab982691ac94c76cb64be031aa57cb7c9910
Opcode Fuzzy Hash: c1ba882cdce423c6a6b3c5fe387b79f1d94c1745b68be5336783d58ac74a4520
Instruction Fuzzy Hash: F2617CB2504305AFC710EF64D88099EB3E8FF89314F08891EF999D7251DB31E945DBA2

Function 00D0D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2

Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A

FindFirstFileW.KERNEL32(?,?), ref: 00D0D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00D0D1DD
MoveFileW.KERNEL32(?,?), ref: 00D0D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00D0D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00D0D237

Part of subcall function 00D0D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00D0D21C,?,?), ref: 00D0D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00D0D253
FindClose.KERNEL32(00000000), ref: 00D0D264

Strings

\*.*, xrefs: 00D0D0CD, 00D0D0D6, 00D0D0EB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 6360e75552f12b5fae31bc3220a386ce73dd11487af30018817e0a0afbb895c1
Instruction ID: c316d0d8c1ff471e972ae7a3ec0715f9bd4063c8938378aa48ab369be7ada884
Opcode Fuzzy Hash: 6360e75552f12b5fae31bc3220a386ce73dd11487af30018817e0a0afbb895c1
Instruction Fuzzy Hash: 72616F31C0125E9BCF05EBE0D952AEDB776AF55304F244166E406771A1EB309F09DB71

Function 00D1ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00D1ED91
EmptyClipboard.USER32 ref: 00D1ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00D1EDAC
CloseClipboard.USER32 ref: 00D1EEA3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 18c5286a10db868cb7934cdca5f6df4511c9734cb43afb93e3ec33a8d7873d9f
Instruction ID: fb6a20a41dc51cca80aeda52755d9cc6675868b88c952a373bd88bfc07e5eb49
Opcode Fuzzy Hash: 18c5286a10db868cb7934cdca5f6df4511c9734cb43afb93e3ec33a8d7873d9f
Instruction Fuzzy Hash: 17419D35204611AFD310DF25E889B5ABBE5EF44318F18C099E8199B762CB35EC81CBA0

Function 00D0E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00D016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
Part of subcall function 00D016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
Part of subcall function 00D016C3: GetLastError.KERNEL32 ref: 00D0174A

ExitWindowsEx.USER32(?,00000000), ref: 00D0E932

Strings

@, xrefs: 00D0E925
, xrefs: 00D0E920
, xrefs: 00D0E95C
SeShutdownPrivilege, xrefs: 00D0E902

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: d9d93c7851835c1059a4fc2414733463c569c54c706f1edf9e629479b753a238
Instruction ID: 52952626cd66fb9239cf90c31fb758c3d617cd1e2c87f6ba5c40ab8d4203a637
Opcode Fuzzy Hash: d9d93c7851835c1059a4fc2414733463c569c54c706f1edf9e629479b753a238
Instruction Fuzzy Hash: D701D673620311ABEB6467B4AC86BBB735CA714750F194D26FC4AF21D2D5A19C408AB4

Function 00D21204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00D21276
WSAGetLastError.WSOCK32 ref: 00D21283
bind.WSOCK32(00000000,?,00000010), ref: 00D212BA
WSAGetLastError.WSOCK32 ref: 00D212C5
closesocket.WSOCK32(00000000), ref: 00D212F4
listen.WSOCK32(00000000,00000005), ref: 00D21303
WSAGetLastError.WSOCK32 ref: 00D2130D
closesocket.WSOCK32(00000000), ref: 00D2133C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 482f8eef6b70cf689ad03b39c181d4659e734cb1764ecb743e6d962587c366a1
Instruction ID: 217ca191ddd68a856dab84c078e4690c6f6be5f61a2587b44f6b66ebd1cdb572
Opcode Fuzzy Hash: 482f8eef6b70cf689ad03b39c181d4659e734cb1764ecb743e6d962587c366a1
Instruction Fuzzy Hash: E9416F35A00211DFD710DF64D485B2ABBE6AF66318F18C198E8569F392C771ED81CBB1

Function 00D0D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2

Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A

FindFirstFileW.KERNEL32(?,?), ref: 00D0D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00D0D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00D0D481
FindClose.KERNEL32(00000000), ref: 00D0D498
FindClose.KERNEL32(00000000), ref: 00D0D4A1

Strings

\*.*, xrefs: 00D0D3F2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 3c7b5b6f4a0ab0f1c25db6e4bbbda729a0a40184199cc27fa27890c227a2fa15
Instruction ID: f27ebc318fa1b25c69cc3f7f0ad458bd507f3ed82c8252e4b3bc21330a2ad68d
Opcode Fuzzy Hash: 3c7b5b6f4a0ab0f1c25db6e4bbbda729a0a40184199cc27fa27890c227a2fa15
Instruction Fuzzy Hash: 723180310183469FC300EFA4D8969AFB7A8AE92304F444A1EF4D5931E1EB34EA09D773

Function 00CDE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00CDE645

Strings

1#IND, xrefs: 00CDF83D
1#SNAN, xrefs: 00CDF844
1#INF, xrefs: 00CDF852
1#QNAN, xrefs: 00CDF84B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 60e0478b12312fce15f87e03ce352cff947b999bc4b982a3ca2f900a1ae2ffb4
Instruction ID: eec0c1c873890e31947bc873ed93d50e58d70c8f9b03e305954be7d1cec74961
Opcode Fuzzy Hash: 60e0478b12312fce15f87e03ce352cff947b999bc4b982a3ca2f900a1ae2ffb4
Instruction Fuzzy Hash: FFC23871E086288BDB25DE28DD407EAB7B5FB49304F1541EBD95EE7240E774AE828F40

Function 00D1648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D164DC
CoInitialize.OLE32(00000000), ref: 00D16639
CoCreateInstance.OLE32(00D3FCF8,00000000,00000001,00D3FB68,?), ref: 00D16650
CoUninitialize.OLE32 ref: 00D168D4

Strings

.lnk, xrefs: 00D164BA, 00D16524, 00D165E0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 7a9ddbe25f8764a5338a558ffae5d346a527c72a2bfc4537248b26e2ebb7556f
Instruction ID: 4f2a8e6ae66ab3f4a4286010f9276c51905c09c72f4ef6dd44eb0e072962a765
Opcode Fuzzy Hash: 7a9ddbe25f8764a5338a558ffae5d346a527c72a2bfc4537248b26e2ebb7556f
Instruction Fuzzy Hash: E3D14A71508301AFD304EF24D881EABB7E9FF95708F04496DF5958B291DB70E949CBA2

Function 00D222DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00D222E8

Part of subcall function 00D1E4EC: GetWindowRect.USER32(?,?), ref: 00D1E504

GetDesktopWindow.USER32 ref: 00D22312
GetWindowRect.USER32(00000000), ref: 00D22319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00D22355
GetCursorPos.USER32(?), ref: 00D22381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00D223DF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 4724706a23424810425ff1a490b94de4488a698bf3f4088ddda3fef10be7d720
Instruction ID: d88d1aa177515c1283d2f3db4495b14a0d6f273c194dab76d2293c94a17de0cf
Opcode Fuzzy Hash: 4724706a23424810425ff1a490b94de4488a698bf3f4088ddda3fef10be7d720
Instruction Fuzzy Hash: 7431C272504325AFD720DF54D845BABB7A9FF94314F040A1DF985E7291DB34E908CBA2

Function 00D19B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00D19B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00D19C8B

Part of subcall function 00D13874: GetInputState.USER32 ref: 00D138CB
Part of subcall function 00D13874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D13966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00D19BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00D19C75

Strings

*.*, xrefs: 00D19B5D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: 04f4ca289809a5e3da9364d850b807cd9bed2911fd4fe6dbd5834a648557afac
Instruction ID: c4a9dce84c195563b5bab1157ee3757ad8cda2edc77e62c75eac5b3817d1728a
Opcode Fuzzy Hash: 04f4ca289809a5e3da9364d850b807cd9bed2911fd4fe6dbd5834a648557afac
Instruction Fuzzy Hash: 9C41607194420AAFCF14DF64D9A9AEEBBB9EF05310F244155F845A3291EB309E84DFB0

Function 00CB997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00CB9A4E
GetSysColor.USER32(0000000F), ref: 00CB9B23
SetBkColor.GDI32(?,00000000), ref: 00CB9B36

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: 04dec0f553742ffebe11208bda07d778d1906a3cf1422adb42410b8d3d243c0e
Instruction ID: e64ac892bf540f66ce9744ef51485f9576af5ae8d55b47489433d00ed39aeb98
Opcode Fuzzy Hash: 04dec0f553742ffebe11208bda07d778d1906a3cf1422adb42410b8d3d243c0e
Instruction Fuzzy Hash: C6A13B70118558BEE769AB3D8C99EFB369DDF42340F15030AF322D66A1CA359E41E273

Function 00D21806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00D2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
Part of subcall function 00D2304E: _wcslen.LIBCMT ref: 00D2309B

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00D2185D
WSAGetLastError.WSOCK32 ref: 00D21884
bind.WSOCK32(00000000,?,00000010), ref: 00D218DB
WSAGetLastError.WSOCK32 ref: 00D218E6
closesocket.WSOCK32(00000000), ref: 00D21915

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: 5a438f272463ec5f79b729fcbd56d62dddee06631f92e306c82affc125de2da0
Instruction ID: 10bd822651e5adcd9a04c62e3abb6e7bdb7b3677f39e264e22bb799b85ab98dd
Opcode Fuzzy Hash: 5a438f272463ec5f79b729fcbd56d62dddee06631f92e306c82affc125de2da0
Instruction Fuzzy Hash: 7851D275A00210AFDB10AF24D8C6F6AB7E5AB55718F188098F919AF3C3C771ED419BA1

Function 00D31C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00D31CC0
IsWindowEnabled.USER32 ref: 00D31CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00D31CDB
IsIconic.USER32 ref: 00D31CE9
IsZoomed.USER32 ref: 00D31CF7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 432830fc00559dfeee929d1d75a1b9feec93cbdf2522e387adb8413c5b46b31b
Instruction ID: 9de2a1cbe65ab7e896ed9a5f046da4cd1cd0083af9f8efddbfd85dc7a0abe08f
Opcode Fuzzy Hash: 432830fc00559dfeee929d1d75a1b9feec93cbdf2522e387adb8413c5b46b31b
Instruction Fuzzy Hash: B421A1357402125FD7208F2AD894B6ABBA5EF85315F1DA068E84ADB351CB71EC42CBB0

Function 00CA8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00CA83E8
VUUU, xrefs: 00CA83FA
VUUU, xrefs: 00CA843C
ERCP, xrefs: 00CA813C
VUUU, xrefs: 00CE5DF0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 801d12fae94481a04aa0c2f715024017ce38e816143a328c33dc27311f6c7ef1
Instruction ID: e9ec3fbb37d1f6e4e19c7e0400e69d194b0fe3d50f8f2c3a5a4c5c6be0692ff7
Opcode Fuzzy Hash: 801d12fae94481a04aa0c2f715024017ce38e816143a328c33dc27311f6c7ef1
Instruction Fuzzy Hash: 69A2A270E0065ACBDF24CF59C8407AEB7B1FF55318F2481AAE825A7285DB709E85CF90

Function 00D0AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00D0AAAC
SetKeyboardState.USER32(00000080), ref: 00D0AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00D0AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00D0AB88

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 549d84ad0f8065374132807667064c78cd19e9c81cb111ca6786f64c975b5496
Instruction ID: ddc824b20a194a6bb44637fd92c64a0ca64b0a0b88f4a2804cc37eda59504acf
Opcode Fuzzy Hash: 549d84ad0f8065374132807667064c78cd19e9c81cb111ca6786f64c975b5496
Instruction Fuzzy Hash: 6531F431A40358AEFB35CB6DCC05BFA7BA6EB45320F08421AF599961E1D375C981C772

Function 00CDBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CDBB7F

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

GetTimeZoneInformation.KERNEL32 ref: 00CDBB91
WideCharToMultiByte.KERNEL32(00000000,?,00D7121C,000000FF,?,0000003F,?,?), ref: 00CDBC09
WideCharToMultiByte.KERNEL32(00000000,?,00D71270,000000FF,?,0000003F,?,?,?,00D7121C,000000FF,?,0000003F,?,?), ref: 00CDBC36

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: 3d464b8c5f254c2928467cad6f6573cf7463a480ece51cae644a7816d88bf638
Instruction ID: 9478b4a471e8f610a394da08de4e8d4ad524a8a660f3d4ef06ebf0500202f041
Opcode Fuzzy Hash: 3d464b8c5f254c2928467cad6f6573cf7463a480ece51cae644a7816d88bf638
Instruction Fuzzy Hash: 5E319074904205EFCB11DF698C82969BBB8FF45350715465BE264E73A2EB309E40EB64

Function 00D1CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00D1CE89
GetLastError.KERNEL32(?,00000000), ref: 00D1CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00D1CEFE

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 19d9542177164d0c9d4bc02396862aeb411a214d5b9d7eff82b2854edf5905d4
Instruction ID: 40002fd6ae9334ce0fddb6290979a29845f25a5292babcdb814e13ae5d66550a
Opcode Fuzzy Hash: 19d9542177164d0c9d4bc02396862aeb411a214d5b9d7eff82b2854edf5905d4
Instruction Fuzzy Hash: 7621BDB1590305ABDB20CFA5E948BA7B7F8EF00314F14541EE546E2251EB74EE858BB4

Function 00D08298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00D082AA

Strings

(, xrefs: 00D082F0
|, xrefs: 00D082DA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 9a442da15272d9a5e8934f71069ecbb4b5338e678ec769ade00bd84f21ad4a5d
Instruction ID: bb3ce187f672bc26d224710d74d2b37d6f0dd51dbc7dc689fd17c23897bc4a79
Opcode Fuzzy Hash: 9a442da15272d9a5e8934f71069ecbb4b5338e678ec769ade00bd84f21ad4a5d
Instruction Fuzzy Hash: AD323474A007059FCB28CF69C481AAAB7F0FF48710B15C56EE49ADB3A1EB70E941DB54

Function 00D15C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00D15CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00D15D17
FindClose.KERNEL32(?), ref: 00D15D5F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: bfa0bd88e5da4fdde99c1563c0b9c5ca1a5585dbc1fde2aa68849f0161d82c5d
Instruction ID: fb8b0815948c0b7d8183023a8d9290b33d2c7e25bf25701768648bd6e9d95958
Opcode Fuzzy Hash: bfa0bd88e5da4fdde99c1563c0b9c5ca1a5585dbc1fde2aa68849f0161d82c5d
Instruction Fuzzy Hash: 64519C74604602EFC714CF28E494E96B7E4FF4A314F14855DE99A8B3A1CB34ED84CBA1

Function 00CD2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00CD271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CD2724
UnhandledExceptionFilter.KERNEL32(?), ref: 00CD2731

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 417518a70b0746a1542e70f971171a126e5ee1a86e5dbc1cb1a0432b98f4099c
Instruction ID: 7d55f51ffc8c1104af997b74e2f5463ab98f000379e0a51ac9773902eff2882e
Opcode Fuzzy Hash: 417518a70b0746a1542e70f971171a126e5ee1a86e5dbc1cb1a0432b98f4099c
Instruction Fuzzy Hash: F931D57591131CABCB21DF64DC88B9DBBB8AF18310F5041EAE91CA7260E7349F819F54

Function 00D151CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00D151DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00D15238
SetErrorMode.KERNEL32(00000000), ref: 00D152A1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 9838d3aa93960e48ce120e0fde223a2917ce53cd874bc350b5d7ca2189e4bf7e
Instruction ID: 1d7e35769ff493ae8ff5a58cc48f5047976166cbef3be474fa5529cb598f21ac
Opcode Fuzzy Hash: 9838d3aa93960e48ce120e0fde223a2917ce53cd874bc350b5d7ca2189e4bf7e
Instruction Fuzzy Hash: 6B315075A00619EFDB00DF94D884EADBBB4FF49318F088099E805AB396DB75E855CB60

Function 00D016C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00CBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0668
Part of subcall function 00CBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
GetLastError.KERNEL32 ref: 00D0174A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 5d9758ecbf2b430add3dd3cc8340a21790dbade939e997fee2441838b4149bb7
Instruction ID: 4625b65f4e91ac7d027b0508a38aba9e0beb1f718009cf950e72ccba40341fb5
Opcode Fuzzy Hash: 5d9758ecbf2b430add3dd3cc8340a21790dbade939e997fee2441838b4149bb7
Instruction Fuzzy Hash: 2A1191B2514304AFD7189F64DC86EAAB7B9EB44714B24852EE05697281EB70FC418B30

Function 00D0D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D0D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00D0D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D0D650

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: e10210b3db1ca8a6737d3b28d989b6923322997ee0cc57414e8113f1f55a397e
Instruction ID: e72bc8dbf1913c52c0c18d7227eae3639c91aa064d061d2112fa4efa96be8ceb
Opcode Fuzzy Hash: e10210b3db1ca8a6737d3b28d989b6923322997ee0cc57414e8113f1f55a397e
Instruction Fuzzy Hash: 16113C75E05328BBDB108F959C45FAFBBBCEB45B50F108126F908E7290D6704A058BA1

Function 00D01663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00D0168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00D016A1
FreeSid.ADVAPI32(?), ref: 00D016B1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 4b84d0c24b8a1b1c45698c65706b2212f5e6dd950dda721665744d22af329e3d
Instruction ID: 278e685827f7c02cec01daf0807bd76eba65b63bedce15adfd1512554a308f17
Opcode Fuzzy Hash: 4b84d0c24b8a1b1c45698c65706b2212f5e6dd950dda721665744d22af329e3d
Instruction Fuzzy Hash: 33F0F47595030DFBDB00DFE49D89AAEBBBCEB08704F504565E501E2281E774AA448B60

Function 00CFD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00CFD28C

Strings

X64, xrefs: 00CFD2A8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: ca163c03e6b1a6afdde39b37ae90dae53e73c2a038021973dae6ece9bae2f186
Instruction ID: 496c020ceb8e3108a5f1b1c059c319de9e005474165f6d2e5426fbe457e09441
Opcode Fuzzy Hash: ca163c03e6b1a6afdde39b37ae90dae53e73c2a038021973dae6ece9bae2f186
Instruction Fuzzy Hash: DAD0C9B481111DEACB94DB90ECC8DDAB37CBB04305F100191F106E2100D73095488F20

Function 00CCCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: 6e9ed51d140cab7be87228cfdc90ebae4805c6d8836eb40b60eec0c4952f73a6
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: 5E020C71E002199BDF14CFA9C980BADBBF1EF48314F25816DD929E7384D731AA418B94

Function 00D168EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00D16918
FindClose.KERNEL32(00000000), ref: 00D16961

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: d643b829e2e7e9b13743e1b96033250fc7e8e215eb0a69fc49f0d351fd5fbb29
Instruction ID: 276346e4947f48efbd522e73e0d40bc9ce39a9d15decf398045d3ecb996f2cac
Opcode Fuzzy Hash: d643b829e2e7e9b13743e1b96033250fc7e8e215eb0a69fc49f0d351fd5fbb29
Instruction Fuzzy Hash: A51193356142119FC710DF69D884A16BBE5FF85328F14C699E4698F3A2CB30EC45CBA1

Function 00D137B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00D24891,?,?,00000035,?), ref: 00D137E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00D24891,?,?,00000035,?), ref: 00D137F4

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: e613f5f0b3fc23c089ba2fc91432d2ed46f1442ed61cf79664eed72cd4653843
Instruction ID: c4df6a956fae669f120da6f58b860222edc0734273d54b953b7fa4db19c9a239
Opcode Fuzzy Hash: e613f5f0b3fc23c089ba2fc91432d2ed46f1442ed61cf79664eed72cd4653843
Instruction Fuzzy Hash: 03F0A0B16043292AE62057A69C49FEB3AAEEF85765F000175B509E2291D9609944C7B0

Function 00D0B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00D0B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00D0B270

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 86c53bd30b42a3cf5ee424ead5894331a23d3363d46dfab0a82505764c387ce0
Instruction ID: 394f5f6460132a065d275edb8bb07b32314eb8c4a13928f7b0a1910c3be3f93a
Opcode Fuzzy Hash: 86c53bd30b42a3cf5ee424ead5894331a23d3363d46dfab0a82505764c387ce0
Instruction Fuzzy Hash: 0FF01D7181424DABDB059FA0C805BAE7BB4FF04315F04900AF955A5191C379C6119FA4

Function 00D010BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D011FC), ref: 00D010D4
CloseHandle.KERNEL32(?,?,00D011FC), ref: 00D010E9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 37440e889cd962b5e24292d735a34dbb664c0814143a10241bfb1d2d0b4d9e99
Instruction ID: e59b962d92b005a8f49f0e088baab3aaa43cd2a39a2e92401337f0f85f869ea3
Opcode Fuzzy Hash: 37440e889cd962b5e24292d735a34dbb664c0814143a10241bfb1d2d0b4d9e99
Instruction Fuzzy Hash: AAE0BF72014750AEE7252B61FC05EB777E9EB04310F14882DF5A5905B1DB62ACA1EB60

Function 00CACAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00CF0C40

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: 6a9b13127e93b320f024f8f8821c5c4db13b09e866db947a37c33b73c68ecfd6
Instruction ID: de4802c200d36af0d5412ad7c9a16716ade9683f0486638fb5ca334604894ae7
Opcode Fuzzy Hash: 6a9b13127e93b320f024f8f8821c5c4db13b09e866db947a37c33b73c68ecfd6
Instruction Fuzzy Hash: 17329A7090021ADFCF14DF94C885AFDB7B5FF06308F248069E916AB292DB35AE45DB61

Function 00CD676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CD6766,?,?,00000008,?,?,00CDFEFE,00000000), ref: 00CD6998

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: ca4f50ad80b6a84cba71cebdaef265e5ab2dbe69703a646387e01dbf0cf5573b
Instruction ID: 0b3ea1d68bb04f58d21aac9ff32d6f46105a68920ed3df894bd4d9ad1e6848c9
Opcode Fuzzy Hash: ca4f50ad80b6a84cba71cebdaef265e5ab2dbe69703a646387e01dbf0cf5573b
Instruction Fuzzy Hash: 13B14A316106099FD715CF28C48AB657BE0FF45364F25865AEAE9CF3A2C335EA81DB40

Function 00CBB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00CF851F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: dd60f4085bc05c737cdf5be1c4af4b83f6ddb121cc1afaa05ad48bfb8ef37d07
Instruction ID: 768f22c4a820c72a9359019050a68883a55db904ad49ee95ff0555574d3ae567
Opcode Fuzzy Hash: dd60f4085bc05c737cdf5be1c4af4b83f6ddb121cc1afaa05ad48bfb8ef37d07
Instruction Fuzzy Hash: C5127E71A002299BDB64CF59C8806FEB7F5FF48310F10819AE949EB251DB709E85CFA1

Function 00D1EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00D1EABD

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 73966990cdf8a5966e866875e690e0143eef858b9480c81730a9e14c133d4ccc
Instruction ID: c9f65d785cf0b46fa760db41b327ddbea64b17469127c0cef04dbf645b494e65
Opcode Fuzzy Hash: 73966990cdf8a5966e866875e690e0143eef858b9480c81730a9e14c133d4ccc
Instruction Fuzzy Hash: 70E04F32214205AFC710EF69E845E9AF7E9AF99764F048416FC4AD7361DB70EC808BA1

Function 00CC09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00CC03EE), ref: 00CC09DA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 18b4898833545ab2757a6b4b345049fe7e4e2c30d28c411ae063f180724f9699
Instruction ID: 1b20b1c7169589d335e568f73c26a39a180334010f0106ab48c23874d97b96a8
Opcode Fuzzy Hash: 18b4898833545ab2757a6b4b345049fe7e4e2c30d28c411ae063f180724f9699
Instruction Fuzzy Hash:

Function 00CC781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00CC798B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: a57b903c28d125d9c4087abb48c6d0014ba974e88435184ab29152bacb84f7f1
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 5051756160C6055BDF388629C95AFBF2399DB12340F18070DEAA2EB6C2C625DF45EF52

Function 00CD6DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9826ab65b07dd3bb65fc7d20d62bff264078b217e8482768c522ac57c030f916
Instruction ID: e86eb8c79b34a1ad8f2d0cf5ea0842e2ab52c91015115354eb10a13cb40023df
Opcode Fuzzy Hash: 9826ab65b07dd3bb65fc7d20d62bff264078b217e8482768c522ac57c030f916
Instruction Fuzzy Hash: 0C321326D29F014EDB239A34D862335A249AFB73C5F55C737F82AB5AA5FB39C5834100

Function 00CBCC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973e589a0e05a889cde96530e2ab012e559f46c1ad1709d5944665a16a99867f
Instruction ID: a55f9771de67f94c4409d2f8025943f45b63dd3baffb2f0a6b5ee7a51443124f
Opcode Fuzzy Hash: 973e589a0e05a889cde96530e2ab012e559f46c1ad1709d5944665a16a99867f
Instruction Fuzzy Hash: D6321631B0411D8BDF68CF2DC6D46BD7BA1EB45300F28856AD66ACB295D230DE81EB52

Function 00CA7920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d28ee05019a14824c68d55be87d30578e0da2d2a310048d5a55b551a91e4e1
Instruction ID: 341083f5d1495b33822acb87cf8e91a703195a7caa3c3df661c3752870b03fde
Opcode Fuzzy Hash: 84d28ee05019a14824c68d55be87d30578e0da2d2a310048d5a55b551a91e4e1
Instruction Fuzzy Hash: 9E22B1B0A0064ADFDF14CF65D981AEEB3F5FF45308F204629E816A7291EB359E11DB60

Function 00CA91C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae66e3c0a70adf2370ed8775b540975452f14bcb6886c53b007639e9e6ce069c
Instruction ID: 95b22b3cba219d0105bfaa0ef54bad0790305f4b5dfc8c01a0c95db44e663e4d
Opcode Fuzzy Hash: ae66e3c0a70adf2370ed8775b540975452f14bcb6886c53b007639e9e6ce069c
Instruction Fuzzy Hash: DD02B6B0E00246EBDB04DF65D881AAEB7B5FF44344F208169E816DB391EB31EE11DB95

Function 00CD9EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26cdaae59d6f116cb56c2d49cdf34436d56b257955484ca2a0cd4e7dc874d8b
Instruction ID: 50cb3ada8cfffbf50bf92dcb73b7fe1f8d3dc0b3a79f4a7bf0c59357f184d877
Opcode Fuzzy Hash: e26cdaae59d6f116cb56c2d49cdf34436d56b257955484ca2a0cd4e7dc874d8b
Instruction Fuzzy Hash: 0EB10425D2AF404ED3239B398835336B65CAFBB6D5F51D71BFC16B4E62EB2286834140

Function 00CC1C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: aad0dfc7937d5e211b0a38e10825c2f40727e655b1819483396eac13136814b0
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 959157725080A34AD72A463BC574A7DFFE15A533A131D079DECF3CA1C6EE24CA65D620

Function 00CC1F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: ab90d0a0571dc54c657c796f59872bae87671b80a0a19a7306fdc66b5e1e7c90
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 1B916B721090A349DB69467FC57493DFFE15A933A131E079ED8F2CB1C6EE24CA54D620

Function 00CC19B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: 4946d0021240dce2e319e0f867d1c4e0ce7d64192ee87fdab6b525e51916d51b
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 329125722090A34EDB2D467BC57493DFFE15A933A131D079DD8F2CA1C2FD24CA65AA20

Function 00CC7A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b46efd753f4801304fdfdc76f62ec9e9fc8e47ed918d2463160761e52360511
Instruction ID: b64e7d45d99f10e22fbd83722f91230f146046bdc1a12ae3ac4758c13561cb40
Opcode Fuzzy Hash: 8b46efd753f4801304fdfdc76f62ec9e9fc8e47ed918d2463160761e52360511
Instruction Fuzzy Hash: 12616671608709A7DF349A28C9B6FBF2394DF41710F101B5EE863CB281DA119F82AF55

Function 00CC7CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c27747832112b3605ba2cb41664d96f2e837838c49e97df6f1d34573f1ed724
Instruction ID: ecb8fd468c33d8d1c95b1a3261217f1ba4790c17a61213c848d0cde452a9ca79
Opcode Fuzzy Hash: 1c27747832112b3605ba2cb41664d96f2e837838c49e97df6f1d34573f1ed724
Instruction Fuzzy Hash: 24617A726087096BDE385A28C856FBF2394EF42740F100B5EF853DB681DA12EF46DE55

Function 00CC1706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: 8e9516affb2bfb7095b9baad6bb6951176559e8a5f16476765b5e847aabfa27f
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: ED81447250D0A349DB69463BC574A3EFFE15A933A131E079DD8F2CA1C3EE24D654E620

Function 00D12046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95822b9821b64f073c44fef441cb6fd47243b854d6573f9c6f224b9881a6d986
Instruction ID: 1247e2233fb19b2fc8e79c203144fb85e651bbf5253c92195db5c2588ae7caa6
Opcode Fuzzy Hash: 95822b9821b64f073c44fef441cb6fd47243b854d6573f9c6f224b9881a6d986
Instruction Fuzzy Hash: 9421BB326206118BD728CF79C8236BE73E5E754310F19862EE4A7C37D1DE36A944C750

Function 00D22ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00D22B30
DeleteObject.GDI32(00000000), ref: 00D22B43
DestroyWindow.USER32 ref: 00D22B52
GetDesktopWindow.USER32 ref: 00D22B6D
GetWindowRect.USER32(00000000), ref: 00D22B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00D22CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00D22CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22CF8
GetClientRect.USER32(00000000,?), ref: 00D22D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D22D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D80
GlobalLock.KERNEL32(00000000), ref: 00D22D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D98
GlobalUnlock.KERNEL32(00000000), ref: 00D22DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22DA8
GlobalFree.KERNEL32(00000000), ref: 00D22DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00D3FC38,00000000), ref: 00D22DDB
GlobalFree.KERNEL32(00000000), ref: 00D22DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00D22E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00D22E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D2303F

Strings

AutoIt v3, xrefs: 00D22CF2
static, xrefs: 00D22D3A, 00D22E91
DISPLAY, xrefs: 00D22EA2
, xrefs: 00D22FC5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 6f75d68ac0f185cd80effb48d617950716e17f3d45ddd9bd996df153ff255748
Instruction ID: 5b0720fcab9a134ea26be58d3ab0aa6605844f0bc85c14ded9d313a4cb41a1be
Opcode Fuzzy Hash: 6f75d68ac0f185cd80effb48d617950716e17f3d45ddd9bd996df153ff255748
Instruction Fuzzy Hash: AC027975910215AFDB14DFA8DC89EAE7BB9EF49314F048118F915EB2A1DB74AD00CB70

Function 00D370D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00D3712F
GetSysColorBrush.USER32(0000000F), ref: 00D37160
GetSysColor.USER32(0000000F), ref: 00D3716C
SetBkColor.GDI32(?,000000FF), ref: 00D37186
SelectObject.GDI32(?,?), ref: 00D37195
InflateRect.USER32(?,000000FF,000000FF), ref: 00D371C0
GetSysColor.USER32(00000010), ref: 00D371C8
CreateSolidBrush.GDI32(00000000), ref: 00D371CF
FrameRect.USER32(?,?,00000000), ref: 00D371DE
DeleteObject.GDI32(00000000), ref: 00D371E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00D37230
FillRect.USER32(?,?,?), ref: 00D37262
GetWindowLongW.USER32(?,000000F0), ref: 00D37284

Part of subcall function 00D373E8: GetSysColor.USER32(00000012), ref: 00D37421
Part of subcall function 00D373E8: SetTextColor.GDI32(?,?), ref: 00D37425
Part of subcall function 00D373E8: GetSysColorBrush.USER32(0000000F), ref: 00D3743B
Part of subcall function 00D373E8: GetSysColor.USER32(0000000F), ref: 00D37446
Part of subcall function 00D373E8: GetSysColor.USER32(00000011), ref: 00D37463
Part of subcall function 00D373E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00D37471
Part of subcall function 00D373E8: SelectObject.GDI32(?,00000000), ref: 00D37482
Part of subcall function 00D373E8: SetBkColor.GDI32(?,00000000), ref: 00D3748B
Part of subcall function 00D373E8: SelectObject.GDI32(?,?), ref: 00D37498
Part of subcall function 00D373E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00D374B7
Part of subcall function 00D373E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00D374CE
Part of subcall function 00D373E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00D374DB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 11a0f6e53167f2d792a32a5866a780bfbde24515188dfa2afc53c35e41d2c313
Instruction ID: b43ad55517581a9135d84439b1c83af3897262c9d46472833bda5ba35dfb7736
Opcode Fuzzy Hash: 11a0f6e53167f2d792a32a5866a780bfbde24515188dfa2afc53c35e41d2c313
Instruction Fuzzy Hash: 1DA1C072018701BFDB109F60DC48E6B7BA9FF48320F142A19F9A2E62E1D771E944DB61

Function 00CB8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00CB8E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00CF6AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00CF6AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00CF6F43

Part of subcall function 00CB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CB8BE8,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8FC5

SendMessageW.USER32(?,00001053), ref: 00CF6F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00CF6F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00CF6FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00CF6FB7

Strings

0, xrefs: 00CF6DCF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 32ed074ca80cf54b9c22978885b0f1eba203e1bb7408694d04fcfc0ec7d2749a
Instruction ID: fcecb91ec951debcb705f3bfc6ca5d609148c2df074ceb5f43e105c092e5798c
Opcode Fuzzy Hash: 32ed074ca80cf54b9c22978885b0f1eba203e1bb7408694d04fcfc0ec7d2749a
Instruction Fuzzy Hash: 3E12BC38200245EFDB65DF28C844BB6B7E5FB44300F144169E6A9DB261CB31ED96DFA2

Function 00D22711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00D2273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D2286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00D228A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00D228B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00D22900
GetClientRect.USER32(00000000,?), ref: 00D2290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00D22955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00D22964
GetStockObject.GDI32(00000011), ref: 00D22974
SelectObject.GDI32(00000000,00000000), ref: 00D22978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00D22988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D22991
DeleteDC.GDI32(00000000), ref: 00D2299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00D229C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00D229DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00D22A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00D22A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00D22A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00D22A77
GetStockObject.GDI32(00000011), ref: 00D22A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00D22A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00D22A97

Strings

AutoIt v3, xrefs: 00D228F8
static, xrefs: 00D2294F, 00D22A71
DISPLAY, xrefs: 00D2295A
msctls_progress32, xrefs: 00D22A13

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 06d3f3b614c9d747a98a37a360bb18dc8ac7c2aabc9b976427a188d8b4c59fbe
Instruction ID: a6d8bfa3cc735bc00bd96396356dc6229186870ef869170886ccdc50fc73fa03
Opcode Fuzzy Hash: 06d3f3b614c9d747a98a37a360bb18dc8ac7c2aabc9b976427a188d8b4c59fbe
Instruction Fuzzy Hash: 34B15C75A10215BFEB14DF68DC8AFAE7BA9EB08714F008214F915E72A1D774ED40CBA0

Function 00D14ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00D14AED
GetDriveTypeW.KERNEL32(?,00D3CB68,?,\\.\,00D3CC08), ref: 00D14BCA
SetErrorMode.KERNEL32(00000000,00D3CB68,?,\\.\,00D3CC08), ref: 00D14D36

Strings

Removable, xrefs: 00D14C10, 00D14C15
USB, xrefs: 00D14CB4
CDROM, xrefs: 00D14BFB
SAS, xrefs: 00D14CC9
SSA, xrefs: 00D14CA6
PhysicalDrive, xrefs: 00D14B76
ATA, xrefs: 00D14C98
\\.\, xrefs: 00D14B3F
Fibre, xrefs: 00D14CAD
Virtual, xrefs: 00D14CE5
SSD, xrefs: 00D14C4A
SCSI, xrefs: 00D14C8A
Network, xrefs: 00D14C02
Unknown, xrefs: 00D14BED, 00D14C83
ATAPI, xrefs: 00D14C91
RAMDisk, xrefs: 00D14BF4
MMC, xrefs: 00D14CDE
SATA, xrefs: 00D14CD0
1394, xrefs: 00D14C9F
Fixed, xrefs: 00D14C09
iSCSI, xrefs: 00D14CC2
RAID, xrefs: 00D14CBB
FileBackedVirtual, xrefs: 00D14CEC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 62cc59eb12b90d245a1f8558a73379185533baf9c10a7dcd8d52de934952790a
Instruction ID: cf3046f2f6decd46c98e552bb49647cd38b523841248264ad7c6775c038771d1
Opcode Fuzzy Hash: 62cc59eb12b90d245a1f8558a73379185533baf9c10a7dcd8d52de934952790a
Instruction Fuzzy Hash: B461A370605206FFCB04DF24EA82DE9B7A2EF45744B284015F846AB291DF35DD85EBB1

Function 00D373E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00D37421
SetTextColor.GDI32(?,?), ref: 00D37425
GetSysColorBrush.USER32(0000000F), ref: 00D3743B
GetSysColor.USER32(0000000F), ref: 00D37446
CreateSolidBrush.GDI32(?), ref: 00D3744B
GetSysColor.USER32(00000011), ref: 00D37463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00D37471
SelectObject.GDI32(?,00000000), ref: 00D37482
SetBkColor.GDI32(?,00000000), ref: 00D3748B
SelectObject.GDI32(?,?), ref: 00D37498
InflateRect.USER32(?,000000FF,000000FF), ref: 00D374B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00D374CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00D374DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D3752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00D37554
InflateRect.USER32(?,000000FD,000000FD), ref: 00D37572
DrawFocusRect.USER32(?,?), ref: 00D3757D
GetSysColor.USER32(00000011), ref: 00D3758E
SetTextColor.GDI32(?,00000000), ref: 00D37596
DrawTextW.USER32(?,00D370F5,000000FF,?,00000000), ref: 00D375A8
SelectObject.GDI32(?,?), ref: 00D375BF
DeleteObject.GDI32(?), ref: 00D375CA
SelectObject.GDI32(?,?), ref: 00D375D0
DeleteObject.GDI32(?), ref: 00D375D5
SetTextColor.GDI32(?,?), ref: 00D375DB
SetBkColor.GDI32(?,?), ref: 00D375E5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 7a2e5b4fe1ded69bc39569b895192b48bf5234422df94db3fcfdcd19005634d4
Instruction ID: 1a2f6aa369c1b2c21c825a67a8e66cf15d43ae9a91650506bfc8e01678ff24ea
Opcode Fuzzy Hash: 7a2e5b4fe1ded69bc39569b895192b48bf5234422df94db3fcfdcd19005634d4
Instruction Fuzzy Hash: 5A617B72900218AFDF119FA4DC49EEEBFB9EB08360F145115F911FB2A1D775A940DBA0

Function 00D30FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00D31128
GetDesktopWindow.USER32 ref: 00D3113D
GetWindowRect.USER32(00000000), ref: 00D31144
GetWindowLongW.USER32(?,000000F0), ref: 00D31199
DestroyWindow.USER32(?), ref: 00D311B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00D311ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D3120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D3121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00D31232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00D31245
IsWindowVisible.USER32(00000000), ref: 00D312A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00D312BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00D312D0
GetWindowRect.USER32(00000000,?), ref: 00D312E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00D3130E
GetMonitorInfoW.USER32(00000000,?), ref: 00D31328
CopyRect.USER32(?,?), ref: 00D3133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00D313AA

Strings

0, xrefs: 00D310D3
(, xrefs: 00D3131B
tooltips_class32, xrefs: 00D311E6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: e65503f23a3f0e75c0f7bd65c2c5c3eb16eec1b63eab33c05dcb043838d4cb51
Instruction ID: 7b2831abb9199ae1f16f374446854edc382511ec9b20591822382afa301eda6a
Opcode Fuzzy Hash: e65503f23a3f0e75c0f7bd65c2c5c3eb16eec1b63eab33c05dcb043838d4cb51
Instruction Fuzzy Hash: 7DB19C75608342AFD714DF64C885BABBBE4FF85354F048918F999AB2A1C731EC44CBA1

Function 00CB8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CB8968
GetSystemMetrics.USER32(00000007), ref: 00CB8970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CB899B
GetSystemMetrics.USER32(00000008), ref: 00CB89A3
GetSystemMetrics.USER32(00000004), ref: 00CB89C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00CB89E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00CB89F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00CB8A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00CB8A3C
GetClientRect.USER32(00000000,000000FF), ref: 00CB8A5A
GetStockObject.GDI32(00000011), ref: 00CB8A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00CB8A81

Part of subcall function 00CB912D: GetCursorPos.USER32(?), ref: 00CB9141
Part of subcall function 00CB912D: ScreenToClient.USER32(00000000,?), ref: 00CB915E
Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000001), ref: 00CB9183
Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000002), ref: 00CB919D

SetTimer.USER32(00000000,00000000,00000028,00CB90FC), ref: 00CB8AA8

Strings

AutoIt v3 GUI, xrefs: 00CB8A20

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 5515a4502a4546e04a562256cae8cb2719d9e64f88d9e034a5e19f5633af0279
Instruction ID: 27b535cba7f5a7ff6215421739c468d41b5fb08838324bf84fd92f6d65792b69
Opcode Fuzzy Hash: 5515a4502a4546e04a562256cae8cb2719d9e64f88d9e034a5e19f5633af0279
Instruction Fuzzy Hash: 66B12975A0020AAFDF14DFA8DC45BEA7BB5FB48314F104229FA25E7290DB74A941CF61

Function 00D00D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
Part of subcall function 00D010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
Part of subcall function 00D010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
Part of subcall function 00D010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D00DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D00E29
GetLengthSid.ADVAPI32(?), ref: 00D00E40
GetAce.ADVAPI32(?,00000000,?), ref: 00D00E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D00E96
GetLengthSid.ADVAPI32(?), ref: 00D00EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D00EB5
HeapAlloc.KERNEL32(00000000), ref: 00D00EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D00EDD
CopySid.ADVAPI32(00000000), ref: 00D00EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D00F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D00F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D00F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F6E
HeapFree.KERNEL32(00000000), ref: 00D00F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F7E
HeapFree.KERNEL32(00000000), ref: 00D00F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F8E
HeapFree.KERNEL32(00000000), ref: 00D00F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00D00FA1
HeapFree.KERNEL32(00000000), ref: 00D00FA8

Part of subcall function 00D01193: GetProcessHeap.KERNEL32(00000008,00D00BB1,?,00000000,?,00D00BB1,?), ref: 00D011A1
Part of subcall function 00D01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D00BB1,?), ref: 00D011A8
Part of subcall function 00D01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D00BB1,?), ref: 00D011B7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: c95182ab71e73b8fcc01b93eaba4487b7116bdb9c8cfea53c1609efb7f6a4a6b
Instruction ID: 48366546d2ab9ff08bca0049da70f62e2d6690705594b2aceae1b969c942815a
Opcode Fuzzy Hash: c95182ab71e73b8fcc01b93eaba4487b7116bdb9c8cfea53c1609efb7f6a4a6b
Instruction Fuzzy Hash: 34714A7290430ABBDB209FA4DC49BAEBFB8BF05301F184115FA59F6291D7719905DB70

Function 00D2C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00D3CC08,00000000,?,00000000,?,?), ref: 00D2C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00D2C5A4
_wcslen.LIBCMT ref: 00D2C5F4
_wcslen.LIBCMT ref: 00D2C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00D2C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00D2C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00D2C84D
RegCloseKey.ADVAPI32(?), ref: 00D2C881
RegCloseKey.ADVAPI32(00000000), ref: 00D2C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00D2C960

Strings

REG_EXPAND_SZ, xrefs: 00D2C5CD
REG_DWORD, xrefs: 00D2C804
REG_SZ, xrefs: 00D2C644
REG_BINARY, xrefs: 00D2C913
REG_MULTI_SZ, xrefs: 00D2C6F5
REG_QWORD, xrefs: 00D2C8C3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 82f67e4eeb40bd26ce749578f5b7759ffec0ab1f6872a3388f00a19de037fcce
Instruction ID: f60e4a80d2d100d9503ec0279d1533cce5f8ec37165ee353fb95c8e548f7c0ed
Opcode Fuzzy Hash: 82f67e4eeb40bd26ce749578f5b7759ffec0ab1f6872a3388f00a19de037fcce
Instruction Fuzzy Hash: 4A1279356142119FCB14EF14D891A2AB7E5FF89718F08895CF88A9B3A2DB31FC41DB91

Function 00D3091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00D309C6
_wcslen.LIBCMT ref: 00D30A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D30A54
_wcslen.LIBCMT ref: 00D30A8A
_wcslen.LIBCMT ref: 00D30B06
_wcslen.LIBCMT ref: 00D30B81

Part of subcall function 00CBF9F2: _wcslen.LIBCMT ref: 00CBF9FD

Part of subcall function 00D02BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D02BFA

Strings

GETSELECTED, xrefs: 00D30C4E
EXISTS, xrefs: 00D30B7C, 00D30B97
CHECK, xrefs: 00D30A85, 00D30AA0
GETITEMCOUNT, xrefs: 00D30C1E
UNCHECK, xrefs: 00D30D3E
EXPAND, xrefs: 00D30BF8
SELECT, xrefs: 00D30D11
GETTEXT, xrefs: 00D30C97
ISCHECKED, xrefs: 00D30CE1
COLLAPSE, xrefs: 00D30B01, 00D30B1C
GETTOTALCOUNT, xrefs: 00D309F2, 00D30A17

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: cde3b448369abc69f217fe6d8a58613ea98141d95cfb6c875121535e92a5629d
Instruction ID: 5c926b29db3478624e394e9806271849f93374abb0e078aef82f81053c7181f3
Opcode Fuzzy Hash: cde3b448369abc69f217fe6d8a58613ea98141d95cfb6c875121535e92a5629d
Instruction Fuzzy Hash: 66E1B1316083018FC714DF24C46096ABBE1FF99718F18895CF8969B7A2D731ED45DBA1

Function 00D2C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
_wcslen.LIBCMT ref: 00D2C9F1
_wcslen.LIBCMT ref: 00D2CA68
_wcslen.LIBCMT ref: 00D2CA9E
_wcslen.LIBCMT ref: 00D2CAF9
_wcslen.LIBCMT ref: 00D2CB2F
_wcslen.LIBCMT ref: 00D2CB7F

Strings

HKU, xrefs: 00D2CBF0
HKEY_CLASSES_ROOT, xrefs: 00D2CAF3, 00D2CAF8
HKEY_CURRENT_CONFIG, xrefs: 00D2CB79, 00D2CB7E
HKEY_CURRENT_USER, xrefs: 00D2CBBD
HKLM, xrefs: 00D2CA98, 00D2CA9D
HKCU, xrefs: 00D2CBCE
HKCR, xrefs: 00D2CB29, 00D2CB2E
HKEY_USERS, xrefs: 00D2CBDF
HKCC, xrefs: 00D2CBAC
HKEY_LOCAL_MACHINE, xrefs: 00D2CA62, 00D2CA67

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: 5170d8fc2b86666d183d8b5d9a6d72f2c0609f88828009b4034a28c32ab21428
Instruction ID: d991bdd8703270463ce5ecb17be1386107f9208c5a86195212718380490514b0
Opcode Fuzzy Hash: 5170d8fc2b86666d183d8b5d9a6d72f2c0609f88828009b4034a28c32ab21428
Instruction Fuzzy Hash: F171F532A2013A8BCB20DE7CED516BE3395AFB175CF295528F86697284E631CD45D3B0

Function 00D3833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D3835A
_wcslen.LIBCMT ref: 00D3836E
_wcslen.LIBCMT ref: 00D38391
_wcslen.LIBCMT ref: 00D383B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00D383F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00D3361A,?), ref: 00D3844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D38487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00D384CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D38501
FreeLibrary.KERNEL32(?), ref: 00D3850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00D3851D
DestroyIcon.USER32(?), ref: 00D3852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00D38549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00D38555

Strings

.dll, xrefs: 00D383AB
.icl, xrefs: 00D38368
.exe, xrefs: 00D38388

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 2327a2e529bac81f85e6291f0435a3c5f3bbecf463a8ae7369f751591b53df34
Instruction ID: 80373adbc33ff2bf96da3b01d3a4d3c63fa2399457da6bedba7817a695b7681a
Opcode Fuzzy Hash: 2327a2e529bac81f85e6291f0435a3c5f3bbecf463a8ae7369f751591b53df34
Instruction Fuzzy Hash: 5761B072550319BEEB14DF64CC41BBE77A8BB08711F108609F815E61D1DB74A984E7B0

Function 00CA7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

#cs, xrefs: 00CA7873, 00CA78C5
Bad directive syntax error, xrefs: 00CE519A
Unterminated group of comments, xrefs: 00CE528C
#notrayicon, xrefs: 00CA77E7
Cannot parse #include, xrefs: 00CE5279
#comments-start, xrefs: 00CA785F, 00CA78B1
#ce, xrefs: 00CA78ED
#requireadmin, xrefs: 00CA77FF
#OnAutoItStartRegister, xrefs: 00CA7817
', xrefs: 00CE5169
#include, xrefs: 00CA7847
#include-once, xrefs: 00CA782F
", xrefs: 00CE5153
#comments-end, xrefs: 00CA78D9
#pragma compile, xrefs: 00CA77D3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: 3c5e9d00b7fd0d7d7d55fcba2f21ff7acae0f659f37892e5d169bd00a6b36ac9
Instruction ID: cfa30fdd2e80b246e89fd29813be2aa041b6656faa1ec8be89cdf2e79000f38a
Opcode Fuzzy Hash: 3c5e9d00b7fd0d7d7d55fcba2f21ff7acae0f659f37892e5d169bd00a6b36ac9
Instruction Fuzzy Hash: DD81E771A44606BFDB21AF61DC42FAF37A8BF16304F044128F915EA192EB70DA15E7A1

Function 00D13E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00D13EF8
_wcslen.LIBCMT ref: 00D13F03
_wcslen.LIBCMT ref: 00D13F5A
_wcslen.LIBCMT ref: 00D13F98
GetDriveTypeW.KERNEL32(?), ref: 00D13FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D1401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D14059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D14087

Strings

open, xrefs: 00D13F54, 00D13F59
wait, xrefs: 00D14044
type cdaudio alias cd wait, xrefs: 00D14001
close cd wait, xrefs: 00D14072
closed, xrefs: 00D13F08, 00D13F2D, 00D13F46, 00D13F7E, 00D13F97
open , xrefs: 00D13FE5
set cd door , xrefs: 00D14028
close, xrefs: 00D13EFE, 00D13F18

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: 98e6f694fb4d256011d993726ae7b8a35c19ba4f2a9babc75f4812123dde8b29
Instruction ID: d950fbbd711b99c60575374d84fe6309d40ef8a08c399604e92dbd1889bc73f3
Opcode Fuzzy Hash: 98e6f694fb4d256011d993726ae7b8a35c19ba4f2a9babc75f4812123dde8b29
Instruction Fuzzy Hash: B671E331604312AFC710EF24D8818AAB7F4EF99758F14492DF89697251EB31DD8ACBA1

Function 00D05A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00D05A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D05A40
SetWindowTextW.USER32(?,?), ref: 00D05A57
GetDlgItem.USER32(?,000003EA), ref: 00D05A6C
SetWindowTextW.USER32(00000000,?), ref: 00D05A72
GetDlgItem.USER32(?,000003E9), ref: 00D05A82
SetWindowTextW.USER32(00000000,?), ref: 00D05A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00D05AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00D05AC3
GetWindowRect.USER32(?,?), ref: 00D05ACC
_wcslen.LIBCMT ref: 00D05B33
SetWindowTextW.USER32(?,?), ref: 00D05B6F
GetDesktopWindow.USER32 ref: 00D05B75
GetWindowRect.USER32(00000000), ref: 00D05B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00D05BD3
GetClientRect.USER32(?,?), ref: 00D05BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00D05C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00D05C2F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: b136a0cdaa96a3dcac88cf3c7bcc21137aec8408f3070b7d4c790d59efc411e1
Instruction ID: d8314658f5cbf406bbb00f9829ecb2eb0fc2e9d5dc727d58b9e27e5e2abc8aa6
Opcode Fuzzy Hash: b136a0cdaa96a3dcac88cf3c7bcc21137aec8408f3070b7d4c790d59efc411e1
Instruction Fuzzy Hash: 37714A31900B09AFDB20DFA8DD45BAEBBF5EB48704F144518E986A26A4D775E940CF60

Function 00D1FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00D1FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00D1FE32
LoadCursorW.USER32(00000000,00007F00), ref: 00D1FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00D1FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00D1FE53
LoadCursorW.USER32(00000000,00007F01), ref: 00D1FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00D1FE69
LoadCursorW.USER32(00000000,00007F88), ref: 00D1FE74
LoadCursorW.USER32(00000000,00007F80), ref: 00D1FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00D1FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00D1FE95
LoadCursorW.USER32(00000000,00007F85), ref: 00D1FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00D1FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00D1FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00D1FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00D1FECC
GetCursorInfo.USER32(?), ref: 00D1FEDC
GetLastError.KERNEL32 ref: 00D1FF1E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: bdd5348f3c0cb775a703fba372454c74b783f408e62dc8994332c47ada6a16bc
Instruction ID: 25da7415ac9ec6c08f420e9fb33ed3a61e743dd2e7c92845435c60dd9a6e5434
Opcode Fuzzy Hash: bdd5348f3c0cb775a703fba372454c74b783f408e62dc8994332c47ada6a16bc
Instruction Fuzzy Hash: 394161B0D083196ADB109FBA9C8985EBFE8FF04354B54452AE119E7291DB78A941CFA0

Function 00CC00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00CC00C6

Part of subcall function 00CC00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00D7070C,00000FA0,3678A890,?,?,?,?,00CE23B3,000000FF), ref: 00CC011C
Part of subcall function 00CC00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00CE23B3,000000FF), ref: 00CC0127
Part of subcall function 00CC00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00CE23B3,000000FF), ref: 00CC0138
Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00CC014E
Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CC015C
Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CC016A
Part of subcall function 00CC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00CC0195
Part of subcall function 00CC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00CC01A0

___scrt_fastfail.LIBCMT ref: 00CC00E7

Part of subcall function 00CC00A3: __onexit.LIBCMT ref: 00CC00A9

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00CC0122
WakeAllConditionVariable, xrefs: 00CC0162
InitializeConditionVariable, xrefs: 00CC0148
SleepConditionVariableCS, xrefs: 00CC0154
kernel32.dll, xrefs: 00CC0133

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: dd8176a3b03b03b9520452313d437de1398a12d5dfdbe32d9b5199271203e925
Instruction ID: fde1d35d1f610a9ce317e4e1f896199d0f9f58162f3df752ce00edff3bfa26f9
Opcode Fuzzy Hash: dd8176a3b03b03b9520452313d437de1398a12d5dfdbe32d9b5199271203e925
Instruction Fuzzy Hash: FD21F632A44710EFE7115BA4EC0AF6EB7A8DB04B61F24013DF815E23D1DBB09C009AB0

Function 00D030F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D0318D
_wcslen.LIBCMT ref: 00D031F8

Strings

REGEXPCLASS, xrefs: 00D03255, 00D03266
NAME, xrefs: 00D03335, 00D03346
TEXT, xrefs: 00D0347C
INSTANCE, xrefs: 00D03453
CLASS, xrefs: 00D03188, 00D031A5
CLASSNN, xrefs: 00D031F3, 00D03204

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: 71b8f02a73055f1e75a3b95b96e5f666fc9b52a09bf72f89daa63dd3028aaf5d
Instruction ID: d409a885a5b9411ad61e7e5b6b437338b94dd0e25a2ad8f3a943beba4f715d6a
Opcode Fuzzy Hash: 71b8f02a73055f1e75a3b95b96e5f666fc9b52a09bf72f89daa63dd3028aaf5d
Instruction Fuzzy Hash: D5E1B631A00616AFCB18DF78C855BEDBBB8BF54710F588119E45AB7290DB30AE85D7B0

Function 00D144C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00D3CC08), ref: 00D14527
_wcslen.LIBCMT ref: 00D1453B
_wcslen.LIBCMT ref: 00D14599
_wcslen.LIBCMT ref: 00D145F4
_wcslen.LIBCMT ref: 00D1463F
_wcslen.LIBCMT ref: 00D146A7

Part of subcall function 00CBF9F2: _wcslen.LIBCMT ref: 00CBF9FD

GetDriveTypeW.KERNEL32(?,00D66BF0,00000061), ref: 00D14743

Strings

all, xrefs: 00D14531, 00D14536
cdrom, xrefs: 00D1458F, 00D14594
ramdisk, xrefs: 00D146F1
network, xrefs: 00D1469D, 00D146A2
removable, xrefs: 00D145EA, 00D145EF
unknown, xrefs: 00D14708
fixed, xrefs: 00D14635, 00D1463A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: 4525d3c0c14d2a590475d8e14639f7357595bcaf845248782a934b27255ae68d
Instruction ID: 221aaffe8fd132560dcf6fc61617fd8ed99be1367127ec12c7009272d09dab0a
Opcode Fuzzy Hash: 4525d3c0c14d2a590475d8e14639f7357595bcaf845248782a934b27255ae68d
Instruction Fuzzy Hash: 96B1E571608302AFC710DF28E890AAEB7E5BF96764F54891DF496C7291DB30D885C7B2

Function 00D23FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00D3CC08), ref: 00D240BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00D240CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00D3CC08), ref: 00D240F2
FreeLibrary.KERNEL32(00000000,?,00D3CC08), ref: 00D2413E
StringFromGUID2.OLE32(?,?,00000028,?,00D3CC08), ref: 00D241A8
SysFreeString.OLEAUT32(00000009), ref: 00D24262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00D242C8
SysFreeString.OLEAUT32(?), ref: 00D242F2

Strings

GetModuleHandleExW, xrefs: 00D240C7
kernel32.dll, xrefs: 00D240B6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 3e6702e2ff79f49c07d5669833f236e8d08fc6dbcdd7f9eb13faad8ddb46466a
Instruction ID: 60aa802e540208322c98a36bdf403fc18ba0cdc5e5657949708471fd546dc758
Opcode Fuzzy Hash: 3e6702e2ff79f49c07d5669833f236e8d08fc6dbcdd7f9eb13faad8ddb46466a
Instruction Fuzzy Hash: 36127E75A00225EFDB14DF94D884EAEBBB5FF55318F288098F905AB251C771ED42CBA0

Function 00CA326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00D71990), ref: 00CE2F8D
GetMenuItemCount.USER32(00D71990), ref: 00CE303D
GetCursorPos.USER32(?), ref: 00CE3081
SetForegroundWindow.USER32(00000000), ref: 00CE308A
TrackPopupMenuEx.USER32(00D71990,00000000,?,00000000,00000000,00000000), ref: 00CE309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00CE30A9

Strings

0, xrefs: 00CA327D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: 18bfd1c35ae9b3105879b6746b2e8b85bef1fcc08e8600de6cd34d945e8fca7d
Instruction ID: ccda7e0bb27ee6fa82106a336eda3367176bb6b20cf6ac65833d6e76b09c4b76
Opcode Fuzzy Hash: 18bfd1c35ae9b3105879b6746b2e8b85bef1fcc08e8600de6cd34d945e8fca7d
Instruction Fuzzy Hash: DF713A31644296BEFB218F66CC49F9ABF68FF01324F244206F524AA1E1C7B1AE50D760

Function 00D36CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00D36DEB

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00D36E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00D36E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D36E94
DestroyWindow.USER32(?), ref: 00D36EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00CA0000,00000000), ref: 00D36EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D36EFD
GetDesktopWindow.USER32 ref: 00D36F16
GetWindowRect.USER32(00000000), ref: 00D36F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D36F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00D36F4D

Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952

Strings

0, xrefs: 00D36D98
tooltips_class32, xrefs: 00D36E58, 00D36EDD

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: d7e3c8fea6d08ccf949d11254cbf30784a779aaeec1b4f93ba81b416fdb80cf0
Instruction ID: e71a162091a229cd13980a223d2928935d4862fbe79a8c609cd2315231552225
Opcode Fuzzy Hash: d7e3c8fea6d08ccf949d11254cbf30784a779aaeec1b4f93ba81b416fdb80cf0
Instruction Fuzzy Hash: 6D716574104345AFDB21CF18D844BAABBE9FF89304F08891DFA99D7261D770E94ADB21

Function 00D3911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

DragQueryPoint.SHELL32(?,?), ref: 00D39147

Part of subcall function 00D37674: ClientToScreen.USER32(?,?), ref: 00D3769A
Part of subcall function 00D37674: GetWindowRect.USER32(?,?), ref: 00D37710
Part of subcall function 00D37674: PtInRect.USER32(?,?,00D38B89), ref: 00D37720

SendMessageW.USER32(?,000000B0,?,?), ref: 00D391B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00D391BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00D391DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00D39225
SendMessageW.USER32(?,000000B0,?,?), ref: 00D3923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00D39255
SendMessageW.USER32(?,000000B1,?,?), ref: 00D39277
DragFinish.SHELL32(?), ref: 00D3927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00D39371

Strings

@GUI_DROPID, xrefs: 00D3929E
@GUI_DRAGFILE, xrefs: 00D39320
@GUI_DRAGID, xrefs: 00D392E9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 987726f81198f57360e71801a9a66a40c0b7c36e4ee8f213424536cfef130045
Instruction ID: 1671d3ddfaeb6571626d8f4720e3d99339745db1ef9c7ea9f290c2e820b46cee
Opcode Fuzzy Hash: 987726f81198f57360e71801a9a66a40c0b7c36e4ee8f213424536cfef130045
Instruction Fuzzy Hash: 7B617C71108301AFC701EF64DC85DAFBBE8EF89754F400A1EF595932A1DB70AA49CB62

Function 00D1C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D1C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D1C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D1C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00D1C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00D1C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00D1C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D1C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D1C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D1C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D1C5F0
InternetCloseHandle.WININET(00000000), ref: 00D1C5FB

Strings

, xrefs: 00D1C575

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: f332af82a9db512e2624588e08802540656052b813ed23972a9b727a85748470
Instruction ID: 940f1c7540467d7382e2b742b9556be814cf3a737c09e071be3feb3d51922dd9
Opcode Fuzzy Hash: f332af82a9db512e2624588e08802540656052b813ed23972a9b727a85748470
Instruction Fuzzy Hash: 5C5139B1550308BFEB218FA4D988ABB7BBDFF08754F046419F945E6210EB34E9849B70

Function 00D3856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00D38592
GetFileSize.KERNEL32(00000000,00000000), ref: 00D385A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00D385AD
CloseHandle.KERNEL32(00000000), ref: 00D385BA
GlobalLock.KERNEL32(00000000), ref: 00D385C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00D385D7
GlobalUnlock.KERNEL32(00000000), ref: 00D385E0
CloseHandle.KERNEL32(00000000), ref: 00D385E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00D385F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00D3FC38,?), ref: 00D38611
GlobalFree.KERNEL32(00000000), ref: 00D38621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00D38641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00D38671
DeleteObject.GDI32(00000000), ref: 00D38699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00D386AF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: e22736b21b7cae7145e53d9fc6b045884679b13684a7196a95b179e2355ffed9
Instruction ID: a40dd1d74b4fc8dcde1023d1679a79d38bcd8b580ce9f08c8cef4d0c0425b42a
Opcode Fuzzy Hash: e22736b21b7cae7145e53d9fc6b045884679b13684a7196a95b179e2355ffed9
Instruction Fuzzy Hash: 2E41F875610308AFDB119FA5DC89EAB7BB8FF89B11F148058F906E7260DB709901DB70

Function 00D114BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00D11502
VariantCopy.OLEAUT32(?,?), ref: 00D1150B
VariantClear.OLEAUT32(?), ref: 00D11517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00D115FB
VarR8FromDec.OLEAUT32(?,?), ref: 00D11657
VariantInit.OLEAUT32(?), ref: 00D11708
SysFreeString.OLEAUT32(?), ref: 00D1178C
VariantClear.OLEAUT32(?), ref: 00D117D8
VariantClear.OLEAUT32(?), ref: 00D117E7
VariantInit.OLEAUT32(00000000), ref: 00D11823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00D11625
Default, xrefs: 00D116AF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: f574afd19351d1190d6cc76e7091cec80a0ad7797bf83e084a14c98033afb855
Instruction ID: c3dadcc3d7f2e9ccd4c87ba5f62a7f5dc0124d6375d8be9d0007eab191f180c7
Opcode Fuzzy Hash: f574afd19351d1190d6cc76e7091cec80a0ad7797bf83e084a14c98033afb855
Instruction Fuzzy Hash: 37D11235600615EBEB109F64E885BFDB7B6BF45700F148459E686AB280DF30EC85EB72

Function 00D2B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00D2B80A
RegCloseKey.ADVAPI32(?), ref: 00D2B87E
RegCloseKey.ADVAPI32(?), ref: 00D2B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00D2B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D2B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00D2B922
FreeLibrary.KERNEL32(00000000), ref: 00D2B983
RegCloseKey.ADVAPI32(00000000), ref: 00D2B994

Strings

RegDeleteKeyExW, xrefs: 00D2B8FE
advapi32.dll, xrefs: 00D2B8ED

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: adc0d4f720eff25224b1d9e66aaaa5b89edc0676dc9a54db80641ffdfc48ec0e
Instruction ID: bc22ff7871be43ad9630e35b017401a877c4d83c9fd33a2339c6c1d8819a4725
Opcode Fuzzy Hash: adc0d4f720eff25224b1d9e66aaaa5b89edc0676dc9a54db80641ffdfc48ec0e
Instruction Fuzzy Hash: 53C1AC30208212AFD714DF24D495F2ABBE1FF95318F18845DE49A8B2A2CB71EC45DBA1

Function 00D2255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00D225D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00D225E8
CreateCompatibleDC.GDI32(?), ref: 00D225F4
SelectObject.GDI32(00000000,?), ref: 00D22601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00D2266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00D226AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00D226D0
SelectObject.GDI32(?,?), ref: 00D226D8
DeleteObject.GDI32(?), ref: 00D226E1
DeleteDC.GDI32(?), ref: 00D226E8
ReleaseDC.USER32(00000000,?), ref: 00D226F3

Strings

(, xrefs: 00D2268D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: b583dacfee38356cce8039d9379495cda8969a237b83b69e9a5287e41d50b3ab
Instruction ID: 1ba8000686d7f4ff778d514136c2c28d88c18fd0f8a39526703281d3503894a6
Opcode Fuzzy Hash: b583dacfee38356cce8039d9379495cda8969a237b83b69e9a5287e41d50b3ab
Instruction Fuzzy Hash: E261F176D00219EFCF14CFA8D884AAEBBB6FF48310F208529E955A7350D770A941DFA0

Function 00CDDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00CDDAA1

Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD659
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD66B
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD67D
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD68F
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6A1
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6B3
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6C5
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6D7
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6E9
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6FB
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD70D
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD71F
Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD731

_free.LIBCMT ref: 00CDDA96

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

_free.LIBCMT ref: 00CDDAB8
_free.LIBCMT ref: 00CDDACD
_free.LIBCMT ref: 00CDDAD8
_free.LIBCMT ref: 00CDDAFA
_free.LIBCMT ref: 00CDDB0D
_free.LIBCMT ref: 00CDDB1B
_free.LIBCMT ref: 00CDDB26
_free.LIBCMT ref: 00CDDB5E
_free.LIBCMT ref: 00CDDB65
_free.LIBCMT ref: 00CDDB82
_free.LIBCMT ref: 00CDDB9A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: dd6731532c12c81b4af2ce8022cba73fbedebb5e0d48e8a0eef06c1ab5ca8373
Instruction ID: 3391ffcc548399693e0afd159a4d7ee267c3f8b4340c564c4755e94fb6436180
Opcode Fuzzy Hash: dd6731532c12c81b4af2ce8022cba73fbedebb5e0d48e8a0eef06c1ab5ca8373
Instruction Fuzzy Hash: D6314D31A04705AFEB21AA39E845B56B7E9FF10314F15441BF66AD7391DF31ED80A720

Function 00D0365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00D0369C
_wcslen.LIBCMT ref: 00D036A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00D03797
GetClassNameW.USER32(?,?,00000400), ref: 00D0380C
GetDlgCtrlID.USER32(?), ref: 00D0385D
GetWindowRect.USER32(?,?), ref: 00D03882
GetParent.USER32(?), ref: 00D038A0
ScreenToClient.USER32(00000000), ref: 00D038A7
GetClassNameW.USER32(?,?,00000100), ref: 00D03921
GetWindowTextW.USER32(?,?,00000400), ref: 00D0395D

Strings

%s%u, xrefs: 00D03734

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: beec4f72e778940a8b97550cdd5e6d4c1277c14ae6a82fd2e7e7047353755573
Instruction ID: 48660c12341ea7d92af5bf93798a0a462bcded79d2eee085f79f62a86fb5f6f3
Opcode Fuzzy Hash: beec4f72e778940a8b97550cdd5e6d4c1277c14ae6a82fd2e7e7047353755573
Instruction Fuzzy Hash: D9918B71204706AFD719DF24D885FAAB7ACFF48350F448629F999D2190DB30EA45CBA1

Function 00D04954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00D04994
GetWindowTextW.USER32(?,?,00000400), ref: 00D049DA
_wcslen.LIBCMT ref: 00D049EB
CharUpperBuffW.USER32(?,00000000), ref: 00D049F7
_wcsstr.LIBVCRUNTIME ref: 00D04A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00D04A64
GetWindowTextW.USER32(?,?,00000400), ref: 00D04A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00D04AE6
GetClassNameW.USER32(?,?,00000400), ref: 00D04B20
GetWindowRect.USER32(?,?), ref: 00D04B8B

Strings

ThumbnailClass, xrefs: 00D04A6F, 00D04AF1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: b1c5e2b50fca3d2475793e238779668ddb79690a01ecdc0ac7e3d61ea76110d0
Instruction ID: 3a37b2a8794b643f17f9e50291b6fc7faff372ba965a7ac0c1bb30697522b960
Opcode Fuzzy Hash: b1c5e2b50fca3d2475793e238779668ddb79690a01ecdc0ac7e3d61ea76110d0
Instruction Fuzzy Hash: 80918AB21043059BDB14DF14C985FAAB7E8EF84354F088469FE899A1D6EB30ED45CBB1

Function 00D0BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00D71990,000000FF,00000000,00000030), ref: 00D0BFAC
SetMenuItemInfoW.USER32(00D71990,00000004,00000000,00000030), ref: 00D0BFE1
Sleep.KERNEL32(000001F4), ref: 00D0BFF3
GetMenuItemCount.USER32(?), ref: 00D0C039
GetMenuItemID.USER32(?,00000000), ref: 00D0C056
GetMenuItemID.USER32(?,-00000001), ref: 00D0C082
GetMenuItemID.USER32(?,?), ref: 00D0C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D0C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0C145

Strings

0, xrefs: 00D0BF3D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: 767f0ed192e136d4a00d592a8740039f2827a0c0bb902eece52135e3b9b5b091
Instruction ID: 62ce079e65b50db7fd9be691fa99d6d1e1009db0403947e620164961528f6408
Opcode Fuzzy Hash: 767f0ed192e136d4a00d592a8740039f2827a0c0bb902eece52135e3b9b5b091
Instruction Fuzzy Hash: 65617CB092034AAFDB11CF68CC88BAEBBB8EB05354F041215E849A32D1D771AD45CB71

Function 00D2CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00D2CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D2CD48

Part of subcall function 00D2CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00D2CCAA
Part of subcall function 00D2CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00D2CCBD
Part of subcall function 00D2CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D2CCCF
Part of subcall function 00D2CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D2CD05
Part of subcall function 00D2CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00D2CCF3

Strings

RegDeleteKeyExW, xrefs: 00D2CCC9
advapi32.dll, xrefs: 00D2CCB8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: 786015e420513302bc408ac20e04b014df72e423c0c411adffb44d5425c1240b
Instruction ID: 2de7f78c83ee8677653588e72d810b69fe16008ffac16aa85ee1c9c5bde080ef
Opcode Fuzzy Hash: 786015e420513302bc408ac20e04b014df72e423c0c411adffb44d5425c1240b
Instruction Fuzzy Hash: 45318E76911228BBDB208B61EC88EFFBB7CEF15744F041165A905E3240DA749E45EBB0

Function 00D13D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D13D40
_wcslen.LIBCMT ref: 00D13D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00D13D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00D13DBE
RemoveDirectoryW.KERNEL32(?), ref: 00D13DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00D13E55
CloseHandle.KERNEL32(00000000), ref: 00D13E60
CloseHandle.KERNEL32(00000000), ref: 00D13E6B

Strings

\??\%s, xrefs: 00D13D5B
\, xrefs: 00D13D77
:, xrefs: 00D13D82

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: bd8c5c6d570b634c5c8f07d6f5c37a9fb0be97be2ef675577eab2eda6a806bb8
Instruction ID: 7ebf4c18410ca2f9e113991ad4b153150ea99aa46712cf02305ddafcf0efad58
Opcode Fuzzy Hash: bd8c5c6d570b634c5c8f07d6f5c37a9fb0be97be2ef675577eab2eda6a806bb8
Instruction Fuzzy Hash: 1C31A176910209ABDB209BA0EC49FEF37BCEF88700F1441B9F505E61A0EB7497848B74

Function 00D0E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00D0E6B4

Part of subcall function 00CBE551: timeGetTime.WINMM(?,?,00D0E6D4), ref: 00CBE555

Sleep.KERNEL32(0000000A), ref: 00D0E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00D0E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00D0E727
SetActiveWindow.USER32 ref: 00D0E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00D0E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00D0E773
Sleep.KERNEL32(000000FA), ref: 00D0E77E
IsWindow.USER32 ref: 00D0E78A
EndDialog.USER32(00000000), ref: 00D0E79B

Strings

BUTTON, xrefs: 00D0E719

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 89a976dc9143a353d544e9edab0e40fc9ba0c9185e250aae8f42de09b9c78290
Instruction ID: 76ebee6333d3adeb6773868d8cdb5ad804ce65cba2feb4f9268f56cabad086fd
Opcode Fuzzy Hash: 89a976dc9143a353d544e9edab0e40fc9ba0c9185e250aae8f42de09b9c78290
Instruction Fuzzy Hash: 55216FB0210344AFEB006F65EC8AB393B69E794749F541825F50ED13F1EB71AC409B34

Function 00D0E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00D0EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00D0EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D0EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00D0EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00D0EAA7

Strings

play PlayMe, xrefs: 00D0EAA2
play PlayMe wait, xrefs: 00D0EA91
close PlayMe, xrefs: 00D0EA6E, 00D0EA9B
status PlayMe mode, xrefs: 00D0EA58
alias PlayMe, xrefs: 00D0EA36
open , xrefs: 00D0EA0C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: 3f9004cfbc3849e044611dabaa9878cd4e59c19cc1c77d52b8d4803a1139771d
Instruction ID: d90bb80301aa0cb6218e8d344da907bbd82c2dbe02d09a77e4a81e100cda80c4
Opcode Fuzzy Hash: 3f9004cfbc3849e044611dabaa9878cd4e59c19cc1c77d52b8d4803a1139771d
Instruction Fuzzy Hash: 26117731B902597ED710A762DC4AEFF6B7CEBD6B44F04082AB805A20D1EFB04D09C9B0

Function 00D09F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00D0A012
SetKeyboardState.USER32(?), ref: 00D0A07D
GetAsyncKeyState.USER32(000000A0), ref: 00D0A09D
GetKeyState.USER32(000000A0), ref: 00D0A0B4
GetAsyncKeyState.USER32(000000A1), ref: 00D0A0E3
GetKeyState.USER32(000000A1), ref: 00D0A0F4
GetAsyncKeyState.USER32(00000011), ref: 00D0A120
GetKeyState.USER32(00000011), ref: 00D0A12E
GetAsyncKeyState.USER32(00000012), ref: 00D0A157
GetKeyState.USER32(00000012), ref: 00D0A165
GetAsyncKeyState.USER32(0000005B), ref: 00D0A18E
GetKeyState.USER32(0000005B), ref: 00D0A19C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: b35aa5caec591aaada5a7f5adba381fb7f227aed0a56d8625fcdb2d111c71507
Instruction ID: e67505888f4b62f70ac074c275d9d04160a388c534fd7652c4081c8201b65f65
Opcode Fuzzy Hash: b35aa5caec591aaada5a7f5adba381fb7f227aed0a56d8625fcdb2d111c71507
Instruction Fuzzy Hash: 0851A53090478829FB35DB7489117EABFB59F12380F0C859AD5CA5B1C3DA94AA4CC773

Function 00D05CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00D05CE2
GetWindowRect.USER32(00000000,?), ref: 00D05CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00D05D59
GetDlgItem.USER32(?,00000002), ref: 00D05D69
GetWindowRect.USER32(00000000,?), ref: 00D05D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00D05DCF
GetDlgItem.USER32(?,000003E9), ref: 00D05DDD
GetWindowRect.USER32(00000000,?), ref: 00D05DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00D05E31
GetDlgItem.USER32(?,000003EA), ref: 00D05E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00D05E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00D05E67

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: f4eec89ef350484919bc692bfa2318abd57f694373f902c7233c6caf09b34371
Instruction ID: 465d87c4009b582628dec39f5b57ad86c8075314dca66a6c3334c62878ef157d
Opcode Fuzzy Hash: f4eec89ef350484919bc692bfa2318abd57f694373f902c7233c6caf09b34371
Instruction Fuzzy Hash: FA51FCB1A10715AFDB18CF68DD89BAEBBB5EB48300F149129F919E7294D7709E04CF60

Function 00CB8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CB8BE8,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8FC5

DestroyWindow.USER32(?), ref: 00CB8C81
KillTimer.USER32(00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00CF6973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CF69A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CF69B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000), ref: 00CF69D4
DeleteObject.GDI32(00000000), ref: 00CF69E6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 22ee5d5c48cc25624b71506e595532fc47157bf5d994e3a1c59ff2caca0c14e3
Instruction ID: 761f0040b377e08809a2fcdf57fc1c61f057cfac240b726fc6e3e58734c14270
Opcode Fuzzy Hash: 22ee5d5c48cc25624b71506e595532fc47157bf5d994e3a1c59ff2caca0c14e3
Instruction Fuzzy Hash: 1861DC75102705DFCB258F28C948BB57BF5FB04312F144618E2669B6A0CB71AEC5EFA1

Function 00CB9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952

GetSysColor.USER32(0000000F), ref: 00CB9862

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 687f79a1a4f7c9e6973fed6b7daa3ed6e5a958516e8f0735b7344efa278f91e4
Instruction ID: 0e47c3c06878a4c824c67f028d5299e40de8cda3955cbb255db9264bc831aaff
Opcode Fuzzy Hash: 687f79a1a4f7c9e6973fed6b7daa3ed6e5a958516e8f0735b7344efa278f91e4
Instruction Fuzzy Hash: F0417B31504744AFDB215B389C88BB93BA5EB06320F145619EAB69B2E1D7329942EB21

Function 00D096E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00CEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00D09717
LoadStringW.USER32(00000000,?,00CEF7F8,00000001), ref: 00D09720

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00CEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00D09742
LoadStringW.USER32(00000000,?,00CEF7F8,00000001), ref: 00D09745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00D09866

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00D0984A
^ ERROR, xrefs: 00D097FB
Line %d:, xrefs: 00D097A0
Error: , xrefs: 00D0981D
Line %d (File "%s"):, xrefs: 00D0978F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: ca54267d25ea9a59c71809b5d199a94f38dbb58b95832b607f393e1f2a2f2bf1
Instruction ID: d2adefb47e0059913f3a0af79967a7d52831bb551ff8a09fb69a15a616084ec9
Opcode Fuzzy Hash: ca54267d25ea9a59c71809b5d199a94f38dbb58b95832b607f393e1f2a2f2bf1
Instruction Fuzzy Hash: FC413A7280421AAACF04EBE0DD96EEEB778EF56344F104025F505B21A2EB356F49DB71

Function 00D006DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00D007A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00D007BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00D007DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00D00804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00D0082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D00837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D0083C

Strings

SOFTWARE\Classes\, xrefs: 00D0070E
\CLSID, xrefs: 00D00724
\IPC$, xrefs: 00D00784

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 93db61a4246c1549138666896e73e521a92a7514bfb83369150d0e8b457cea9e
Instruction ID: 5a26cce277adeae298332fe37dd9573856a3d5e51147b8dd3eab493e2db2f02d
Opcode Fuzzy Hash: 93db61a4246c1549138666896e73e521a92a7514bfb83369150d0e8b457cea9e
Instruction Fuzzy Hash: 5C41F772C10229ABDF15EBA4DC959EEB778FF44354F044129E905B32A1EB349E44DFA0

Function 00D33F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00D3403B
CreateCompatibleDC.GDI32(00000000), ref: 00D34042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00D34055
SelectObject.GDI32(00000000,00000000), ref: 00D3405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00D34068
DeleteDC.GDI32(00000000), ref: 00D34072
GetWindowLongW.USER32(?,000000EC), ref: 00D3407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00D34092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00D3409E

Strings

static, xrefs: 00D33FD3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 1b3362859713230ebe589467ce26aac57750deff89effe024a9fb1c799d9c0a8
Instruction ID: 332692872bace074cb46d7bd502f99b018bb1e89a4b10f9bfd08436e386a7c3b
Opcode Fuzzy Hash: 1b3362859713230ebe589467ce26aac57750deff89effe024a9fb1c799d9c0a8
Instruction Fuzzy Hash: 29317A32111215ABDF219FA4CC09FDA3B68EF0D320F051210FA18E61A0C735D860EBB0

Function 00D23C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00D23C5C
CoInitialize.OLE32(00000000), ref: 00D23C8A
CoUninitialize.OLE32 ref: 00D23C94
_wcslen.LIBCMT ref: 00D23D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00D23DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00D23ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00D23F0E
CoGetObject.OLE32(?,00000000,00D3FB98,?), ref: 00D23F2D
SetErrorMode.KERNEL32(00000000), ref: 00D23F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00D23FC4
VariantClear.OLEAUT32(?), ref: 00D23FD8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: ddcc5ef78c7fd59c937aebfcb5f4e68c6b0eae3d510c6de0ab943fc6fd90d5bc
Instruction ID: 970f68a6ca11f1229a70018133e95470c6733876e1be53089ce5f8429712bb19
Opcode Fuzzy Hash: ddcc5ef78c7fd59c937aebfcb5f4e68c6b0eae3d510c6de0ab943fc6fd90d5bc
Instruction Fuzzy Hash: E6C14471608315AFC700DF68D88492BBBE9FF99748F04495DF98A9B210D735EE05CB62

Function 00D17A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00D17AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00D17B8F
SHGetDesktopFolder.SHELL32(?), ref: 00D17BA3
CoCreateInstance.OLE32(00D3FD08,00000000,00000001,00D66E6C,?), ref: 00D17BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00D17C74
CoTaskMemFree.OLE32(?,?), ref: 00D17CCC
SHBrowseForFolderW.SHELL32(?), ref: 00D17D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00D17D7A
CoTaskMemFree.OLE32(00000000), ref: 00D17D81
CoTaskMemFree.OLE32(00000000), ref: 00D17DD6
CoUninitialize.OLE32 ref: 00D17DDC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 6d2a2388e783e53f828e1a4fb5d35eb0a9c2b76688672064777fc7d1aef6b73d
Instruction ID: af2565c1fe30a6c7b5a2e406ea2689bd38f6dce068c8e8197fb8ad021e922934
Opcode Fuzzy Hash: 6d2a2388e783e53f828e1a4fb5d35eb0a9c2b76688672064777fc7d1aef6b73d
Instruction Fuzzy Hash: 95C10A75A04209AFCB14DFA4D884DAEBBF5FF48314B148499E516DB361DB30EE85CBA0

Function 00D3541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00D35504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D35515
CharNextW.USER32(00000158), ref: 00D35544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00D35585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00D3559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D355AC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 5ac4af71d97416a6c132c8255c4cd284bd17cfc6faf810a5b266b90db8f936f2
Instruction ID: 72320c77fa266fa27b0357ca1e9e9371820145a8c8ea4d132eac455f4572114c
Opcode Fuzzy Hash: 5ac4af71d97416a6c132c8255c4cd284bd17cfc6faf810a5b266b90db8f936f2
Instruction Fuzzy Hash: EF619B75900608EFDF10CF94EC85AFE7BB9EB0A320F148155F965AB2A4D7709A80DB70

Function 00CFFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00CFFAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00CFFB08
VariantInit.OLEAUT32(?), ref: 00CFFB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00CFFB3A
VariantCopy.OLEAUT32(?,?), ref: 00CFFB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00CFFBA1
VariantClear.OLEAUT32(?), ref: 00CFFBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00CFFBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00CFFBCC
VariantClear.OLEAUT32(?), ref: 00CFFBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00CFFBE9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: a2598741ca4a011104574fc29859c7926ef447d58185d06e9a314533ea1284a5
Instruction ID: ed1f858ebcc4b49b22275ccf6498c6e8de1140f1be4f7a6c5a3af1ea3ed9aff1
Opcode Fuzzy Hash: a2598741ca4a011104574fc29859c7926ef447d58185d06e9a314533ea1284a5
Instruction Fuzzy Hash: 28412035A0021D9FCB10DFA4D8549FEBBB9EF48354F008069E955E7361DB30A946DBA1

Function 00D09C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00D09CA1
GetAsyncKeyState.USER32(000000A0), ref: 00D09D22
GetKeyState.USER32(000000A0), ref: 00D09D3D
GetAsyncKeyState.USER32(000000A1), ref: 00D09D57
GetKeyState.USER32(000000A1), ref: 00D09D6C
GetAsyncKeyState.USER32(00000011), ref: 00D09D84
GetKeyState.USER32(00000011), ref: 00D09D96
GetAsyncKeyState.USER32(00000012), ref: 00D09DAE
GetKeyState.USER32(00000012), ref: 00D09DC0
GetAsyncKeyState.USER32(0000005B), ref: 00D09DD8
GetKeyState.USER32(0000005B), ref: 00D09DEA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 8470b94497d9da61ddc0451c1409fcaab9668525f410ee01a01752b7be440b50
Instruction ID: 13ba441eb4f1c1b7965baad346f858eb9f0614d61f665dc165530e12161c3a8b
Opcode Fuzzy Hash: 8470b94497d9da61ddc0451c1409fcaab9668525f410ee01a01752b7be440b50
Instruction Fuzzy Hash: 0A4196349447C969FF319764C8243B5FEA06B51344F0C805ADACA566C3EBA59DC8C7B2

Function 00D2055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00D205BC
inet_addr.WSOCK32(?), ref: 00D2061C
gethostbyname.WSOCK32(?), ref: 00D20628
IcmpCreateFile.IPHLPAPI ref: 00D20636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00D206C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00D206E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00D207B9
WSACleanup.WSOCK32 ref: 00D207BF

Strings

Ping, xrefs: 00D20676

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 3f58055aa050a16ab746471da6aebba5b85cfd34c5ba37328c7404549a8225dc
Instruction ID: 8ac7d59377c31ad2aff0e339b07f9f7a2d0f42b2b179f811984d4aa47148881b
Opcode Fuzzy Hash: 3f58055aa050a16ab746471da6aebba5b85cfd34c5ba37328c7404549a8225dc
Instruction Fuzzy Hash: 10917A756083119FD320DF15D889F1ABBE0AF54318F1885A9E4A99B7A3C730ED45CFA1

Function 00D28CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00D28CF3

Part of subcall function 00D08E54: _wcslen.LIBCMT ref: 00D08E77

_wcslen.LIBCMT ref: 00D28D4E
_wcslen.LIBCMT ref: 00D28D9C
_wcslen.LIBCMT ref: 00D28DDC
_wcslen.LIBCMT ref: 00D28E6E

Strings

winapi, xrefs: 00D28D96, 00D28D9B
cdecl, xrefs: 00D28D48, 00D28D4D
stdcall, xrefs: 00D28DD6, 00D28DDB
none, xrefs: 00D28E65, 00D28E6A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: d1045b417f3a603548cc64522e61d18d6cee3bce4734fee67f64e0a337f9c0da
Instruction ID: f34fdba10b3b163cd9122447bf491874f8b4787da17cd7bff6046d6157645470
Opcode Fuzzy Hash: d1045b417f3a603548cc64522e61d18d6cee3bce4734fee67f64e0a337f9c0da
Instruction Fuzzy Hash: 3D51C331A051269BCB14DF68D8409BEB3A5BF75328B294229F466E72C4DB32DD44E7A0

Function 00D2372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00D23774
CoUninitialize.OLE32 ref: 00D2377F
CoCreateInstance.OLE32(?,00000000,00000017,00D3FB78,?), ref: 00D237D9
IIDFromString.OLE32(?,?), ref: 00D2384C
VariantInit.OLEAUT32(?), ref: 00D238E4
VariantClear.OLEAUT32(?), ref: 00D23936

Strings

Failed to create object, xrefs: 00D237E4, 00D2389A
Invalid parameter, xrefs: 00D23865
NULL Pointer assignment, xrefs: 00D2381E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 220d31d01eb11f3607a8a22066d4b1b550c89c9163920851b16e66a046748052
Instruction ID: ce3bf49ae009b0ed66929dfa9d49e8edffe2867010b3a33919931d782432e2ed
Opcode Fuzzy Hash: 220d31d01eb11f3607a8a22066d4b1b550c89c9163920851b16e66a046748052
Instruction Fuzzy Hash: DB61BF70608321AFD710DF64E849B5ABBE8EF59718F040909F9859B291D774EE48CBB2

Function 00D13388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00D133CF

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00D133F0

Strings

Incorrect parameters to object property !, xrefs: 00D134AB
"%s" (%d) : ==> %s:, xrefs: 00D13522
"%s" (%d) : ==> %s:%s%s, xrefs: 00D13504
Error: , xrefs: 00D134D1
^ ERROR , xrefs: 00D1349E
Line %d (File "%s"):, xrefs: 00D13443, 00D1345C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: b89ce980ae90117b3ef293080b84ab931326607666918321fc1fc9c0302285b3
Instruction ID: f8da424bfac55d2d3d75a471ed80c33cdf421261dde8d46e98d90ad4595b222e
Opcode Fuzzy Hash: b89ce980ae90117b3ef293080b84ab931326607666918321fc1fc9c0302285b3
Instruction Fuzzy Hash: E9518A7190020AABDF14EBA0DD56EEEB779EF05344F144165B409B21A2EF316F98EB70

Function 00D0B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00D0B5FC
_wcslen.LIBCMT ref: 00D0B608
_wcslen.LIBCMT ref: 00D0B64D
_wcslen.LIBCMT ref: 00D0B68C
_wcslen.LIBCMT ref: 00D0B6C7

Strings

EXISTS, xrefs: 00D0B686, 00D0B68B
KEYS, xrefs: 00D0B647, 00D0B64C
REMOVE, xrefs: 00D0B602, 00D0B607
APPEND, xrefs: 00D0B6C1, 00D0B6C6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: 15f1c13ff0d1baf1a5227618448814ddfab02961aefda155df419e4007b0501f
Instruction ID: c05827b3bb8bdddf876c6fb1e7d8b8184676a9213727315126b74d763fa8397a
Opcode Fuzzy Hash: 15f1c13ff0d1baf1a5227618448814ddfab02961aefda155df419e4007b0501f
Instruction Fuzzy Hash: 8841A932A041279BCB105F7DC8906BE77A5ABA1774B68412BE469DF2C4E732CD81C7B0

Function 00D15393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00D153A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00D15416
GetLastError.KERNEL32 ref: 00D15420
SetErrorMode.KERNEL32(00000000,READY), ref: 00D154A7

Strings

UNKNOWN, xrefs: 00D15444
READY, xrefs: 00D15460, 00D15468
NOTREADY, xrefs: 00D1544B
INVALID, xrefs: 00D15459
READONLY, xrefs: 00D15452

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 68a1f5d57d8e0557460eb0f9f216096b02801937d55b1263eb8cf2318db64255
Instruction ID: e79221216e1171f0da7175795484c21bd4d2c91bd9110efa5182e1f94404c6cd
Opcode Fuzzy Hash: 68a1f5d57d8e0557460eb0f9f216096b02801937d55b1263eb8cf2318db64255
Instruction Fuzzy Hash: 5F318F35A00605EFC710DF68E484AEABBB4EB85309F188065E406DB396DB75DDC6CBB0

Function 00D33C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00D33C79
SetMenu.USER32(?,00000000), ref: 00D33C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D33D10
IsMenu.USER32(?), ref: 00D33D24
CreatePopupMenu.USER32 ref: 00D33D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D33D5B
DrawMenuBar.USER32 ref: 00D33D63

Strings

F, xrefs: 00D33D4E
0, xrefs: 00D33C54

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: cbb2be3d48b38b39274038241e0ed72eac28c9f85b7a01ace4a0c1728c276703
Instruction ID: 882e5b97f4070250a48093f47d222bde6bf1cd192cffb8cec7373f5742bf7880
Opcode Fuzzy Hash: cbb2be3d48b38b39274038241e0ed72eac28c9f85b7a01ace4a0c1728c276703
Instruction Fuzzy Hash: FD413979A01309AFDB14CF64E944AAA7BB5FF49350F180029F956E7360D770AA11CFA4

Function 00D01EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00D01F64
GetDlgCtrlID.USER32 ref: 00D01F6F
GetParent.USER32 ref: 00D01F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00D01F8E
GetDlgCtrlID.USER32(?), ref: 00D01F97
GetParent.USER32(?), ref: 00D01FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00D01FAE

Strings

ComboBox, xrefs: 00D01EEC
ListBox, xrefs: 00D01F21

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 7cc02b4b128857de328eb353789cafd564389fb7aa290d597a1bee34113b689d
Instruction ID: d00c0a8a5544c2ede4d3d0ea026e9ba612f9ac192325867be39afa0e42c3cffa
Opcode Fuzzy Hash: 7cc02b4b128857de328eb353789cafd564389fb7aa290d597a1bee34113b689d
Instruction Fuzzy Hash: 4B21CF75A00215BBCF04AFA0DC86EEEBBB8EF06354F004115F965A72E1CB389908DB70

Function 00D01FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00D02043
GetDlgCtrlID.USER32 ref: 00D0204E
GetParent.USER32 ref: 00D0206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00D0206D
GetDlgCtrlID.USER32(?), ref: 00D02076
GetParent.USER32(?), ref: 00D0208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00D0208D

Strings

ComboBox, xrefs: 00D01FCD
ListBox, xrefs: 00D02002

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: b2d8618a5ef26c823c9b42a847fc6816d996c2d9f843a13a8396f09b22ad008f
Instruction ID: 4176e5cd5caa9de8fd25cbab0e6547e8d7f0df9fdc35195bb678edaaa3029bd9
Opcode Fuzzy Hash: b2d8618a5ef26c823c9b42a847fc6816d996c2d9f843a13a8396f09b22ad008f
Instruction Fuzzy Hash: FF218E75A00214BBDB10AFA4DC8AAFEBBB8EB05344F004015F955A72A1DA798918DB70

Function 00D33A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00D33A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00D33AA0
GetWindowLongW.USER32(?,000000F0), ref: 00D33AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00D33AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00D33B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00D33BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00D33BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00D33BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00D33BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00D33C13

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: fd47e767b536d9d5aae88730d273a5bbb00b5a1110a65231c99f5a0c4a5d5af0
Instruction ID: b9c29cd0babe19cf4d3f005780acd3dda98580b0e95029bf2081cad9526d9ca3
Opcode Fuzzy Hash: fd47e767b536d9d5aae88730d273a5bbb00b5a1110a65231c99f5a0c4a5d5af0
Instruction Fuzzy Hash: 82615A75900248AFDB10DFA8CD81EEE77B8EB09700F144199FA15E73A1D774AE85DB60

Function 00D0B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D0B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B165
GetWindowThreadProcessId.USER32(00000000), ref: 00D0B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00D0B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B21D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 97795198cd34de458a1a2b3ce42cd0a84917d900b3a283fafcfecab49b611149
Instruction ID: 71f981aa0faba7f0d5a4ab237ae57da3202c48dacb0b696662d3409c15299774
Opcode Fuzzy Hash: 97795198cd34de458a1a2b3ce42cd0a84917d900b3a283fafcfecab49b611149
Instruction Fuzzy Hash: FD319C71614304BFDB109F24DC49B6D7BA9BB61321F145416FA09E73E0E7B49A808F79

Function 00CD2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD2C94

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

_free.LIBCMT ref: 00CD2CA0
_free.LIBCMT ref: 00CD2CAB
_free.LIBCMT ref: 00CD2CB6
_free.LIBCMT ref: 00CD2CC1
_free.LIBCMT ref: 00CD2CCC
_free.LIBCMT ref: 00CD2CD7
_free.LIBCMT ref: 00CD2CE2
_free.LIBCMT ref: 00CD2CED
_free.LIBCMT ref: 00CD2CFB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: dcf52a5746fe457c68cec829c53de3cad386514a828de01cffe4630c756aa279
Instruction ID: a7dd70824550489c368a2d13fa02ebb941302ace938b5c2744ec2bea9412f21f
Opcode Fuzzy Hash: dcf52a5746fe457c68cec829c53de3cad386514a828de01cffe4630c756aa279
Instruction Fuzzy Hash: 26119376100108BFCB02EF54D892CDD3BA5FF15350F4144A6FA489B322DA31EE50BB90

Function 00D17DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D17FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00D17FC1
GetFileAttributesW.KERNEL32(?), ref: 00D17FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00D18005
SetCurrentDirectoryW.KERNEL32(?), ref: 00D18017
SetCurrentDirectoryW.KERNEL32(?), ref: 00D18060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D180B0

Strings

*.*, xrefs: 00D18066

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: d6d08b6c579c1bcbcbe32e7c3ebb753d7c55863e227f35d882b955631692d285
Instruction ID: 5b7f266c389d58999a2c6bd03a61b488495f4e2d459844c721af198c1c5c1ca4
Opcode Fuzzy Hash: d6d08b6c579c1bcbcbe32e7c3ebb753d7c55863e227f35d882b955631692d285
Instruction Fuzzy Hash: A281A172508246ABCB20EF54D844AEAB3E8BF89314F18485EF885D7261DF34DD859B62

Function 00CA5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00CA5C7A

Part of subcall function 00CA5D0A: GetClientRect.USER32(?,?), ref: 00CA5D30
Part of subcall function 00CA5D0A: GetWindowRect.USER32(?,?), ref: 00CA5D71
Part of subcall function 00CA5D0A: ScreenToClient.USER32(?,?), ref: 00CA5D99

GetDC.USER32 ref: 00CE46F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00CE4708
SelectObject.GDI32(00000000,00000000), ref: 00CE4716
SelectObject.GDI32(00000000,00000000), ref: 00CE472B
ReleaseDC.USER32(?,00000000), ref: 00CE4733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00CE47C4

Strings

U, xrefs: 00CE4693

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: a4f053b2ac8b27f2286fd5a47e13b09c2c060399c35c373d4a38fd7bbe0aa577
Instruction ID: 06076ad739e324b03aa861ed1650f96a8999acaf462a2a59356371d4b29e1c11
Opcode Fuzzy Hash: a4f053b2ac8b27f2286fd5a47e13b09c2c060399c35c373d4a38fd7bbe0aa577
Instruction Fuzzy Hash: 50710634400345DFCF298F65C984ABA7BB5FF4A364F144269FD659A2AAC3308D41DFA0

Function 00D1359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00D135E4

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

LoadStringW.USER32(00D72390,?,00000FFF,?), ref: 00D1360A

Strings

"%s" (%d) : ==> %s:, xrefs: 00D13742
^ ERROR, xrefs: 00D136C9
"%s" (%d) : ==> %s:%s%s, xrefs: 00D13724
Error: , xrefs: 00D136EF
Line %d (File "%s"):, xrefs: 00D1366B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 0f3978746aead89c8eeaeb91120eacc4206df03dec868b4ed7fd17d26add6255
Instruction ID: aaa7347da913501f59e72958ca470936c50989a7917d128759c450cebab9dd5b
Opcode Fuzzy Hash: 0f3978746aead89c8eeaeb91120eacc4206df03dec868b4ed7fd17d26add6255
Instruction Fuzzy Hash: C7516C7190021ABBDF15EBA0DC52EEEBB38EF05344F144125F105721A2EB306A99EBB0

Function 00D1C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D1C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D1C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D1C2CA
GetLastError.KERNEL32 ref: 00D1C322
SetEvent.KERNEL32(?), ref: 00D1C336
InternetCloseHandle.WININET(00000000), ref: 00D1C341

Strings

, xrefs: 00D1C2BB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 8df770c33595cc4f712f749451066d71de6e84f7f4d7075466b7faa1fe612a41
Instruction ID: 85b8de02a8be8b3d845b9fefcfe4caa5b8d69fd6b31e72912b173536b2ae2f66
Opcode Fuzzy Hash: 8df770c33595cc4f712f749451066d71de6e84f7f4d7075466b7faa1fe612a41
Instruction Fuzzy Hash: AB3191B1550304BFD7219F65AC88AAB7BFCEB49740B14A51DF496D2210DF30DD849B70

Function 00D0989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00CE3AAF,?,?,Bad directive syntax error,00D3CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00D098BC
LoadStringW.USER32(00000000,?,00CE3AAF,?), ref: 00D098C3

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00D09987

Strings

Line %d:, xrefs: 00D09912
Error: , xrefs: 00D09955
%s (%d) : ==> %s.: %s %s, xrefs: 00D098F1
., xrefs: 00D0996D
Line %d (File "%s"):, xrefs: 00D0992D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: 12fc25ad42cd554521660ec1a82d2a7c6c7ae477cafae59e814f7c774095ca03
Instruction ID: 66a45f3c581181a7afc0bc65a7c60b66b1bdd88c4cfb4fc3cb1273781fd9093f
Opcode Fuzzy Hash: 12fc25ad42cd554521660ec1a82d2a7c6c7ae477cafae59e814f7c774095ca03
Instruction Fuzzy Hash: 5D219132D4421AAFCF11EF90CC16EEE7735FF19304F045419F519620A2EB71A618EB60

Function 00D0209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00D020AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00D020C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00D0214D

Strings

list, xrefs: 00D0212F
smallicons, xrefs: 00D02115
SHELLDLL_DefView, xrefs: 00D020CC
details, xrefs: 00D020FB
largeicons, xrefs: 00D020E1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 8cd644abc4e74c4ac351689e69171387f15ce6e3ca9b881555f15c5f822757a4
Instruction ID: 148db872b8e915e3339cd509ec82c102d55e30c959672e2b0a069e9a09c954b0
Opcode Fuzzy Hash: 8cd644abc4e74c4ac351689e69171387f15ce6e3ca9b881555f15c5f822757a4
Instruction Fuzzy Hash: CB113676288306BAFA192224EC0BFB6739CCB05324F20001AFB4CA50E5EA61A8466635

Function 00CD8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f404b8cad575d6617be695cd8dc4377021e9c37ce4e3efda76a69909a84859e
Instruction ID: 7ad4634c29ee09b0e1567b25c6a49b4a74889a14bf3122b298d67340912cfc0f
Opcode Fuzzy Hash: 7f404b8cad575d6617be695cd8dc4377021e9c37ce4e3efda76a69909a84859e
Instruction Fuzzy Hash: AFC1D478E04349AFDB11DFA8D841BADBFB1EF0D310F14419AE629A7392C7349A41DB61

Function 00CDCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00CDCEB7
_free.LIBCMT ref: 00CDCF22
_free.LIBCMT ref: 00CDCF48
_free.LIBCMT ref: 00CDCF71
_free.LIBCMT ref: 00CDCFA9
_free.LIBCMT ref: 00CDCFDA
_free.LIBCMT ref: 00CDD01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00CDD09C
_free.LIBCMT ref: 00CDD0B5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: 796c2ca01cfb0ab6c014a8eb6517441a4f14b751c77c9ced7f14605a0d57a4f3
Instruction ID: 800fb2c067364976142690cd421b6c0280863bf80164b2354187e09d624f471f
Opcode Fuzzy Hash: 796c2ca01cfb0ab6c014a8eb6517441a4f14b751c77c9ced7f14605a0d57a4f3
Instruction Fuzzy Hash: 6D610671904312AFDB21AFF4D8C5AAA7BA5AF05320F04416FFB55D7382E6319A41E760

Function 00D350D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00D35186
ShowWindow.USER32(?,00000000), ref: 00D351C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00D351CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00D351D1

Part of subcall function 00D36FBA: DeleteObject.GDI32(00000000), ref: 00D36FE6

GetWindowLongW.USER32(?,000000F0), ref: 00D3520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D3521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00D3524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00D35287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00D35296

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: a344597cfbb26565dfa29f94c175072e10b5e026501038029113c6f06dad5d3f
Instruction ID: 8962af9d4dbba6fa28f7a6f9ca7fdbd39df2e76aeb66cd73063f624c0fb66a6c
Opcode Fuzzy Hash: a344597cfbb26565dfa29f94c175072e10b5e026501038029113c6f06dad5d3f
Instruction Fuzzy Hash: 8651B134A50B08BFEF209F24EC4ABD93BA5FB05361F184111FA19A62E4C775A990DB74

Function 00CB8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00CF6890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00CF68A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00CF68B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00CF68D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00CF68F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00CF6901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00CF691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00CF692D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: f0e1eb7b0d056ca9f3d0f7ae3bb567ffa7f74c46cb2b21f5170359d82c4cb9ed
Instruction ID: eb87e14ff9ed5ded551489c0a13ed2e4bbd06ae04357b18022925f288c7b7b95
Opcode Fuzzy Hash: f0e1eb7b0d056ca9f3d0f7ae3bb567ffa7f74c46cb2b21f5170359d82c4cb9ed
Instruction Fuzzy Hash: CD516974610309AFDB20CF25CC55BAA7BB9EB58750F104518FA66E72A0DB70EA90DB60

Function 00D1C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D1C182
GetLastError.KERNEL32 ref: 00D1C195
SetEvent.KERNEL32(?), ref: 00D1C1A9

Part of subcall function 00D1C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D1C272
Part of subcall function 00D1C253: GetLastError.KERNEL32 ref: 00D1C322
Part of subcall function 00D1C253: SetEvent.KERNEL32(?), ref: 00D1C336
Part of subcall function 00D1C253: InternetCloseHandle.WININET(00000000), ref: 00D1C341

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: a51343d21edee0d9e8241ba41b3cf785b1e3f836aa3406af9a4310086e55a3b2
Instruction ID: 7d5d99584183a2f707639089785c343bbf2406602882b5c94da22087faad74f5
Opcode Fuzzy Hash: a51343d21edee0d9e8241ba41b3cf785b1e3f836aa3406af9a4310086e55a3b2
Instruction Fuzzy Hash: 7931AE712A1701BFDB219FA5EC04AABBBF8FF18300B04641DF996D6611DB30E8949B70

Function 00D025A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00D025BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00D025DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00D025DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00D025E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00D02601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00D02605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00D0260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00D02623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00D02627

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: fedf4b115af0eefca71d6ce3c1ab1e9e725aba8a21df03d1e33186baa7a40726
Instruction ID: 7ea3df334ec29614039bc6419f3e2d03c033b0f27debc5c3f3b264f6d6804592
Opcode Fuzzy Hash: fedf4b115af0eefca71d6ce3c1ab1e9e725aba8a21df03d1e33186baa7a40726
Instruction Fuzzy Hash: 1C01B1313A0310BBFB1067699C8EF593E59DB5AB12F101001F358EE1E1C9E264449A79

Function 00D01803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00D01449,?,?,00000000), ref: 00D0180C
HeapAlloc.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D01813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D01449,?,?,00000000), ref: 00D01828
GetCurrentProcess.KERNEL32(?,00000000,?,00D01449,?,?,00000000), ref: 00D01830
DuplicateHandle.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D01833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D01449,?,?,00000000), ref: 00D01843
GetCurrentProcess.KERNEL32(00D01449,00000000,?,00D01449,?,?,00000000), ref: 00D0184B
DuplicateHandle.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D0184E
CreateThread.KERNEL32(00000000,00000000,00D01874,00000000,00000000,00000000), ref: 00D01868

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 9dabeed0a30c5adbe5a6805c3a69b40e8d5ab9fa98c7470cabb658fa4e31e5a9
Instruction ID: 2780c21e59d3e840d37f6f4857b0e6aae269685854a3fa536563e113dc699e25
Opcode Fuzzy Hash: 9dabeed0a30c5adbe5a6805c3a69b40e8d5ab9fa98c7470cabb658fa4e31e5a9
Instruction Fuzzy Hash: 4F01BBB5250308BFE710ABA5DC4DF6B3BACEB89B11F009411FA05EB2A1CA70D810DB30

Function 00D2A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00D0D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00D0D501
Part of subcall function 00D0D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00D0D50F
Part of subcall function 00D0D4DC: CloseHandle.KERNEL32(00000000), ref: 00D0D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D2A16D
GetLastError.KERNEL32 ref: 00D2A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D2A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00D2A268
GetLastError.KERNEL32(00000000), ref: 00D2A273
CloseHandle.KERNEL32(00000000), ref: 00D2A2C4

Strings

SeDebugPrivilege, xrefs: 00D2A18F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: bd43f9378056aabae38ce5f811021c5facbcfc4018c3a4a19ed0bbaeac219ec6
Instruction ID: 9c2da6944fdc9e05673dcac72182b05da6c4888ad2328cbbfa4f20c3aea017e3
Opcode Fuzzy Hash: bd43f9378056aabae38ce5f811021c5facbcfc4018c3a4a19ed0bbaeac219ec6
Instruction Fuzzy Hash: 9E617B302042529FD720DF18D894F15BBA1EF5531CF19849CE46A8B7A3C772EC45CBA6

Function 00D33886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00D33925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00D3393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00D33954
_wcslen.LIBCMT ref: 00D33999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00D339C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00D339F4

Strings

SysListView32, xrefs: 00D338F7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: bd0f9eaf6ffc9e87797e824b115b7f40718327840f5da3ede7beb5f5fb4d1905
Instruction ID: 4b97dfdb7b6d28cdc3dce10fb7f40028d0d2c5c25cca24106e89eb2fb667b5d4
Opcode Fuzzy Hash: bd0f9eaf6ffc9e87797e824b115b7f40718327840f5da3ede7beb5f5fb4d1905
Instruction Fuzzy Hash: C741A271A00319ABEB219F64CC45FEA77A9FF08354F140526F958E7291D7B1D984CBB0

Function 00D0BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0BCFD
IsMenu.USER32(00000000), ref: 00D0BD1D
CreatePopupMenu.USER32 ref: 00D0BD53
GetMenuItemCount.USER32(00FB5530), ref: 00D0BDA4
InsertMenuItemW.USER32(00FB5530,?,00000001,00000030), ref: 00D0BDCC

Strings

0, xrefs: 00D0BCA8
2, xrefs: 00D0BD37

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 76e241556fbd9c52c0d69b61439a2786121ac165c07adc9d3703be3293910aa8
Instruction ID: 01302db1e09cce9f5bf6a124c4402e1b7c131a5f66cc317667e668675c6ec278
Opcode Fuzzy Hash: 76e241556fbd9c52c0d69b61439a2786121ac165c07adc9d3703be3293910aa8
Instruction Fuzzy Hash: 80518F70A08206DBDB10DFA9D884BAEFBF4EF45324F18425AE45AE72D1E7709941CB71

Function 00D0C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00D0C913

Strings

info, xrefs: 00D0C8B4
blank, xrefs: 00D0C895
warning, xrefs: 00D0C8FC
stop, xrefs: 00D0C8E4
question, xrefs: 00D0C8CC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 0507de4b54e2545bbb24235a4f5eacfd78ed76e0a986fef6d6cd6757dd9fcd9b
Instruction ID: 5d958c48a550466da9f7f812212bd862e74f9c9596fe14f783b1ab1ee32669fa
Opcode Fuzzy Hash: 0507de4b54e2545bbb24235a4f5eacfd78ed76e0a986fef6d6cd6757dd9fcd9b
Instruction Fuzzy Hash: 30113D31699306BFE7089B14EC83FAA379CDF15315B20512EF908A62C2D770DD006678

Function 00D0DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00D0DE42
gethostname.WSOCK32(?,00000100), ref: 00D0DE5C
gethostbyname.WSOCK32(?), ref: 00D0DE69
inet_ntoa.WSOCK32(?), ref: 00D0DEAB
_strcat.LIBCMT ref: 00D0DEB9
WSACleanup.WSOCK32 ref: 00D0DEDE

Strings

0.0.0.0, xrefs: 00D0DE87

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 048da103a4685e8744d5eeece243d9c5b18b0a43d6c63009ea992b5326b2d582
Instruction ID: 25e5c6410ed71ef936f746efeebeefa64fc028718fb65509507130a0c322932d
Opcode Fuzzy Hash: 048da103a4685e8744d5eeece243d9c5b18b0a43d6c63009ea992b5326b2d582
Instruction Fuzzy Hash: CD110672904214AFCB24AB60DC0AFEE77ADDF10710F04016AF489EA1D1EF71CA819B70

Function 00D39F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

GetSystemMetrics.USER32(0000000F), ref: 00D39FC7
GetSystemMetrics.USER32(0000000F), ref: 00D39FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00D3A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00D3A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00D3A263
ShowWindow.USER32(00000003,00000000), ref: 00D3A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00D3A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00D3A2CA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 2595d06960f5e4ba18a341745d2c023b0a58b94129fa0b26805f9850cf50da87
Instruction ID: 26baef47d5cd052a36a3373fd5b4fdde0c4af3a77ac770c2f9f3fcf10a609a3a
Opcode Fuzzy Hash: 2595d06960f5e4ba18a341745d2c023b0a58b94129fa0b26805f9850cf50da87
Instruction Fuzzy Hash: 3DB18835600215EFDF14CF6CC985BAE7BB2FF48701F099069EC89AB299D771A940CB61

Function 00D0ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00D0ED2A
_wcslen.LIBCMT ref: 00D0ED3B
_wcslen.LIBCMT ref: 00D0ED79
_wcslen.LIBCMT ref: 00D0EDAF
_wcslen.LIBCMT ref: 00D0EDDF
_wcslen.LIBCMT ref: 00D0EDEF
_wcslen.LIBCMT ref: 00D0EE2B
_wcslen.LIBCMT ref: 00D0EE5A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: b61169e058be06b896f2ec9ca0f14a630694cea23880a2088080e9a0713cf79a
Instruction ID: bf96c8f69aadfa4f9ecb62e1e4ef55a9ecdd8899cadcecf18c262d02e5a944cc
Opcode Fuzzy Hash: b61169e058be06b896f2ec9ca0f14a630694cea23880a2088080e9a0713cf79a
Instruction Fuzzy Hash: 9D418065C1021875CB11EBB4C88AFDFB7ACAF45710F50886AF518E3161FB34E655C3A5

Function 00CBF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CBF953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CFF3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CFF454

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 04de17bff5c0b72367b505fb9520c557831770e473f88d02bf1f075156c64cb9
Instruction ID: 314d6e328ac1a10e2f26a15b0179420cae324b294d53e2eca6b7496ed179a8f8
Opcode Fuzzy Hash: 04de17bff5c0b72367b505fb9520c557831770e473f88d02bf1f075156c64cb9
Instruction Fuzzy Hash: E8412A31A08744FAC7798B2D8C887BA7B91EF56310F14453CE1A792770D631AA83DB21

Function 00D32D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00D32D1B
GetDC.USER32(00000000), ref: 00D32D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D32D2E
ReleaseDC.USER32(00000000,00000000), ref: 00D32D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00D32D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00D32D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00D35A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00D32DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00D32DE1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 6598331dbc36185a4a0ac4279affd76f95968d8a302c3a20657e1dfa65e5d691
Instruction ID: abcc1b484913d2b6f1a7384ac143e4ae77820973843b0b775c66fef91755ba6e
Opcode Fuzzy Hash: 6598331dbc36185a4a0ac4279affd76f95968d8a302c3a20657e1dfa65e5d691
Instruction Fuzzy Hash: DD316B72211614BBEB218F50DC8AFFB3BA9EB09755F084055FE08EA2A1D6759C50CBB4

Function 00D05622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00D05637
_memcmp.LIBVCRUNTIME ref: 00D05659
_memcmp.LIBVCRUNTIME ref: 00D05671
_memcmp.LIBVCRUNTIME ref: 00D05684
_memcmp.LIBVCRUNTIME ref: 00D0569E
_memcmp.LIBVCRUNTIME ref: 00D056B1
_memcmp.LIBVCRUNTIME ref: 00D056C9
_memcmp.LIBVCRUNTIME ref: 00D056E4

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: c391786bedb5dee59a38ff56f618c136ff2af865908de530d546fc030b73bfbe
Instruction ID: cfcc35b43fc1aa386b25ff1c0cb93b7e49d3ab0a9728132156c0f669e13b5cc2
Opcode Fuzzy Hash: c391786bedb5dee59a38ff56f618c136ff2af865908de530d546fc030b73bfbe
Instruction Fuzzy Hash: 1A21AA61A40A09BBD3145611EE82FBB335CAF62384F8C0024FD0D5A5C6F762ED149DB5

Function 00D24FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00D25007
NULL Pointer assignment, xrefs: 00D2502E, 00D25383

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 435fb3bfe6d98a6590c0a38f424130479ca0fb6c6af93a8fa180f6c175a1cafe
Instruction ID: 2ab83370184216f314af79970a30e57e1a8a019d687641559ec4286910d05abe
Opcode Fuzzy Hash: 435fb3bfe6d98a6590c0a38f424130479ca0fb6c6af93a8fa180f6c175a1cafe
Instruction Fuzzy Hash: 21D1A171A0061A9FDF10CF98E880FAEB7B5BF58348F188069E915AB285D771DD45CBB0

Function 00CE1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00CE15CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00CE1651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CE16E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00CE16FB

Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CE1777
__freea.LIBCMT ref: 00CE17A2
__freea.LIBCMT ref: 00CE17AE

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: f9a8f598a9f23ccf5bfa512142b6503206cdbf9afaf3a7f0b25f9522836bda67
Instruction ID: 8c6d5db0a73fc4aa5fdd8828b8f6b7841e577139c1dcca7652a763628243a97a
Opcode Fuzzy Hash: f9a8f598a9f23ccf5bfa512142b6503206cdbf9afaf3a7f0b25f9522836bda67
Instruction Fuzzy Hash: A191D271E012869ADB208F66C881EEE7BB5EF49710F1C4619ED22E7281D735CE50CB60

Function 00D24523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00D24648
VariantInit.OLEAUT32(?), ref: 00D24749
VariantClear.OLEAUT32(?), ref: 00D24753
VariantClear.OLEAUT32(?), ref: 00D247B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00D245D8, 00D24706, 00D247BE
Incorrect Object type in FOR..IN loop, xrefs: 00D2472C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 623bbf3d9500e7d2992c6d2cf231b892a692dfdfd0199384a9606043f6334de2
Instruction ID: 48c5913aee36807a6d05350667f2031861cb7387defcf972d930e6cd792bbd8a
Opcode Fuzzy Hash: 623bbf3d9500e7d2992c6d2cf231b892a692dfdfd0199384a9606043f6334de2
Instruction Fuzzy Hash: 5591A070A00229AFDF20CFA4D844FAEBBB8EF56719F148559F915AB280D7709945CFB0

Function 00D11187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00D1125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D11284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00D112A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D112D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D1135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D113C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D11430

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: b8f8b2e66db06f33132515a297b0ca85ac782ec18dc72ae2b41d967cb08d693f
Instruction ID: 61cc3b178c975b0f1810828601df5a856890269b04a6192790783160ef963cb8
Opcode Fuzzy Hash: b8f8b2e66db06f33132515a297b0ca85ac782ec18dc72ae2b41d967cb08d693f
Instruction Fuzzy Hash: 4291F079A00219BFDB009FA4E885BFEB7B5FF05714F144029E640E7291DB74A981CBB0

Function 00CB948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 8dadd11c20a4ff29a370f5af6ae571ed9135864eba95b60fec25091015fb7580
Instruction ID: 904c110b82150353174f1792ce5faee77509894d97338d6b23cb66fc84ded0ca
Opcode Fuzzy Hash: 8dadd11c20a4ff29a370f5af6ae571ed9135864eba95b60fec25091015fb7580
Instruction Fuzzy Hash: 39913771D40219EFCB14CFA9CC84AEEBBB8FF49320F148159E615B7251D374AA46DB60

Function 00D23947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00D2396B
CharUpperBuffW.USER32(?,?), ref: 00D23A7A
_wcslen.LIBCMT ref: 00D23A8A
VariantClear.OLEAUT32(?), ref: 00D23C1F

Part of subcall function 00D10CDF: VariantInit.OLEAUT32(00000000), ref: 00D10D1F
Part of subcall function 00D10CDF: VariantCopy.OLEAUT32(?,?), ref: 00D10D28
Part of subcall function 00D10CDF: VariantClear.OLEAUT32(?), ref: 00D10D34

Strings

Incorrect Parameter format, xrefs: 00D239A6, 00D23BA1
AUTOIT.ERROR, xrefs: 00D23A80, 00D23A85

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 85038cfa9aafcd2d08f50bdfc473c17ba73230bb7a52db826a24f06ee0212e56
Instruction ID: 7bb8024616c986dcb852f21f43081eb89cc81a12169ca818caad686a0a5d6e89
Opcode Fuzzy Hash: 85038cfa9aafcd2d08f50bdfc473c17ba73230bb7a52db826a24f06ee0212e56
Instruction Fuzzy Hash: FC919A746083119FC704EF28D48196AB7E4FF99318F04882DF88A97351DB35EE45CBA2

Function 00D24BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00D0000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?,?,00D0035E), ref: 00D0002B
Part of subcall function 00D0000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00046
Part of subcall function 00D0000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00054
Part of subcall function 00D0000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?), ref: 00D00064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00D24C51
_wcslen.LIBCMT ref: 00D24D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00D24DCF
CoTaskMemFree.OLE32(?), ref: 00D24DDA

Strings

NULL Pointer assignment, xrefs: 00D24E23, 00D24E52

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: a6df0f83b0bebfe360ffad3b1c5fa818f1821d3f090472101f778b28848b4bca
Instruction ID: 3542865704b91dba9d48dcf55a7bf10d24fef9fd4ee54b5707a167e326ba837a
Opcode Fuzzy Hash: a6df0f83b0bebfe360ffad3b1c5fa818f1821d3f090472101f778b28848b4bca
Instruction Fuzzy Hash: EF912871D0022DAFDF14DFA4D891AEEB7B8FF08314F108169E915A7291DB349A44DFA0

Function 00D320FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00D32183
GetMenuItemCount.USER32(00000000), ref: 00D321B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00D321DD
_wcslen.LIBCMT ref: 00D32213
GetMenuItemID.USER32(?,?), ref: 00D3224D
GetSubMenu.USER32(?,?), ref: 00D3225B

Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00D322E3

Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: cc95fb0ca0d5cb05699dc068af1a58ee7eb1027570aeaa1d7d4c3fca7018986c
Instruction ID: cf9e971bafb4afff66f547f29ffc03aa59f328a27ab431005d9e7a43a968fca4
Opcode Fuzzy Hash: cc95fb0ca0d5cb05699dc068af1a58ee7eb1027570aeaa1d7d4c3fca7018986c
Instruction Fuzzy Hash: D0716B75E00215AFCB10EFA8C885ABEB7F5EF49310F148459E956EB351DB34EE418BA0

Function 00D37E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00FB55D0), ref: 00D37F37
IsWindowEnabled.USER32(00FB55D0), ref: 00D37F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00D3801E
SendMessageW.USER32(00FB55D0,000000B0,?,?), ref: 00D38051
IsDlgButtonChecked.USER32(?,?), ref: 00D38089
GetWindowLongW.USER32(00FB55D0,000000EC), ref: 00D380AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00D380C3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 8d448d3812fd70c3a2e44c3c9c1ba2c5724d44239dea542c98e2e43e4e7c5994
Instruction ID: cbba423c312048f279a5a3e61d13962b2fd511d4a27deb53add7ce9601ef41c1
Opcode Fuzzy Hash: 8d448d3812fd70c3a2e44c3c9c1ba2c5724d44239dea542c98e2e43e4e7c5994
Instruction Fuzzy Hash: 13716AB5608B04AFEB359F64C884FAABBB9FF09340F184459F955973A1CB31A845DB30

Function 00D0AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00D0AEF9
GetKeyboardState.USER32(?), ref: 00D0AF0E
SetKeyboardState.USER32(?), ref: 00D0AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00D0AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00D0AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00D0AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00D0B020

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: bdc618cb58f02074e8073e467dbff0008dd19a18ace8cfae489748e4788e55b7
Instruction ID: 051611c333597ae963ab022007a36d9c9ac6f7e57ba3c48dccc6ee7a036ddaab
Opcode Fuzzy Hash: bdc618cb58f02074e8073e467dbff0008dd19a18ace8cfae489748e4788e55b7
Instruction Fuzzy Hash: D651A0A06187D63DFB3683388845BBABEA95F06314F0C858AF1DD954D2C3D8AC84D771

Function 00D0ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00D0AD19
GetKeyboardState.USER32(?), ref: 00D0AD2E
SetKeyboardState.USER32(?), ref: 00D0AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00D0ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00D0ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00D0AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00D0AE38

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: a86f6748f2e2b17c6f4b6343e5b1d693fcb497dd3c725ce4b5b1f5d54b8975c4
Instruction ID: b40375748215d7c4dd52297180cfe8af5abe3abc266ceb1454aa06f7d8342fa5
Opcode Fuzzy Hash: a86f6748f2e2b17c6f4b6343e5b1d693fcb497dd3c725ce4b5b1f5d54b8975c4
Instruction Fuzzy Hash: 6F51B4A16187D53DFB368338CC55BBABEA99B46300F0C8589F1DD568C2D294EC88D772

Function 00CD542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00CE3CD6,?,?,?,?,?,?,?,?,00CD5BA3,?,?,00CE3CD6,?,?), ref: 00CD5470
__fassign.LIBCMT ref: 00CD54EB
__fassign.LIBCMT ref: 00CD5506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00CE3CD6,00000005,00000000,00000000), ref: 00CD552C
WriteFile.KERNEL32(?,00CE3CD6,00000000,00CD5BA3,00000000,?,?,?,?,?,?,?,?,?,00CD5BA3,?), ref: 00CD554B
WriteFile.KERNEL32(?,?,00000001,00CD5BA3,00000000,?,?,?,?,?,?,?,?,?,00CD5BA3,?), ref: 00CD5584

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: d55fcc0baf4ba5aef6af2e628c71d686b2d817d78b9a041f38f26f41f4ae17a6
Instruction ID: bf995f4741aea3841ab001b8f3f71ab1e190c23d3f6e0b8597f3a818ab954666
Opcode Fuzzy Hash: d55fcc0baf4ba5aef6af2e628c71d686b2d817d78b9a041f38f26f41f4ae17a6
Instruction Fuzzy Hash: EA519171A00749AFDB11CFA8E845AEEBBF9EF09300F14411BE655E7391E7309A41CB61

Function 00CC2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00CC2D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00CC2D53
_ValidateLocalCookies.LIBCMT ref: 00CC2DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00CC2E0C
_ValidateLocalCookies.LIBCMT ref: 00CC2E61

Strings

csm, xrefs: 00CC2DF6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6196a7a2ddfd3c45995ad3f65d5edc9f12229921c7d2a9d585260e0f946be06e
Instruction ID: 79f66322ada9b429e1e9e7c0b4e3b5642e678aca27f2b583bbbf09d4ce53abd2
Opcode Fuzzy Hash: 6196a7a2ddfd3c45995ad3f65d5edc9f12229921c7d2a9d585260e0f946be06e
Instruction Fuzzy Hash: DA41C134E00249ABCF10DF68C845F9EBBB5BF44324F14815DE825AB392DB31AA05CBE0

Function 00D210B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00D2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
Part of subcall function 00D2304E: _wcslen.LIBCMT ref: 00D2309B

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00D21112
WSAGetLastError.WSOCK32 ref: 00D21121
WSAGetLastError.WSOCK32 ref: 00D211C9
closesocket.WSOCK32(00000000), ref: 00D211F9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: e54b79319fa914af6f36cf4be49695bcd4a50b96375fb824c1303343fae41a51
Instruction ID: 7f2041e0c0c34e4fdc85a7525cd301b58e45f24c53967b18f6115ebafdf8c831
Opcode Fuzzy Hash: e54b79319fa914af6f36cf4be49695bcd4a50b96375fb824c1303343fae41a51
Instruction Fuzzy Hash: 2B410135600324AFDB119F24D884BAAB7A9EF61328F188018FD05AB281C770EE418BB1

Function 00D0CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D0CF22,?), ref: 00D0DDFD

Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D0CF22,?), ref: 00D0DE16

lstrcmpiW.KERNEL32(?,?), ref: 00D0CF45
MoveFileW.KERNEL32(?,?), ref: 00D0CF7F
_wcslen.LIBCMT ref: 00D0D005
_wcslen.LIBCMT ref: 00D0D01B
SHFileOperationW.SHELL32(?), ref: 00D0D061

Strings

\*.*, xrefs: 00D0CFF3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 7e9ed8d60c803b17c292f908b15640bac0f2a173c90a3f79df53875cc1beae55
Instruction ID: 3292391fafd17dbc7ae04cbba0e397bb126177e415d07a0adbc62297748b3ed8
Opcode Fuzzy Hash: 7e9ed8d60c803b17c292f908b15640bac0f2a173c90a3f79df53875cc1beae55
Instruction Fuzzy Hash: CF4158719452195FDF12EFA4D981FDE77B9EF48380F0410E6E509E7181EA34A648CB71

Function 00D32DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00D32E1C
GetWindowLongW.USER32(?,000000F0), ref: 00D32E4F
GetWindowLongW.USER32(?,000000F0), ref: 00D32E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00D32EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00D32EE0
GetWindowLongW.USER32(?,000000F0), ref: 00D32EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D32F0B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 5432cf751552a2084b7b05e60723376bcae83ed7bfe52ffc73ac21a54dfc7f7a
Instruction ID: 1e9336710399018c01d1f5894496ecccf337bedb4a72c34923cf345dc9eba91a
Opcode Fuzzy Hash: 5432cf751552a2084b7b05e60723376bcae83ed7bfe52ffc73ac21a54dfc7f7a
Instruction Fuzzy Hash: AB310435A04250AFDB21CF58DC86F6537E1FB8AB10F191164FA14EF2B1CB71A881DB61

Function 00D07726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D0778F
SysAllocString.OLEAUT32(00000000), ref: 00D07792
SysAllocString.OLEAUT32(?), ref: 00D077B0
SysFreeString.OLEAUT32(?), ref: 00D077B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00D077DE
SysAllocString.OLEAUT32(?), ref: 00D077EC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 0b4e32dbb5aad17301e83419a38ce7b68db81e6cb69c85549e759d79f7a9de6b
Instruction ID: 466131958b490df25031afe4abf74cb6d13b60df3dc570a7005340fba6590e71
Opcode Fuzzy Hash: 0b4e32dbb5aad17301e83419a38ce7b68db81e6cb69c85549e759d79f7a9de6b
Instruction Fuzzy Hash: 4421A776A04219AFDF10DFA8CC84DBB77ACEB497A4B048025F919DF291D670ED418770

Function 00D077FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07868
SysAllocString.OLEAUT32(00000000), ref: 00D0786B
SysAllocString.OLEAUT32 ref: 00D0788C
SysFreeString.OLEAUT32 ref: 00D07895
StringFromGUID2.OLE32(?,?,00000028), ref: 00D078AF
SysAllocString.OLEAUT32(?), ref: 00D078BD

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: dce3d5a9ba8fe7155429f876ae48e0ab278d87db1808a319a4fe7ca2852db737
Instruction ID: a5e75e1e281dfd405b86a10f1ea4630fc7b7a3ed3c7b6a209efa6a0a021f51e0
Opcode Fuzzy Hash: dce3d5a9ba8fe7155429f876ae48e0ab278d87db1808a319a4fe7ca2852db737
Instruction Fuzzy Hash: 3E213036A08204AFDB109FA8DC89EAA77ACEB097607148125F919DB2A1D674FC41DB74

Function 00D104D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00D104F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D1052E

Strings

nul, xrefs: 00D10567

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: e9ba8831fe9ecf8e37f418d8dd1a7147feb0c4c07e1a3ecdc0b077307de23220
Instruction ID: dabab033b33445448af623a5334049e5c00e3aa7e4d6ebc5366f8641a157ff25
Opcode Fuzzy Hash: e9ba8831fe9ecf8e37f418d8dd1a7147feb0c4c07e1a3ecdc0b077307de23220
Instruction Fuzzy Hash: 1B212375500305ABEB206F69E844A9A7BB5AF44764F244A19E8A1E62D0DBB0D9D0CF30

Function 00D105A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00D105C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D10601

Strings

nul, xrefs: 00D10639

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: f49e243773d8aaba0158590c0264c7fa92d0647c31e29f996bca43a4df9e12a8
Instruction ID: 33bb9c96eb89b27a11dd46ed21bd7bfb1e57b9c8f72a952a5d6b1088a560390c
Opcode Fuzzy Hash: f49e243773d8aaba0158590c0264c7fa92d0647c31e29f996bca43a4df9e12a8
Instruction Fuzzy Hash: 64215B75500305ABDB106F69AC44ADA7BE4AF95720F244A19F8A1E72D0DBF099E0CB70

Function 00D340AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
Part of subcall function 00CA600E: GetStockObject.GDI32(00000011), ref: 00CA6060
Part of subcall function 00CA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00D34112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00D3411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00D3412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00D34139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00D34145

Strings

Msctls_Progress32, xrefs: 00D340E3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: dc715b382e91c7498b8458d673ddd32566c8196221610b3b8866c6b1d330f496
Instruction ID: 142e41f99ed52c0202fa9f44c7071c8ccb92468699675489657956a18b6ad284
Opcode Fuzzy Hash: dc715b382e91c7498b8458d673ddd32566c8196221610b3b8866c6b1d330f496
Instruction Fuzzy Hash: 391190B215021ABEEF118E64CC86EE77F5DEF08798F014111FA18A2150CA769C619BB4

Function 00CDD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00CDD7A3: _free.LIBCMT ref: 00CDD7CC

_free.LIBCMT ref: 00CDD82D

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

_free.LIBCMT ref: 00CDD838
_free.LIBCMT ref: 00CDD843
_free.LIBCMT ref: 00CDD897
_free.LIBCMT ref: 00CDD8A2
_free.LIBCMT ref: 00CDD8AD
_free.LIBCMT ref: 00CDD8B8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: 9c8f76f65d9a0d3ad1aa7e4f36195f1cf5df6eb1ebf95f62db33ad2f5850a3e5
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: 4B115E71940B04AAD621BFB0CC87FCB7BDCAF10700F4108A6B39EE6292DA65B505B660

Function 00D0DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00D0DA74
LoadStringW.USER32(00000000), ref: 00D0DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00D0DA91
LoadStringW.USER32(00000000), ref: 00D0DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D0DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00D0DAB9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 849725f934f51805183a6606367678b65249e95522c8809794ac03c1839d45db
Instruction ID: 1818614a406e4f1595f7cd42037dca6f9c4a6f39f0af186d5d95f7df3a1f0eee
Opcode Fuzzy Hash: 849725f934f51805183a6606367678b65249e95522c8809794ac03c1839d45db
Instruction Fuzzy Hash: 890162F29103087FE7109BA09D89EE7726CE708301F401496B746F2181EA749E848F74

Function 00D1096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00FAE4A0,00FAE4A0), ref: 00D1097B
EnterCriticalSection.KERNEL32(00FAE480,00000000), ref: 00D1098D
TerminateThread.KERNEL32(?,000001F6), ref: 00D1099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00D109A9
CloseHandle.KERNEL32(?), ref: 00D109B8
InterlockedExchange.KERNEL32(00FAE4A0,000001F6), ref: 00D109C8
LeaveCriticalSection.KERNEL32(00FAE480), ref: 00D109CF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 02cac1ba8982a6de120674ef6f0d1a20738b6bf04effdb499c9a697ee6a935a6
Instruction ID: 0e7d518ff56801c3f7a2e9c12b45c3068cd2891d3f48251b3bd11bc49de482d1
Opcode Fuzzy Hash: 02cac1ba8982a6de120674ef6f0d1a20738b6bf04effdb499c9a697ee6a935a6
Instruction Fuzzy Hash: 2CF01D31552602BBD7415B94EE88AD67A25BF05702F442015F101A09A1CBB494B5CFA4

Function 00CA5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00CA5D30
GetWindowRect.USER32(?,?), ref: 00CA5D71
ScreenToClient.USER32(?,?), ref: 00CA5D99
GetClientRect.USER32(?,?), ref: 00CA5ED7
GetWindowRect.USER32(?,?), ref: 00CA5EF8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 8e17328439945cd9082b436427e15faae0a4a2c4ecba97ebb3f5e18dcb95c883
Instruction ID: a0754e94fbcf5f66c563b9ff04da816a0879478a8fd17e1217ca61b155c624bd
Opcode Fuzzy Hash: 8e17328439945cd9082b436427e15faae0a4a2c4ecba97ebb3f5e18dcb95c883
Instruction Fuzzy Hash: 24B18B75A00B8ADBDB14CFAAC4807EEB7F1FF58314F14941AE8A9D7250DB34AA41CB50

Function 00CD01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00CD00BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD00D6
__allrem.LIBCMT ref: 00CD00ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD010B
__allrem.LIBCMT ref: 00CD0122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD0140

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: 20148fe604c62e86bca5e8c82d160848b61030372067dde942d11f3a6b181f22
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 5581D372A00706ABE724AB6DCC42B6E73E9EF41364F25412FF661D7381E770EA419790

Function 00D21D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00D23149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00D2101C,00000000,?,?,00000000), ref: 00D23195

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00D21DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00D21DE1
WSAGetLastError.WSOCK32 ref: 00D21DF2
inet_ntoa.WSOCK32(?), ref: 00D21E8C
htons.WSOCK32(?,?,?,?,?), ref: 00D21EDB
_strlen.LIBCMT ref: 00D21F35

Part of subcall function 00D039E8: _strlen.LIBCMT ref: 00D039F2

Part of subcall function 00CA6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00CBCF58,?,?,?), ref: 00CA6DBA
Part of subcall function 00CA6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00CBCF58,?,?,?), ref: 00CA6DED

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: 1c69ab1bddfc251d93f38d83361034602ad61cfc05775ff6c3d223ba2be6e93b
Instruction ID: 6cafc7868d01c1fecf5d6c936b6a49e3b22223c5d877accc026ed7461ceb5c62
Opcode Fuzzy Hash: 1c69ab1bddfc251d93f38d83361034602ad61cfc05775ff6c3d223ba2be6e93b
Instruction Fuzzy Hash: C0A1EF35604311AFC320DF20D885F6AB7A5AFA531CF58895CF4565B2E2CB31EE42CBA1

Function 00CD61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00CC82D9,00CC82D9,?,?,?,00CD644F,00000001,00000001,8BE85006), ref: 00CD6258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00CD644F,00000001,00000001,8BE85006,?,?,?), ref: 00CD62DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00CD63D8
__freea.LIBCMT ref: 00CD63E5

Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852

__freea.LIBCMT ref: 00CD63EE
__freea.LIBCMT ref: 00CD6413

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: f14ea15bf5d1829040f72d7fc49aa2179e886de527b84c3c52c68d408e1e76d3
Instruction ID: eebf55673c44fc407f7fb25f3e1ce060ab239131f20eccb6cd7e6648c36c7b2a
Opcode Fuzzy Hash: f14ea15bf5d1829040f72d7fc49aa2179e886de527b84c3c52c68d408e1e76d3
Instruction Fuzzy Hash: 8D51F272600216ABDB258F64CC81EBF7BA9EF44710F15422AFF15D7291EB34DD40D660

Function 00D2BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2BD25
RegCloseKey.ADVAPI32(00000000), ref: 00D2BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00D2BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D2BDF3
RegCloseKey.ADVAPI32(?), ref: 00D2BDFF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 17526e3bc37c8bfca733a2b73892d3b630826417c1ddac168a1fea7294d4e19f
Instruction ID: b63abb8a09ed082b8ded185169e8698e929ef433cb058fc10bb69a6b24eb8845
Opcode Fuzzy Hash: 17526e3bc37c8bfca733a2b73892d3b630826417c1ddac168a1fea7294d4e19f
Instruction Fuzzy Hash: 2381B130108241AFC714DF24C885E6ABBE5FF8531CF14895DF4968B2A2CB71ED45DBA2

Function 00CFF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00CFF7B9
SysAllocString.OLEAUT32(00000001), ref: 00CFF860
VariantCopy.OLEAUT32(00CFFA64,00000000), ref: 00CFF889
VariantClear.OLEAUT32(00CFFA64), ref: 00CFF8AD
VariantCopy.OLEAUT32(00CFFA64,00000000), ref: 00CFF8B1
VariantClear.OLEAUT32(?), ref: 00CFF8BB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: 85a6defc74ad6a0a591d6114cc54851fd46b5c8b9badef13ad86a9776cdc80d6
Instruction ID: 1826281ead472c9c8c427c139d568064e4cba95c74e47a7b0c5f0f2e0b53805e
Opcode Fuzzy Hash: 85a6defc74ad6a0a591d6114cc54851fd46b5c8b9badef13ad86a9776cdc80d6
Instruction Fuzzy Hash: E3510731500318BBCF64AF65D895B39B3A4EF45310F20946EEA01DF292DBB08D42E767

Function 00D1910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00D194E5
_wcslen.LIBCMT ref: 00D19506
_wcslen.LIBCMT ref: 00D1952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00D19585

Strings

X, xrefs: 00D19412

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 1c3ae0965e06077f36b56f7b08717fb0313ad50928440f5d3779768c6fa69e59
Instruction ID: b7cdeeaf50010c859db31902b72d9a470d6e88c0b2dc3ce40e948270ef60e132
Opcode Fuzzy Hash: 1c3ae0965e06077f36b56f7b08717fb0313ad50928440f5d3779768c6fa69e59
Instruction Fuzzy Hash: A8E1C2315083419FD714DF24D8A1AAAB7E5FF85314F08896CF8999B2A2DB30DD45CBA2

Function 00CB920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

BeginPaint.USER32(?,?,?), ref: 00CB9241
GetWindowRect.USER32(?,?), ref: 00CB92A5
ScreenToClient.USER32(?,?), ref: 00CB92C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00CB92D3
EndPaint.USER32(?,?,?,?,?), ref: 00CB9321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00CF71EA

Part of subcall function 00CB9339: BeginPath.GDI32(00000000), ref: 00CB9357

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: c688d54c957739f79b4d813fe666915a9abeca04e0561aabbe9b8792d84b92c6
Instruction ID: dc52275d7ca2977ae85af3eb07a3c1a4296b3aa8f9ca02028471a2e1a515d24a
Opcode Fuzzy Hash: c688d54c957739f79b4d813fe666915a9abeca04e0561aabbe9b8792d84b92c6
Instruction Fuzzy Hash: BF418E75104300AFD721DF29CC85FBA7BB8EB45320F144229FA69D72B2D7319945DB62

Function 00D107EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00D1080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00D10847
EnterCriticalSection.KERNEL32(?), ref: 00D10863
LeaveCriticalSection.KERNEL32(?), ref: 00D108DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00D108F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00D10921

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 32ac31b63dbec11fd2b94dbc371dc425fc9c63d6ee4da2c561f44ae57305bcfb
Instruction ID: d2103dd28191303bdb56847e7600b3f68f609d41326df0b6bf2fb64e8d0a5f16
Opcode Fuzzy Hash: 32ac31b63dbec11fd2b94dbc371dc425fc9c63d6ee4da2c561f44ae57305bcfb
Instruction Fuzzy Hash: CB414C71900205EBDF14AF64DC85AAA7BB9FF04310F1440A9ED04EA297DB70DEA5DBB4

Function 00D381DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00CFF3AB,00000000,?,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00D3824C
EnableWindow.USER32(?,00000000), ref: 00D38272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00D382D1
ShowWindow.USER32(?,00000004), ref: 00D382E5
EnableWindow.USER32(?,00000001), ref: 00D3830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00D3832F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: ff304004494824cfc8796788594f8583ea073a04add3fe20b338e00038619c97
Instruction ID: a2295e4b097e3b518d5a8dd074473de6706daf65f8af990c985d572e69c08675
Opcode Fuzzy Hash: ff304004494824cfc8796788594f8583ea073a04add3fe20b338e00038619c97
Instruction Fuzzy Hash: F9418238601744AFDB11CF15CC99BA57BE0BB0A715F185269FA189B362CB31A841DF74

Function 00D04C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00D04C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00D04CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00D04CEA
_wcslen.LIBCMT ref: 00D04D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00D04D10
_wcsstr.LIBVCRUNTIME ref: 00D04D1A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: 09f4e55bb507772111d79d8efa37657f7a35068838c2c7624962b1e87cb5c5cc
Instruction ID: 5995524bce0c381c5b3413c5682a2d18134a55fa23be86879e596bfceecec5bc
Opcode Fuzzy Hash: 09f4e55bb507772111d79d8efa37657f7a35068838c2c7624962b1e87cb5c5cc
Instruction Fuzzy Hash: 6921D4B2204240BBEB259B39EC4AF7B7B9CDF45750F14802DF909DA2A1EA61DD0197B0

Function 00D1581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2

_wcslen.LIBCMT ref: 00D1587B
CoInitialize.OLE32(00000000), ref: 00D15995
CoCreateInstance.OLE32(00D3FCF8,00000000,00000001,00D3FB68,?), ref: 00D159AE
CoUninitialize.OLE32 ref: 00D159CC

Strings

.lnk, xrefs: 00D15876, 00D158C1, 00D15985

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: 06953c8f141235da9b73fc2cd24e35ed511fd4683bfda4ecbb135d93fa9b702e
Instruction ID: 076d7c53523feeda9c2d3f293344d187d416ab1b93f8021b7603dec52f005cb8
Opcode Fuzzy Hash: 06953c8f141235da9b73fc2cd24e35ed511fd4683bfda4ecbb135d93fa9b702e
Instruction Fuzzy Hash: 1AD15370608701EFC704DF14E480A6ABBE1FF89714F148959F88A9B361DB35EC85CBA2

Function 00D0175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D00FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D00FCA
Part of subcall function 00D00FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D00FD6
Part of subcall function 00D00FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D00FE5
Part of subcall function 00D00FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D00FEC
Part of subcall function 00D00FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D01002

GetLengthSid.ADVAPI32(?,00000000,00D01335), ref: 00D017AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00D017BA
HeapAlloc.KERNEL32(00000000), ref: 00D017C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00D017DA
GetProcessHeap.KERNEL32(00000000,00000000,00D01335), ref: 00D017EE
HeapFree.KERNEL32(00000000), ref: 00D017F5

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: a742ce3875973dea7758351765c9ca25ffa9c6ff28de0351bffdb39684190854
Instruction ID: 2a291171ac8d1fc9694d885c7ee68287bde9428875b6937df7560ee1425c6373
Opcode Fuzzy Hash: a742ce3875973dea7758351765c9ca25ffa9c6ff28de0351bffdb39684190854
Instruction Fuzzy Hash: 33119736610305EBDB149FA4CC49BAE7BA9FB96355F144018F489E7290C736A944DB70

Function 00D014CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00D014FF
OpenProcessToken.ADVAPI32(00000000), ref: 00D01506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00D01515
CloseHandle.KERNEL32(00000004), ref: 00D01520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D0154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00D01563

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: b12637f4755c6b2e32c6af51da7ab4220d3fea1eb1921abc1454fc15db9ab110
Instruction ID: dc01bbda9795ac6e22d40afdf5c45d451fe2dee73d10ea0af39174eccd50f352
Opcode Fuzzy Hash: b12637f4755c6b2e32c6af51da7ab4220d3fea1eb1921abc1454fc15db9ab110
Instruction Fuzzy Hash: A4112676500249ABDF118FA8DD49BDE7BA9FF48748F084029FA09A21A0C375CE64DB70

Function 00CC3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00CC3379,00CC2FE5), ref: 00CC3390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CC339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC33B7
SetLastError.KERNEL32(00000000,?,00CC3379,00CC2FE5), ref: 00CC3409

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: f1c55ed82a4e23234c3cd890cd903c4d616b779353c6add0f7d1be0c1c8e1280
Instruction ID: 774cd82d96fafb0d16c17ed50716a410c45269ff50fee2ca6633811507e8cbf8
Opcode Fuzzy Hash: f1c55ed82a4e23234c3cd890cd903c4d616b779353c6add0f7d1be0c1c8e1280
Instruction Fuzzy Hash: 2301243261C3D1BEA7286774FC95F6A2A94EB0537A320822EF520C13F0EF554E0362A4

Function 00CD2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00CD5686,00CE3CD6,?,00000000,?,00CD5B6A,?,?,?,?,?,00CCE6D1,?,00D68A48), ref: 00CD2D78
_free.LIBCMT ref: 00CD2DAB
_free.LIBCMT ref: 00CD2DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00CCE6D1,?,00D68A48,00000010,00CA4F4A,?,?,00000000,00CE3CD6), ref: 00CD2DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00CCE6D1,?,00D68A48,00000010,00CA4F4A,?,?,00000000,00CE3CD6), ref: 00CD2DEC
_abort.LIBCMT ref: 00CD2DF2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: e981df1a4c95a2e72e38a1b2853886ba10e79255c175a3a363c3b3b24a197a37
Instruction ID: 27e093bb8263a0abcdb923a3e6caebe7ad2d8df6bf28789e9330835e843e2e99
Opcode Fuzzy Hash: e981df1a4c95a2e72e38a1b2853886ba10e79255c175a3a363c3b3b24a197a37
Instruction Fuzzy Hash: 1BF0CD315047006BC2123735BC06E1B25576FE27A1F244417F774D23D2EF64C901B271

Function 00D38A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96A2
Part of subcall function 00CB9639: BeginPath.GDI32(?), ref: 00CB96B9
Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00D38A4E
LineTo.GDI32(?,00000003,00000000), ref: 00D38A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00D38A70
LineTo.GDI32(?,00000000,00000003), ref: 00D38A80
EndPath.GDI32(?), ref: 00D38A90
StrokePath.GDI32(?), ref: 00D38AA0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 1d6162eb7ff96e4c8ac81dafe0294b5d134d1f46df6c4e0ce4938cb77eabc1b5
Instruction ID: 793be9a8e735f3a1ba004a2a5f1b866b28535fcec2c5ebc7046dc4fc2fab55f2
Opcode Fuzzy Hash: 1d6162eb7ff96e4c8ac81dafe0294b5d134d1f46df6c4e0ce4938cb77eabc1b5
Instruction Fuzzy Hash: 5611CC7600024DFFDB119F94DC48E9A7F6DEB04394F048011FA19992A1D7719D55DF70

Function 00D051FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00D05218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00D05229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D05230
ReleaseDC.USER32(00000000,00000000), ref: 00D05238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00D0524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00D05261

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 60c1ac9d04359ac702d24d741653848bd5f51a3ac7cbc63ebc831c7cf5da0f08
Instruction ID: 4d0d6ca3ef160f4285d45088554748c0c5bee8eaff8088e1ab50000fe24df0a9
Opcode Fuzzy Hash: 60c1ac9d04359ac702d24d741653848bd5f51a3ac7cbc63ebc831c7cf5da0f08
Instruction Fuzzy Hash: 6B014F75A01718BBEB109BB59C49B5EBFB8EF48751F044065FA04E7391D6709800CFA0

Function 00CA1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CA1BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00CA1BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CA1C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CA1C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00CA1C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00CA1C22

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 509188e85aa1e674254545e1307ba7aa38d97b23f57ff0b9f8df1e9b2ad106b3
Instruction ID: c60a1872bd21924f459413a8547c5217f314be2134e2c22986853fb7c8f97dc6
Opcode Fuzzy Hash: 509188e85aa1e674254545e1307ba7aa38d97b23f57ff0b9f8df1e9b2ad106b3
Instruction Fuzzy Hash: A9016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5

Function 00D0EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00D0EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00D0EB46
GetWindowThreadProcessId.USER32(?,?), ref: 00D0EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB75

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 7b877070ca9ba3bf0df01f026811fe72217610dd405e608274eb7b5bdc0268d3
Instruction ID: 51502012c48213b98661105c10e7e267d72a3b65d8485b45517608d5b4fe4122
Opcode Fuzzy Hash: 7b877070ca9ba3bf0df01f026811fe72217610dd405e608274eb7b5bdc0268d3
Instruction Fuzzy Hash: D1F03A72250258BBE7215B629C0EEEF3A7CEFCAB11F005158F601E12A1D7A05A01D7B5

Function 00CF7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00CF7452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00CF7469
GetWindowDC.USER32(?), ref: 00CF7475
GetPixel.GDI32(00000000,?,?), ref: 00CF7484
ReleaseDC.USER32(?,00000000), ref: 00CF7496
GetSysColor.USER32(00000005), ref: 00CF74B0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 3ac0e1bc85ffa09283a60b023ac6e26c9dadf150b848529214d535bd645644c9
Instruction ID: 9bd3520be954a6e5d1fa44c0ab259cb43c9e29a462735e61a0b36879924a01d6
Opcode Fuzzy Hash: 3ac0e1bc85ffa09283a60b023ac6e26c9dadf150b848529214d535bd645644c9
Instruction Fuzzy Hash: 24012831410619EFEB515FA4DC09BAA7BB5FB04311F511164FA25E22B1CB311E51EF61

Function 00D01874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D0187F
UnloadUserProfile.USERENV(?,?), ref: 00D0188B
CloseHandle.KERNEL32(?), ref: 00D01894
CloseHandle.KERNEL32(?), ref: 00D0189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00D018A5
HeapFree.KERNEL32(00000000), ref: 00D018AC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: ca9537a4e9af77d9ad471cef2e416d76d2ef22ecfb78e22a75f40258ee700e9d
Instruction ID: 2a81f2267b3e70c2af33791e4fa24d5fd91ec7df70d6543333ea38adf6d45be4
Opcode Fuzzy Hash: ca9537a4e9af77d9ad471cef2e416d76d2ef22ecfb78e22a75f40258ee700e9d
Instruction Fuzzy Hash: C7E0E576114301BBDB015FA1ED0C90ABF39FF59B22B109220F225E1270CB329430EF60

Function 00D0C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D0C6EE
_wcslen.LIBCMT ref: 00D0C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D0C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00D0C7CA

Strings

0, xrefs: 00D0C6AF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 2e387cee908a5209096d6069fe31c965473dc4b126ece23f12b8786bcb2522a0
Instruction ID: bff68fd031d1fe04459d976a9827f0499d9a65bf6a32f1e79d4a222c063f9158
Opcode Fuzzy Hash: 2e387cee908a5209096d6069fe31c965473dc4b126ece23f12b8786bcb2522a0
Instruction Fuzzy Hash: B751B1716243019BD7259F28C885B6B77E8AF85314F082B2DF999D32E0EB70D9059B72

Function 00D2AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00D2AEA3

Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625

GetProcessId.KERNEL32(00000000), ref: 00D2AF38
CloseHandle.KERNEL32(00000000), ref: 00D2AF67

Strings

@, xrefs: 00D2AE72
<, xrefs: 00D2AE6B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: 7a2af6c3d71df2263b026e19357dbbdd239aa436e924bc01b32ce3f50b76e78d
Instruction ID: c7973620461d8982e14f838728bee23185a309ccd30c5bc379908bc55343f5e4
Opcode Fuzzy Hash: 7a2af6c3d71df2263b026e19357dbbdd239aa436e924bc01b32ce3f50b76e78d
Instruction Fuzzy Hash: 06718C71A00629DFCB14EF58D484A9EBBF0FF09318F058499E816AB362D774ED45CBA1

Function 00D0719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00D07206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00D0723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00D0724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00D072CF

Strings

DllGetClassObject, xrefs: 00D07242

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: b271808846749c84d469998942c1ed74800927cb24c58f25a5fb2fba83cc61bf
Instruction ID: e3768a7272bbf0953397218f91b29fdbc5a9f3c5a37acd2e063531aa4728f037
Opcode Fuzzy Hash: b271808846749c84d469998942c1ed74800927cb24c58f25a5fb2fba83cc61bf
Instruction Fuzzy Hash: 73413BB1E04204AFDB15CF64C884B9A7BA9EF44310F1580A9BD099F28AD7B1ED45DBB4

Function 00D33D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D33E35
IsMenu.USER32(?), ref: 00D33E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D33E92
DrawMenuBar.USER32 ref: 00D33EA5

Strings

0, xrefs: 00D33D89

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 27dfc4b6aa8a2a3d4fad9d074cc4c0144572bb3f9dcc399b3738d50f9a143899
Instruction ID: 99c3ed3e848fae70d937adf9537e3e754ff999ff2180c4fadd0a8607d7c974ff
Opcode Fuzzy Hash: 27dfc4b6aa8a2a3d4fad9d074cc4c0144572bb3f9dcc399b3738d50f9a143899
Instruction Fuzzy Hash: C44165B5A00249AFDB10DF64D984EAABBB9FF48350F084229F915AB350D730EE41CF60

Function 00D01DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00D01E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00D01E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00D01EA9

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

Strings

ComboBox, xrefs: 00D01DF0
ListBox, xrefs: 00D01E25

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: e195c1e1aec17ca3dcf6b502fd4a8ca18b06117638919c0bfea46749f4ccdeef
Instruction ID: a058f2fc7a654b6e3137a04a6e68e9c4553adb0d2bc7a8af622c0d57a47e8e5a
Opcode Fuzzy Hash: e195c1e1aec17ca3dcf6b502fd4a8ca18b06117638919c0bfea46749f4ccdeef
Instruction Fuzzy Hash: 5221D875A00104BFDB14AB64DC46DFFB7B9EF46364F144119F829A72E1DB34490AA730

Function 00D2C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D2C9F1
_wcslen.LIBCMT ref: 00D2CA68
_wcslen.LIBCMT ref: 00D2CA9E
_wcslen.LIBCMT ref: 00D2CAF9
_wcslen.LIBCMT ref: 00D2CB2F
_wcslen.LIBCMT ref: 00D2CB7F

Strings

HKLM, xrefs: 00D2CA98, 00D2CA9D
HKEY_LOCAL_MACHINE, xrefs: 00D2CA62, 00D2CA67

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: 9c9ac0b1a62a7c82a75972f076140fd7bde4607b7c74461fbb970162cc2e73e3
Instruction ID: 78c9e5ad12020d31fd7e72d4f426a9393a2e32fb31fdbcb6d79b8904cc3c3c0d
Opcode Fuzzy Hash: 9c9ac0b1a62a7c82a75972f076140fd7bde4607b7c74461fbb970162cc2e73e3
Instruction Fuzzy Hash: D4310433A2017E4BCB20DF6CE8515BE33919BB179CB0D5129E855AB344FA71CE8493B0

Function 00D32F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00D32F8D
LoadLibraryW.KERNEL32(?), ref: 00D32F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00D32FA9
DestroyWindow.USER32(?), ref: 00D32FB1

Strings

SysAnimate32, xrefs: 00D32F68

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: 97486f1dae90cc57ee38fd726fcbf68587161be5dd173d7dd95c74e4d98f3954
Instruction ID: f374eaba48fe0de8807ed7c3de9b604d7a87f8e0b0c896fed16a0dc6d639c48e
Opcode Fuzzy Hash: 97486f1dae90cc57ee38fd726fcbf68587161be5dd173d7dd95c74e4d98f3954
Instruction Fuzzy Hash: DF21AC72A04209ABEB104F66DC81EBB77B9EF59368F140228FA50E22A0D771DC919770

Function 00CC4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00CC4D1E,00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002), ref: 00CC4D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CC4DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00CC4D1E,00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000), ref: 00CC4DC3

Strings

CorExitProcess, xrefs: 00CC4D98
mscoree.dll, xrefs: 00CC4D86

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a37f1785eae4daf5f2553776f6fa061c3c51939c9555b8ab710e5ad873fd9cfe
Instruction ID: dbaa1617779cb4faf79125ededa5c62f5ea4de1e89efe2590f9c3a4ee97928b6
Opcode Fuzzy Hash: a37f1785eae4daf5f2553776f6fa061c3c51939c9555b8ab710e5ad873fd9cfe
Instruction Fuzzy Hash: EFF04F35A50308BBDB159F90DC49FADBFB5EF44751F0041A8F906E2260CB705A44DBE1

Function 00CFD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00CFD3AD
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00CFD3BF
FreeLibrary.KERNEL32(00000000), ref: 00CFD3E5

Strings

X64, xrefs: 00CFD2A8
GetSystemWow64DirectoryW, xrefs: 00CFD3B9

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 145871493-2590602151
Opcode ID: 4aba517fd10991d77468d0740e9f5dc867178d65095abb1e1d09bfdfae53f129
Instruction ID: 9996c3edc682493d97e48cd21357732e97043378d829cc6d477771f627d050b8
Opcode Fuzzy Hash: 4aba517fd10991d77468d0740e9f5dc867178d65095abb1e1d09bfdfae53f129
Instruction Fuzzy Hash: 68F020358067289BE7F11B118C489793221AF00B01F519148EB13F2224DB20CE48ABE3

Function 00CA4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CA4EAE
FreeLibrary.KERNEL32(00000000,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EC0

Strings

Wow64DisableWow64FsRedirection, xrefs: 00CA4EA8
kernel32.dll, xrefs: 00CA4E94

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: dabe7110163c6e9b30b1beac8e410e7ed59be267503943751a16c5737c4f640c
Instruction ID: 6016597591e8e7fb7522552a87e7828c9e8282217169146ed9b1480157a6974b
Opcode Fuzzy Hash: dabe7110163c6e9b30b1beac8e410e7ed59be267503943751a16c5737c4f640c
Instruction Fuzzy Hash: 9BE08C36A127235B92221B25AC18A6BA658AFC2B66B090115FC01F2240DBA0CE0692F1

Function 00CA4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CA4E74
FreeLibrary.KERNEL32(00000000,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E87

Strings

Wow64RevertWow64FsRedirection, xrefs: 00CA4E6E
kernel32.dll, xrefs: 00CA4E5B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: d78241873623b0ec02900c74663c8e7f46fa58bdb99ba3a1f09053497a4e1ebe
Instruction ID: c7007111b1ffd2ad23836e76d64fd140578782d830959a9074938dee15e984d5
Opcode Fuzzy Hash: d78241873623b0ec02900c74663c8e7f46fa58bdb99ba3a1f09053497a4e1ebe
Instruction Fuzzy Hash: 46D012365127225B56261B257C1CD8BAA58AFC6B553051515B915F2254CFA0CE0196F0

Function 00D12947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12C05
DeleteFileW.KERNEL32(?), ref: 00D12C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00D12C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12CC0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 2216e5a289dd85232d8b6f514e005f6e85146bcf2f3f90afdc9c1d26912db685
Instruction ID: 76ffd07998001f5910d26348173bb80dd025bb16cc9228c8f25ea7439038fea1
Opcode Fuzzy Hash: 2216e5a289dd85232d8b6f514e005f6e85146bcf2f3f90afdc9c1d26912db685
Instruction Fuzzy Hash: 35B16D71900119BBDF21DBA4DD85EEEB7BDEF09350F0040AAF609E6141EA319A949FB0

Function 00D2A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00D2A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00D2A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00D2A468
CloseHandle.KERNEL32(?), ref: 00D2A63D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: 8e2fef2ee6efe6a353f316522075a7aae3e24c033a97c813af09d7d22aa114f2
Instruction ID: 9e7685ceb8ab68eccb4a0d4a92dd426865cf4292ed0d70dc9aaeb8a291f50ccf
Opcode Fuzzy Hash: 8e2fef2ee6efe6a353f316522075a7aae3e24c033a97c813af09d7d22aa114f2
Instruction Fuzzy Hash: F8A1BF716047019FD720DF28D882F2AB7E1EF94718F18881DF59A9B392D7B0EC418B92

Function 00D0E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D0CF22,?), ref: 00D0DDFD

Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D0CF22,?), ref: 00D0DE16

Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A

lstrcmpiW.KERNEL32(?,?), ref: 00D0E473
MoveFileW.KERNEL32(?,?), ref: 00D0E4AC
_wcslen.LIBCMT ref: 00D0E5EB
_wcslen.LIBCMT ref: 00D0E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00D0E650

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: d58b0e9a176ef3dd577c0ea625eec690d981b1d03b034cdaefc5e6128c7c0c59
Instruction ID: 2f3231109560774d10c89bc8c170eb8b82a71720f86778278358ebb500bc9170
Opcode Fuzzy Hash: d58b0e9a176ef3dd577c0ea625eec690d981b1d03b034cdaefc5e6128c7c0c59
Instruction Fuzzy Hash: 0E515DB24083459BC724EB90D885ADBB3ECEF85344F04492EE589D3191EE75E6888776

Function 00D2B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00D2BB63
RegCloseKey.ADVAPI32(?,?), ref: 00D2BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00D2BBB3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: 5922a9612a071e4faff79d5080aa147969a69a7b9b5aea24fc0b84199e727047
Instruction ID: 6860fc62510c74813bd03d92603b2e4941a5b0ee43f0bab088ae384ff9c7354d
Opcode Fuzzy Hash: 5922a9612a071e4faff79d5080aa147969a69a7b9b5aea24fc0b84199e727047
Instruction Fuzzy Hash: C761C131208241AFC314DF24D491E2ABBE5FF8531CF18859DF4998B2A2CB71ED45CBA2

Function 00D08BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00D08BCD
VariantClear.OLEAUT32 ref: 00D08C3E
VariantClear.OLEAUT32 ref: 00D08C9D
VariantClear.OLEAUT32(?), ref: 00D08D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00D08D3B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 4365a203392ebd9bcdeeec561f59c061453d597604926dc0cb683991783aa5b3
Instruction ID: b594b44ee96fd3673e31e7b2fcd025eb534d718c677cf23cf67d17815a06722f
Opcode Fuzzy Hash: 4365a203392ebd9bcdeeec561f59c061453d597604926dc0cb683991783aa5b3
Instruction Fuzzy Hash: 18517BB5A10219EFCB10CF68C884AAAB7F8FF89310B158559F949DB350E730E911CFA0

Function 00D18AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00D18BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00D18BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00D18C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00D18C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00D18C5F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 35767213748b53fed16668b17c43bf70368125b2133bf3f8566a7c1ff3cbbc6e
Instruction ID: d5ac5d38e2ca0e0dc86a5d26f2891d3f2620a17dd400e4d01a54d80745da5391
Opcode Fuzzy Hash: 35767213748b53fed16668b17c43bf70368125b2133bf3f8566a7c1ff3cbbc6e
Instruction Fuzzy Hash: C5513D35A00215EFCB05DF64C881AAEBBF5FF49314F088458E849AB362DB35ED51DBA0

Function 00D28EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00D28F40
GetProcAddress.KERNEL32(00000000,?), ref: 00D28FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00D28FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00D29032
FreeLibrary.KERNEL32(00000000), ref: 00D29052

Part of subcall function 00CBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00D11043,?,753CE610), ref: 00CBF6E6
Part of subcall function 00CBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00CFFA64,00000000,00000000,?,?,00D11043,?,753CE610,?,00CFFA64), ref: 00CBF70D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 0af289bc0413c090767f1c9778ca2ff79e760a84c9eba991badf50da6f33f42b
Instruction ID: f52c133e1ea2768cca703656777bd3e0413012951488eaec977016bbf38c0873
Opcode Fuzzy Hash: 0af289bc0413c090767f1c9778ca2ff79e760a84c9eba991badf50da6f33f42b
Instruction Fuzzy Hash: A8515E35601215DFC711DF54C5958ADBBF1FF59318F088099E805AB362DB31ED85DBA0

Function 00D36B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00D36C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00D36C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00D36C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00D1AB79,00000000,00000000), ref: 00D36C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00D36CC7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: 2a7465e6e28db5f54778f2015787dc2fdd14efac40cc266f0b4ba78f1dbe830c
Instruction ID: 4f9e81a9a51a62041db956ad65b480f31603c7d9619a59880927e565b69a7019
Opcode Fuzzy Hash: 2a7465e6e28db5f54778f2015787dc2fdd14efac40cc266f0b4ba78f1dbe830c
Instruction Fuzzy Hash: F641A135604204BFDB24CF28CC59FA9BFA5EB09350F189268F999E73A0C371ED41DA60

Function 00CD2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD20C3
_free.LIBCMT ref: 00CD20E3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 633b5991d2840a0a663d5e598aeee0a45e444b72e728eea3f8ef59689c430909
Instruction ID: 5cb37b8d6af40b88971b676091959f3577f62561bc258645c896fc444b9b5ac7
Opcode Fuzzy Hash: 633b5991d2840a0a663d5e598aeee0a45e444b72e728eea3f8ef59689c430909
Instruction Fuzzy Hash: 6441C532A00200AFCB24DF78C981A6DB7F5EF99314F1585AAE615EB395D731EE01DB90

Function 00CB912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00CB9141
ScreenToClient.USER32(00000000,?), ref: 00CB915E
GetAsyncKeyState.USER32(00000001), ref: 00CB9183
GetAsyncKeyState.USER32(00000002), ref: 00CB919D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 5d0ab9c641882ccdcb0ed90c0e4fe432b4055e9b85a4ec7df3c3b07632ff549e
Instruction ID: 6e4b7998e2bfbff69254cfc82cbfb9ff9a1458e98c9e4647f4f3ab002884c378
Opcode Fuzzy Hash: 5d0ab9c641882ccdcb0ed90c0e4fe432b4055e9b85a4ec7df3c3b07632ff549e
Instruction Fuzzy Hash: F9414F71A0861AFBDF159F68C848BFEB774FF05320F208319E529A7290C7346A54DBA1

Function 00D13874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00D138CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00D13922
TranslateMessage.USER32(?), ref: 00D1394B
DispatchMessageW.USER32(?), ref: 00D13955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D13966

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: cd7dea54140cb41aa2f96caa1dad567bb5877a196bda01dfe46c7f79cc26232a
Instruction ID: 5c1d365670e9578d120a92dd9ba0c16dbe322310d69df4d022365c6aa24c92a7
Opcode Fuzzy Hash: cd7dea54140cb41aa2f96caa1dad567bb5877a196bda01dfe46c7f79cc26232a
Instruction Fuzzy Hash: 15318874504341BEEB35CB38B849BF63BA4EB05304F080669E4A6D6290EBB496C5CF71

Function 00D1CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00D1CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFF2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: cc2c8015d2cb1b6964975c15ae7e42d856e0ad10bd93e5bae98936cd39ff1d50
Instruction ID: fe6017d6206f9cb5125fd065b162e56bb0e3e9c9b41caf936106685594351893
Opcode Fuzzy Hash: cc2c8015d2cb1b6964975c15ae7e42d856e0ad10bd93e5bae98936cd39ff1d50
Instruction Fuzzy Hash: 29315A71555305BFDB20DFA5E884AABBBF9EF14310B14542EF516E2240EB30EE829B70

Function 00D01901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00D01915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00D019C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00D019C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00D019DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00D019E2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: f8ec66b58def82654fc39190000cc120b195f5cc7e8e2c4f52df6109fd7b351e
Instruction ID: 68b18c8fac297497bd7bca5efca5927f30533d8f01b4497f4c65276cc4d32148
Opcode Fuzzy Hash: f8ec66b58def82654fc39190000cc120b195f5cc7e8e2c4f52df6109fd7b351e
Instruction Fuzzy Hash: 88319C75A00219EFCB00CFA8DD99BDE3BB5EB05315F144229F965E72D1C7709944DBA0

Function 00D35706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00D35745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00D3579D
_wcslen.LIBCMT ref: 00D357AF
_wcslen.LIBCMT ref: 00D357BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00D35816

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: e3239d4b75e1f22b9cdd51a82afd326a8b77c5c6ac18ce18732d3ec85df82a6a
Instruction ID: a5ce9f790be53cc4f6e307e72f64b673095f3129dd2491c40e01cc532b253cba
Opcode Fuzzy Hash: e3239d4b75e1f22b9cdd51a82afd326a8b77c5c6ac18ce18732d3ec85df82a6a
Instruction Fuzzy Hash: DC21A571904618DADB208F64EC85AED77B8FF05320F148216E919EA284D770C985CF70

Function 00D20930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00D20951
GetForegroundWindow.USER32 ref: 00D20968
GetDC.USER32(00000000), ref: 00D209A4
GetPixel.GDI32(00000000,?,00000003), ref: 00D209B0
ReleaseDC.USER32(00000000,00000003), ref: 00D209E8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 652bcbec2064d793c62cf7c763af27df9656ebd5132a0c99df8fc766d58fdbe4
Instruction ID: 50840dea883d88d993d5ef81c64ca6c4910505f1dc59afccf71074be5d4f9e08
Opcode Fuzzy Hash: 652bcbec2064d793c62cf7c763af27df9656ebd5132a0c99df8fc766d58fdbe4
Instruction Fuzzy Hash: 83216F35A00214AFD704EF69D885AAEBBE9EF45704F048068F84AE7762CB30EC44DB60

Function 00CDCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00CDCDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CDCDE9

Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00CDCE0F
_free.LIBCMT ref: 00CDCE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CDCE31

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: f294e641565c33c54303c021ce63ebab68dc519727d3574dc7ebcc25d8475433
Instruction ID: f4ccee8bfd43d1fde4375063ed2fc6f1b5539412da56ecc7a455988c3a57b4ca
Opcode Fuzzy Hash: f294e641565c33c54303c021ce63ebab68dc519727d3574dc7ebcc25d8475433
Instruction Fuzzy Hash: 640184B26013167F272116BB6CC8D7BBA6DDEC6BA1315012BFA15D7701EA618E01E2B0

Function 00CB9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
SelectObject.GDI32(?,00000000), ref: 00CB96A2
BeginPath.GDI32(?), ref: 00CB96B9
SelectObject.GDI32(?,00000000), ref: 00CB96E2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 73f19f14f871451f53f431c5b1c17d1c276cd8c4d4e085eb7cb7786820db93ae
Instruction ID: cfdda9bf872d8f56d48dddc2aad32cc7bd35a49b97d94753b661a6ad366238c1
Opcode Fuzzy Hash: 73f19f14f871451f53f431c5b1c17d1c276cd8c4d4e085eb7cb7786820db93ae
Instruction Fuzzy Hash: F8217F35812305EBDB119F29DC197E97BB8FB10355F100316F628E62B0E3709996DFA0

Function 00D05711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00D05726
_memcmp.LIBVCRUNTIME ref: 00D05744
_memcmp.LIBVCRUNTIME ref: 00D05757
_memcmp.LIBVCRUNTIME ref: 00D0576F
_memcmp.LIBVCRUNTIME ref: 00D05787

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 2bf01e8cb456f56bb2d309baee88e8ab706d38f0c82a9602ac630cdc19e414a6
Instruction ID: e179099bd8a9f403cd3a0a1fd6f8d5bb254a7dae10daa45c573b58a424cb4738
Opcode Fuzzy Hash: 2bf01e8cb456f56bb2d309baee88e8ab706d38f0c82a9602ac630cdc19e414a6
Instruction Fuzzy Hash: 3101BE61641609BFD7189611EE81FBB735C9FA2358F1C4024FD0C5A1C5F760ED14A6B1

Function 00CD2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6), ref: 00CD2DFD
_free.LIBCMT ref: 00CD2E32
_free.LIBCMT ref: 00CD2E59
SetLastError.KERNEL32(00000000,00CA1129), ref: 00CD2E66
SetLastError.KERNEL32(00000000,00CA1129), ref: 00CD2E6F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: f63c696287517817bcb34d6c6b4012c19a27fe690e4975b6f0bfe2d8620e7edb
Instruction ID: ded48248167df5121d10be0891f46440f75f78f2abb7d452d11ea624c4c8fc7c
Opcode Fuzzy Hash: f63c696287517817bcb34d6c6b4012c19a27fe690e4975b6f0bfe2d8620e7edb
Instruction Fuzzy Hash: 2F01D1326057006B861227356C45D2B2759ABE13A3B24442BF775E2792EAA4CD016130

Function 00D0000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?,?,00D0035E), ref: 00D0002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?), ref: 00D00064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00070

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 26c4818e630c48796a4255c4cca3c53834892f726200da86d06c77f836a21ab8
Instruction ID: 9a704889ea81dc86bf5a909d37aca91db5250af712eb2cb972f2db9e6223a87a
Opcode Fuzzy Hash: 26c4818e630c48796a4255c4cca3c53834892f726200da86d06c77f836a21ab8
Instruction Fuzzy Hash: 2D018F76610304BFDB104F68DC08BAA7EADEB48792F145124F909E2250DB71DE408BB0

Function 00D0E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00D0E997
QueryPerformanceFrequency.KERNEL32(?), ref: 00D0E9A5
Sleep.KERNEL32(00000000), ref: 00D0E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00D0E9B7
Sleep.KERNEL32 ref: 00D0E9F3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 83933fe337fdb6cc1e847e0cdaf0cef872ac24e2632ab09394d2268226c0abd4
Instruction ID: becd122e78c95907f2a6f665acbb3ddcacda4e49b3cedba092a2d2e3c5794744
Opcode Fuzzy Hash: 83933fe337fdb6cc1e847e0cdaf0cef872ac24e2632ab09394d2268226c0abd4
Instruction Fuzzy Hash: DA011731D01629DBCF00ABE6ED59BEDFB78FB09701F000956E946B2291CB7096549BB1

Function 00D010F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: a037454f72b31d6b2349edce8019a0f03e3b193a09ebdd1fcddee65763679665
Instruction ID: d818a71aa53f9ed42daf077cdb7a2743b85444cc7cdc2adb76691de38fad9d7a
Opcode Fuzzy Hash: a037454f72b31d6b2349edce8019a0f03e3b193a09ebdd1fcddee65763679665
Instruction Fuzzy Hash: DC011979210315BFDB154FA5DC49A6A3B6EEF893A0B244419FA49E73A0DA31DC009B70

Function 00D00FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D00FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D00FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D00FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D00FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D01002

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: ae44524099765b2b52c5ddb3765836f9e758c572fcea9754191346a049409459
Instruction ID: fde9e87755b6bec3d6e7c4f91bbadab9b2de530bd4a500df23392c733f4e48ca
Opcode Fuzzy Hash: ae44524099765b2b52c5ddb3765836f9e758c572fcea9754191346a049409459
Instruction Fuzzy Hash: AAF04939210302ABDB224FA49C4AF5A3BADEF89762F144414FA89E7391CA70DC508B70

Function 00D01014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D0102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D01036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D0104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01062

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 5f8892fa2ab18bf55f5c3850bcc32059cc18b32e071c90f6451773f895df3d9d
Instruction ID: 952c53ef3ead99a5fe1467449a917d66fa50d8203abb71546d8f43cb0c5270f1
Opcode Fuzzy Hash: 5f8892fa2ab18bf55f5c3850bcc32059cc18b32e071c90f6451773f895df3d9d
Instruction Fuzzy Hash: E2F06D39210301EBDB215FA4EC4AF563BADEF89761F140418FA89E7390CA70D8508B70

Function 00D1030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10324
CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10331
CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D1033E
CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D1034B
CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10358
CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10365

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7c02d725690dffe70a213d9a16980f75ba7841f11d2855dddc842dea5a09bee1
Instruction ID: 9a19aef2626f04e0ba42911a41c4e0e59c478513f481c60b2c17b61bc4342328
Opcode Fuzzy Hash: 7c02d725690dffe70a213d9a16980f75ba7841f11d2855dddc842dea5a09bee1
Instruction Fuzzy Hash: 7401A272800B15AFC730AF66E880452FBF9BF503153198A3FD1A652931C7B1A995DF90

Function 00CDD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CDD752

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

_free.LIBCMT ref: 00CDD764
_free.LIBCMT ref: 00CDD776
_free.LIBCMT ref: 00CDD788
_free.LIBCMT ref: 00CDD79A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 121bb96e487f32cfac66901736bfa74da37ae2f3b75630302f2fecf794591731
Instruction ID: 07c47b4cfcfc2669e4e56b88127c269f35b40e47b4a79780e4b1ce3e47abf65c
Opcode Fuzzy Hash: 121bb96e487f32cfac66901736bfa74da37ae2f3b75630302f2fecf794591731
Instruction Fuzzy Hash: D6F09632950304AB8621FB64F9C1C2677DDBB44310B951C47F2A9D7705C730FC809A70

Function 00D05C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00D05C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00D05C6F
MessageBeep.USER32(00000000), ref: 00D05C87
KillTimer.USER32(?,0000040A), ref: 00D05CA3
EndDialog.USER32(?,00000001), ref: 00D05CBD

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 817360b744b80f63ea25731d489f3cba832025a703153af05a36dd5dda2e6dd4
Instruction ID: 47ce51fec2d8491a0bfe1201125f2b5650420dd3135ee55e5d20bd7940acf3af
Opcode Fuzzy Hash: 817360b744b80f63ea25731d489f3cba832025a703153af05a36dd5dda2e6dd4
Instruction Fuzzy Hash: 0A016D31510B04ABFB215B10EE4FFA67BB8BB00B05F042559A987B11E1DBF4A984CFA4

Function 00CD22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD22BE

Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0

_free.LIBCMT ref: 00CD22D0
_free.LIBCMT ref: 00CD22E3
_free.LIBCMT ref: 00CD22F4
_free.LIBCMT ref: 00CD2305

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 640d16d9d53646841d2c3c1e9b74d5e7045d01e285000f85d1d92d996953a7d1
Instruction ID: 5c7ecf497af1a8b4224326145596209b74f16681b7a3a84e43301159dc436b55
Opcode Fuzzy Hash: 640d16d9d53646841d2c3c1e9b74d5e7045d01e285000f85d1d92d996953a7d1
Instruction Fuzzy Hash: 31F03A74810320CB8622BF68BC128187F64BB28760700160BF618D33B2EB700991BBB8

Function 00CB95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00CB95D4
StrokeAndFillPath.GDI32(?,?,00CF71F7,00000000,?,?,?), ref: 00CB95F0
SelectObject.GDI32(?,00000000), ref: 00CB9603
DeleteObject.GDI32 ref: 00CB9616
StrokePath.GDI32(?), ref: 00CB9631

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 7052b8df5670a45896dbf1a9b43f20eb02deccf6895bb57e1e06ee4dfbef6438
Instruction ID: dac40fc6769256e10b86d0cbe731b8300a37ba115ef0986a1bd21749f256c3d8
Opcode Fuzzy Hash: 7052b8df5670a45896dbf1a9b43f20eb02deccf6895bb57e1e06ee4dfbef6438
Instruction Fuzzy Hash: 44F0B639016344EBDB265F69ED187A43B65EB01362F048314F679E52F0E7308A96DF31

Function 00CD0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00CD10F9
__freea.LIBCMT ref: 00CD1117

Part of subcall function 00CD1537: _free.LIBCMT ref: 00CD154F

Strings

a/p, xrefs: 00CD11DE
am/pm, xrefs: 00CD117A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: e39da1a7d59c4f85fe88327ae11a42436c2382651e4642389584c8cbd722fbd0
Instruction ID: b50a6cfb02bc00edc6652b35965a438c09d4f8d9b1a2d2130ce8c823b6c9027e
Opcode Fuzzy Hash: e39da1a7d59c4f85fe88327ae11a42436c2382651e4642389584c8cbd722fbd0
Instruction Fuzzy Hash: 85D1D031900246EADB28AF69C855BBEB7B1EF05300F2C415BEF219B761D3759E80CB91

Function 00D27B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00CC0242: EnterCriticalSection.KERNEL32(00D7070C,00D71884,?,?,00CB198B,00D72518,?,?,?,00CA12F9,00000000), ref: 00CC024D
Part of subcall function 00CC0242: LeaveCriticalSection.KERNEL32(00D7070C,?,00CB198B,00D72518,?,?,?,00CA12F9,00000000), ref: 00CC028A

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00CC00A3: __onexit.LIBCMT ref: 00CC00A9

__Init_thread_footer.LIBCMT ref: 00D27BFB

Part of subcall function 00CC01F8: EnterCriticalSection.KERNEL32(00D7070C,?,?,00CB8747,00D72514), ref: 00CC0202
Part of subcall function 00CC01F8: LeaveCriticalSection.KERNEL32(00D7070C,?,00CB8747,00D72514), ref: 00CC0235

Strings

G, xrefs: 00D27C7F
5, xrefs: 00D27C78
Variable must be of type 'Object'., xrefs: 00D27C3A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: e596488ab186380a253600870c72aac1b06cd3c69935c580aa8517ba245ad763
Instruction ID: ea3ff171e32484dde63211f58f7a32767b38ea00b43d026e8c6aa42f851bca72
Opcode Fuzzy Hash: e596488ab186380a253600870c72aac1b06cd3c69935c580aa8517ba245ad763
Instruction Fuzzy Hash: 0091AC70A04219EFCB24EF54E881DADB7B1FF55308F148059F846AB292DB31AE45DB71

Function 00D02716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00D0B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D021D0,?,?,00000034,00000800,?,00000034), ref: 00D0B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00D02760

Part of subcall function 00D0B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D021FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00D0B3F8

Part of subcall function 00D0B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00D0B355
Part of subcall function 00D0B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00D02194,00000034,?,?,00001004,00000000,00000000), ref: 00D0B365
Part of subcall function 00D0B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00D02194,00000034,?,?,00001004,00000000,00000000), ref: 00D0B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D027CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D0281A

Strings

@, xrefs: 00D02832

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: d05331d6d84fbf2828d69e3ecbbbad90db1bca363f615f2fb35bc90643789fb0
Instruction ID: 3d3cd7f8284dbcbd068e7c523539ec90ffeffa25299d3d829cda246412052f4d
Opcode Fuzzy Hash: d05331d6d84fbf2828d69e3ecbbbad90db1bca363f615f2fb35bc90643789fb0
Instruction Fuzzy Hash: EF412B76901218AFDB10DFA4CD86BEEBBB8EF09310F148055FA59B7191DB706E45CBA0

Function 00CD172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00CD1769
_free.LIBCMT ref: 00CD1834
_free.LIBCMT ref: 00CD183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00CD1760, 00CD1767, 00CD1796, 00CD17CE

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 79e7b51217b91eb6b308d6476d73db104f33e570ba66e5b4c7b1adb8dbb2761c
Instruction ID: 795ef62424904a9a78c24a1808206e1b89789b377a4b39208e965ba09969e18d
Opcode Fuzzy Hash: 79e7b51217b91eb6b308d6476d73db104f33e570ba66e5b4c7b1adb8dbb2761c
Instruction Fuzzy Hash: 75319175A00208FBDB21DF99DC85D9EBBFCEB85310B19416BFA04D7351E6708A40EBA0

Function 00D0C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00D0C306
DeleteMenu.USER32(?,00000007,00000000), ref: 00D0C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00D71990,00FB5530), ref: 00D0C395

Strings

0, xrefs: 00D0C2DF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 383f56fb9084f34b178d9727c78668b35165a10272b85b5c4340c7e948dcc667
Instruction ID: bcd42ea82c81dbf48de4a2d9a4981f75b107712143ad6570c6f2e0a6f964a3a2
Opcode Fuzzy Hash: 383f56fb9084f34b178d9727c78668b35165a10272b85b5c4340c7e948dcc667
Instruction Fuzzy Hash: 33417C312243029FD720DF25D885B5ABBA8EB85320F149B1EF9A9972D1D770A904CB72

Function 00D34416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00D3CC08,00000000,?,?,?,?), ref: 00D344AA
GetWindowLongW.USER32 ref: 00D344C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D344D7

Strings

SysTreeView32, xrefs: 00D3447C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: c33f98cb34699359307810443f50006ba5c51560a415573d1f0e0fcebf011abb
Instruction ID: 7d897c9bad34e6184374ab0ef1a3fe41ec684f272468f89a95cf6722defd6a9d
Opcode Fuzzy Hash: c33f98cb34699359307810443f50006ba5c51560a415573d1f0e0fcebf011abb
Instruction Fuzzy Hash: B4318D32210205AFDB209F38DC45BEA77A9EB09334F244725F975E22E0D7B4EC509760

Function 00D2304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00D2335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00D23077,?,?), ref: 00D23378

inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
_wcslen.LIBCMT ref: 00D2309B
htons.WSOCK32(00000000,?,?,00000000), ref: 00D23106

Strings

255.255.255.255, xrefs: 00D23095, 00D2309A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: e90d6dac6ff85d59865307209324a80b398a4dbc1f8b9fa7d4fc23ccb746e82a
Instruction ID: 6c22941f4c53e3917ae4582ae9e5b9ebf12fbcf77a5c550a37a5a45dac0ffdf3
Opcode Fuzzy Hash: e90d6dac6ff85d59865307209324a80b398a4dbc1f8b9fa7d4fc23ccb746e82a
Instruction Fuzzy Hash: 2231B0352043259FCB10CF68D586EAA77E0EF6531CF288059E9158B392DB7AEE41C770

Function 00D33EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00D33F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00D33F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00D33F78

Strings

SysMonthCal32, xrefs: 00D33F0B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 0fc154524f66b534e24a00a89e50665dc677e2ae2a76bb3037c7dfe4658fc770
Instruction ID: a96daaacaa707d11be42d1e548bccd56ec7bbf03f3fe50b1e0354a3528e34db1
Opcode Fuzzy Hash: 0fc154524f66b534e24a00a89e50665dc677e2ae2a76bb3037c7dfe4658fc770
Instruction Fuzzy Hash: E021BC32610219BFDF218F50CC46FEA3B79EF48724F150214FA19BB1D0D6B1A8908BA0

Function 00D34653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00D34705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00D34713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D3471A

Strings

msctls_updown32, xrefs: 00D34684

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 5cfab165068162f9da1252805a6d1f49e4a980d87e7719c24cecd47f345d4aba
Instruction ID: 68c7175d087163f3e3ee934903958c3aeb4c0006d300a7af2a5220361dd9ff9f
Opcode Fuzzy Hash: 5cfab165068162f9da1252805a6d1f49e4a980d87e7719c24cecd47f345d4aba
Instruction Fuzzy Hash: 42214AB5600209AFDB10DF68DC81DA637ADEB4A3A8B040159FA049B3A1DB74FC51DAB0

Function 00D095AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D0961D

Strings

#requireadmin, xrefs: 00D095D9
#OnAutoItStartRegister, xrefs: 00D095F3
#notrayicon, xrefs: 00D095B7

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: b5750606e2c283f36f47dd897a9207131f72f41166a01254aded61ad018e38c7
Instruction ID: efc0c6f8d5a331405ccd8eb3db2fd5c01b3bc3f22ee815dcf89639e3397323b5
Opcode Fuzzy Hash: b5750606e2c283f36f47dd897a9207131f72f41166a01254aded61ad018e38c7
Instruction Fuzzy Hash: D42138725045116AC331AB25DC26FB7F398AF51310F58402AF98D971C2EB52DD46D2B5

Function 00D337B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00D33840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00D33850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00D33876

Strings

Listbox, xrefs: 00D3380F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: aa2bcd428f0e09b98fc61f51b0811775a4aca8dcabc2a6ee6a4e43364c76f81f
Instruction ID: 2df3893257a178b02770f687e22cc328790f7d71c2dc32b684669c55366504a2
Opcode Fuzzy Hash: aa2bcd428f0e09b98fc61f51b0811775a4aca8dcabc2a6ee6a4e43364c76f81f
Instruction Fuzzy Hash: 3A21A1B2610218BBEF218F54DC85FBB376EEF89764F158124F9449B190C671DC5287B0

Function 00D149F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00D14A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00D14A5C
SetErrorMode.KERNEL32(00000000,?,?,00D3CC08), ref: 00D14AD0

Strings

%lu, xrefs: 00D14A6F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: a4291e9e6e3452a3f806bc92a97ce2b2921400e30e11e4c0bc2f9534c255c5b4
Instruction ID: 4b5fe2a7864eacd42fea3e8b48ad397b9840df6e7e2edb5a890128aa31e1dfa9
Opcode Fuzzy Hash: a4291e9e6e3452a3f806bc92a97ce2b2921400e30e11e4c0bc2f9534c255c5b4
Instruction Fuzzy Hash: 02317F75A00209AFD710DF54C885EAA7BF8EF05308F148095F909DB252DB71ED45DB71

Function 00D341EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00D3424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00D34264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00D34271

Strings

msctls_trackbar32, xrefs: 00D34226

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 0ba0fb3e5e55bff6f6f3054ead82a39dca2a7a4d1cf352edc583666bc3351fec
Instruction ID: 70eaf927afcb3a403a0765109d5c0ed4326c71dd97940b86b450c656e91a26de
Opcode Fuzzy Hash: 0ba0fb3e5e55bff6f6f3054ead82a39dca2a7a4d1cf352edc583666bc3351fec
Instruction Fuzzy Hash: 9711E031240308BFEF205E29CC06FAB3BACEF85B64F010224FA55E21A0D271E8519B34

Function 00D02F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A

Part of subcall function 00D02DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D02DC5
Part of subcall function 00D02DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D02DD6
Part of subcall function 00D02DA7: GetCurrentThreadId.KERNEL32 ref: 00D02DDD
Part of subcall function 00D02DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D02DE4

GetFocus.USER32 ref: 00D02F78

Part of subcall function 00D02DEE: GetParent.USER32(00000000), ref: 00D02DF9

GetClassNameW.USER32(?,?,00000100), ref: 00D02FC3
EnumChildWindows.USER32(?,00D0303B), ref: 00D02FEB

Strings

%s%d, xrefs: 00D02FFF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: 948b1408e5d8726e92d8dd3eeb3f0437d7339f86e1e20db71a56eaa136565823
Instruction ID: d2f46afb90eb980229adb20b783d7b6831cda9279a0181405ba9cf8100b1f40d
Opcode Fuzzy Hash: 948b1408e5d8726e92d8dd3eeb3f0437d7339f86e1e20db71a56eaa136565823
Instruction Fuzzy Hash: CD11AF71700205ABCF15BF649C8AFEE776AEF84304F085075B90DAB292DE3099499B70

Function 00D35882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D358C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D358EE
DrawMenuBar.USER32(?), ref: 00D358FD

Strings

0, xrefs: 00D3588F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: a1537585cb5bca5e43c99b944edbacaf75b2540862da00050ebad5090a303686
Instruction ID: 1d6cca0e08f95b72883015f7fcda34752bb14af1448f56866782a6c3c957f93d
Opcode Fuzzy Hash: a1537585cb5bca5e43c99b944edbacaf75b2540862da00050ebad5090a303686
Instruction Fuzzy Hash: 0D018031500258EFDB219F11EC44BEEBBB4FF45360F1480A9E849D6251DB308A94EF31

Function 00D0007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cd7a6c7f012c589099e06b5273bc4845e715195d7697f7318f6d15ab68e4a3
Instruction ID: 9de9c928f975dbb876698e99c807234a88c742e670fc9953d31a7e9871dba9fb
Opcode Fuzzy Hash: 11cd7a6c7f012c589099e06b5273bc4845e715195d7697f7318f6d15ab68e4a3
Instruction Fuzzy Hash: D5C12C75A0021AEFDB15CFA4C894BAEBBB5FF48704F148598E509EB291D731DE41CBA0

Function 00CD3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00CD3F0B
__alldvrm.LIBCMT ref: 00CD410C
__alldvrm.LIBCMT ref: 00CD412E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: f070da9b6c06490ec7bd9ded0a8e00e0c848c48fb16e2686bc654f989817c914
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 72A16871D003869FDB29CF58C8917AEBBE5EF61350F1841AFE7959B381C2349A81C751

Function 00D2342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00D23459
CoUninitialize.OLE32 ref: 00D23463
VariantInit.OLEAUT32(?), ref: 00D2346E
VariantClear.OLEAUT32(?), ref: 00D2371B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 436d75efda34723751b44c35805b418b1f8a9280ace11caf22564f4bfa57caee
Instruction ID: fbe029226163988aae6b978e992a8d9408fd064b2c92ff29dd814c3bd2ff61b4
Opcode Fuzzy Hash: 436d75efda34723751b44c35805b418b1f8a9280ace11caf22564f4bfa57caee
Instruction Fuzzy Hash: 32A16F756043119FC700EF28D885A2AB7E5FF89718F04895DF98A9B362DB34ED01DBA1

Function 00D00436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D005F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D00608
CLSIDFromProgID.OLE32(?,?,00000000,00D3CC40,000000FF,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D0062D
_memcmp.LIBVCRUNTIME ref: 00D0064E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 0ca118bbae88063a20f27ac237536596de9adbc2610acd1c0df7670dce1cab24
Instruction ID: 8b466de0a869d027d1c2e9debfd29009a4855856c5245400963f463f85e0c294
Opcode Fuzzy Hash: 0ca118bbae88063a20f27ac237536596de9adbc2610acd1c0df7670dce1cab24
Instruction Fuzzy Hash: 9181FE75A00109EFCB04DF94C988EEEBBB9FF89315F144558E516EB290DB71AE06CB60

Function 00CE1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CE14C0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 24767c41011c702e52f4ee4aafe382e24c09a2ab7ef4852a1affdf3219cb96bd
Instruction ID: f7d7d1ae325220629ea918f4d5b6bfaa6991662abdeeacf575a67228803eae90
Opcode Fuzzy Hash: 24767c41011c702e52f4ee4aafe382e24c09a2ab7ef4852a1affdf3219cb96bd
Instruction Fuzzy Hash: 31413E35A005906BDB216BBBCC45BBE3AA5EF41330F1C0269FD29D63D2E6348951B272

Function 00D36278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00D362E2
ScreenToClient.USER32(?,?), ref: 00D36315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00D36382

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 12bff20eaf873191819b6db5503ea6cfcba56094cb309f60f02564744cc6b05c
Instruction ID: a337ce54117ba896861958941391c390a8db2e844435103407a3909a0b913b42
Opcode Fuzzy Hash: 12bff20eaf873191819b6db5503ea6cfcba56094cb309f60f02564744cc6b05c
Instruction Fuzzy Hash: E0510A75A00209EFDB10DF68D8819AE7BB5EB45360F188259F965DB2A0D730ED81CB60

Function 00D21AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00D21AFD
WSAGetLastError.WSOCK32 ref: 00D21B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00D21B8A
WSAGetLastError.WSOCK32 ref: 00D21B94

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: f2bb6c4a03ae3f1fc5934b2a01739cd906fb14d775aaf8abfbf09ed83eef5785
Instruction ID: 6ec5d5077b5272131ca9e34c9e8072470d6c325a01d22102ed00c7d51eb9a42c
Opcode Fuzzy Hash: f2bb6c4a03ae3f1fc5934b2a01739cd906fb14d775aaf8abfbf09ed83eef5785
Instruction Fuzzy Hash: 2541D138600201AFE720AF24D886F2A77E5AB55718F58C448F91A9F3D2D772DD41CBA0

Function 00CDB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64f6a5505b1e893a14c63466c46314e97379ca3a7baa7abafe8bcdc78503561
Instruction ID: cda0bd4a16831265e780ecbc2e0f9e7f909cadb7b9ed31b1081ee468e9171e95
Opcode Fuzzy Hash: e64f6a5505b1e893a14c63466c46314e97379ca3a7baa7abafe8bcdc78503561
Instruction Fuzzy Hash: 9941D171A00244EFD724DF38C841BAABBE9EB88710F11452FF651DB382D7719A019790

Function 00D156D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00D15783
GetLastError.KERNEL32(?,00000000), ref: 00D157A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00D157CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00D157FA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: d1aaab5d3b268a853e4d410f2fa194aac51e17d9537d6b0cd8cdbc64c404a558
Instruction ID: 0e2c3154acc8cb66708041be3eb5cb5306e96b4877f0d616b647fc2acf26b939
Opcode Fuzzy Hash: d1aaab5d3b268a853e4d410f2fa194aac51e17d9537d6b0cd8cdbc64c404a558
Instruction Fuzzy Hash: 0A411F39600611DFCB11EF55D585A5EBBE2FF89314B198488E84AAB362CB34FD40DBA1

Function 00CDD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00CC6D71,00000000,00000000,00CC82D9,?,00CC82D9,?,00000001,00CC6D71,8BE85006,00000001,00CC82D9,00CC82D9), ref: 00CDD910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CDD999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00CDD9AB
__freea.LIBCMT ref: 00CDD9B4

Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 22f2b382b5eec745cdbc815481f827a0d7b972d7f6ac5783c550efc9c2a81abc
Instruction ID: 7faf747da9a2002988d929bd4ff96ec4bd38e358fca4c79b8081563979d99ddb
Opcode Fuzzy Hash: 22f2b382b5eec745cdbc815481f827a0d7b972d7f6ac5783c550efc9c2a81abc
Instruction Fuzzy Hash: 4531FE72A1020AABDF249F65DC91EBE7BA5EB40310F05016AFD15D7290EB36CE50DBA0

Function 00D352C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00D35352
GetWindowLongW.USER32(?,000000F0), ref: 00D35375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D35382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00D353A8

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: adf680affbd72d8f2609d049b067b95c5970c714d0d197ec708469a657bfab7d
Instruction ID: a18376eca604157c9ef1266e70a5341f715a6e73a611bd80de3b2be0d91d800b
Opcode Fuzzy Hash: adf680affbd72d8f2609d049b067b95c5970c714d0d197ec708469a657bfab7d
Instruction Fuzzy Hash: CC31C334A95A08EFEB309F54EC06BE83765EB053D0F5C4101FA51962E5C7B1AD80EB72

Function 00D0AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00D0ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00D0AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00D0AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00D0ACC6

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 5921694d921020da725de9eabe25f2769fa2f6a9da02aaaefb841110e60be66b
Instruction ID: 69c9765a6b40b3b604393fbc8ecf60b9776fe9a7a1793e5cd1b55a2f3c7f1bd0
Opcode Fuzzy Hash: 5921694d921020da725de9eabe25f2769fa2f6a9da02aaaefb841110e60be66b
Instruction Fuzzy Hash: 07310734A04718AFFF35CB69CC097FE7BA5AB89310F09431AE48D962D1C3758985877A

Function 00D37674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00D3769A
GetWindowRect.USER32(?,?), ref: 00D37710
PtInRect.USER32(?,?,00D38B89), ref: 00D37720
MessageBeep.USER32(00000000), ref: 00D3778C

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 5b51fff253dbac9df26f45cbc94ec69b1fa6bd2bb91d8c218a97e9bb783704f6
Instruction ID: a7e7b7517c306ed1e22019907278597f0f08dbf9d67dd790103e8d276135ae9c
Opcode Fuzzy Hash: 5b51fff253dbac9df26f45cbc94ec69b1fa6bd2bb91d8c218a97e9bb783704f6
Instruction Fuzzy Hash: 31419CB8605A14AFCB21CF58C895EA977F4FB49310F1841A8E524DB361D330E942CFB0

Function 00D316DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00D316EB

Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65

GetCaretPos.USER32(?), ref: 00D316FF
ClientToScreen.USER32(00000000,?), ref: 00D3174C
GetForegroundWindow.USER32 ref: 00D31752

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: d6e7b22bf1bee106ff7cb56a96010d0b87db30a7f6a3bc1e5e0dc56c79be9fe8
Instruction ID: 8451a7a67ffe4380131ae7fd3e1195ded95e879980455a8cdd3c04a4ba1d55f4
Opcode Fuzzy Hash: d6e7b22bf1bee106ff7cb56a96010d0b87db30a7f6a3bc1e5e0dc56c79be9fe8
Instruction Fuzzy Hash: B33121B5D00249AFC704DFA9C881DAEB7FDEF49308B548069E415E7251D731DE45CBA0

Function 00D0DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625

_wcslen.LIBCMT ref: 00D0DFCB
_wcslen.LIBCMT ref: 00D0DFE2
_wcslen.LIBCMT ref: 00D0E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D0E018

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 6d053d4cb8426ba626b697559ca62fc9a69f130fff3b75792a2c86f4ee6a6ac8
Instruction ID: 1022c953b93be3e2f128c6bfb6e584d239367b96cd97e30c80089632c783a41f
Opcode Fuzzy Hash: 6d053d4cb8426ba626b697559ca62fc9a69f130fff3b75792a2c86f4ee6a6ac8
Instruction Fuzzy Hash: 7D218371900215AFCB209FA8D981BAEB7F8EF45750F148069F809BB385D6709E41DBB1

Function 00D0D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00D0D501
Process32FirstW.KERNEL32(00000000,?), ref: 00D0D50F
Process32NextW.KERNEL32(00000000,?), ref: 00D0D52F
CloseHandle.KERNEL32(00000000), ref: 00D0D5DC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: e425955eba78c13c3cb1d3f7a40040d61003336ea2eb41bcb4c78ed735b779d0
Instruction ID: 0cc403b23023b19200f5f6bc90626b6333adc13047e4deeb2e5b1b9fe9f383d6
Opcode Fuzzy Hash: e425955eba78c13c3cb1d3f7a40040d61003336ea2eb41bcb4c78ed735b779d0
Instruction Fuzzy Hash: B83191721083019FD300EF64CC85BAFBBE8EF9A358F14092DF585961E1EB719945DBA2

Function 00D38FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

GetCursorPos.USER32(?), ref: 00D39001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00CF7711,?,?,?,?,?), ref: 00D39016
GetCursorPos.USER32(?), ref: 00D3905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00CF7711,?,?,?), ref: 00D39094

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: b724280f7d33b0b56683d51e90b144626d33fe0d03030d40b44ec930501547f5
Instruction ID: 6febfcf3a58037e3d795d3e2a8ef8a029e766f2808a8969ce8e792a1c773d0d2
Opcode Fuzzy Hash: b724280f7d33b0b56683d51e90b144626d33fe0d03030d40b44ec930501547f5
Instruction Fuzzy Hash: 5D21D135600218EFCB298FA8CC68EFABBB9EF49350F084155F90597261D3719990EB70

Function 00D0D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00D3CB68), ref: 00D0D2FB
GetLastError.KERNEL32 ref: 00D0D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00D0D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00D3CB68), ref: 00D0D376

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 84fe7038ce901278ec9adea052c51c1fb508f1cf92e838f707b9c4023189f44d
Instruction ID: cb3d848ac8845574e81ed7bf22e6a401ffc7d8ed81416e5e0e7ab5c14a1e370f
Opcode Fuzzy Hash: 84fe7038ce901278ec9adea052c51c1fb508f1cf92e838f707b9c4023189f44d
Instruction Fuzzy Hash: 0D21A1705093029FC700DFA8C88196BB7E4EE56368F544A1EF499D32E1D730D94ACBA3

Function 00D01571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00D01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D0102A
Part of subcall function 00D01014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D01036
Part of subcall function 00D01014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01045
Part of subcall function 00D01014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D0104C
Part of subcall function 00D01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D015BE
_memcmp.LIBVCRUNTIME ref: 00D015E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D01617
HeapFree.KERNEL32(00000000), ref: 00D0161E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: f56aa0ba45121b4dae35286a5882b991bbbe83309d163d2e49ea035d322f675e
Instruction ID: d5ce3e44ec7419aafafe9457bacfdd62a530c2bb165ecac8ee4ed3edb9a64e0d
Opcode Fuzzy Hash: f56aa0ba45121b4dae35286a5882b991bbbe83309d163d2e49ea035d322f675e
Instruction Fuzzy Hash: 52217832E00208AFDB14DFA4CD49BEEB7B8EF44344F084459E449AB281E731AA45DBA0

Function 00D32782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00D3280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D32824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D32832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00D32840

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: e87eabe17dbb468a43683093dcaf82d8510b4be9a2faaa7fe2a611b0f5b5f160
Instruction ID: 36dad5dfa52540e9ac41b126f5cc85e0585585a6d4b9ffc93bab044e5a85c446
Opcode Fuzzy Hash: e87eabe17dbb468a43683093dcaf82d8510b4be9a2faaa7fe2a611b0f5b5f160
Instruction Fuzzy Hash: C121A131A05611AFD7149B24C855FBA7BA5EF45324F188158F466CB6E2C771FC42C7A0

Function 00D078F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00D08D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00D0790A,?,000000FF,?,00D08754,00000000,?,0000001C,?,?), ref: 00D08D8C
Part of subcall function 00D08D7D: lstrcpyW.KERNEL32(00000000,?,?,00D0790A,?,000000FF,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D08DB2
Part of subcall function 00D08D7D: lstrcmpiW.KERNEL32(00000000,?,00D0790A,?,000000FF,?,00D08754,00000000,?,0000001C,?,?), ref: 00D08DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D07923
lstrcpyW.KERNEL32(00000000,?,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D07949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D07984

Strings

cdecl, xrefs: 00D0797B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 54a470129c76bf7bbb9cf86738d7e52962cc9eda2728933e27caa17e589f0904
Instruction ID: 4466659afdc102487063e6467e2234823562ab4f5e7c937ce8702609eebb3f18
Opcode Fuzzy Hash: 54a470129c76bf7bbb9cf86738d7e52962cc9eda2728933e27caa17e589f0904
Instruction Fuzzy Hash: E211B43A600341AFCB155F34D845EBA77A9FF45350B54402AE94ACB3A4EB71D811DBB1

Function 00D37CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00D37D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00D37D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00D37D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00D1B7AD,00000000), ref: 00D37D6B

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: c1c803b10b84db20d3f646f3ee8b194363f563b92a6b06eae16aeb36601714c5
Instruction ID: d5fec4c01086028f394e7e785c56d51006ea8335b696b57b6c23220b6dcbae36
Opcode Fuzzy Hash: c1c803b10b84db20d3f646f3ee8b194363f563b92a6b06eae16aeb36601714c5
Instruction Fuzzy Hash: 2511DF72214A54EFCB208F28DC04AA63BA4AF45360F198324F939D72F0E730C952DB60

Function 00D35660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00D356BB
_wcslen.LIBCMT ref: 00D356CD
_wcslen.LIBCMT ref: 00D356D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00D35816

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 8e3cee7695ab8403a1fe5e4efdf58eded2e4064fb7fc0dc11e9c32414fa13e97
Instruction ID: 1de56c36121b1cc5f402d2ae7ed4cb29e21f511457c8d8dfc8adde96e67541ca
Opcode Fuzzy Hash: 8e3cee7695ab8403a1fe5e4efdf58eded2e4064fb7fc0dc11e9c32414fa13e97
Instruction Fuzzy Hash: A9110075A00618A6DB20DF65EC82AEE37ACEF01760F14802AF905D6085EB70CA80CF70

Function 00CD1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91167e43004a3fd883f71c2e6166237d2896176683f9411582d4c894a04cc98b
Instruction ID: de08eed3570e99e06defa1b15a91bf6fc4fdfae91394eebc5c25ad352a9d7339
Opcode Fuzzy Hash: 91167e43004a3fd883f71c2e6166237d2896176683f9411582d4c894a04cc98b
Instruction Fuzzy Hash: DC014FB26097167EF62226786CC1F67661EDF513B8B381327FB32A13D2DB608D40A170

Function 00D01A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00D01A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A8A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 096e13cb119c49c7a2f2d56afada9fb63130da9762c9a602e74a6d9882d152aa
Instruction ID: 6b061dcd810ea03a11c46235013cec7d16eb44a48767dfbdb25c8ed4a84c0c3d
Opcode Fuzzy Hash: 096e13cb119c49c7a2f2d56afada9fb63130da9762c9a602e74a6d9882d152aa
Instruction Fuzzy Hash: 8711FA3AA01219FFEB119BA5CD85FADBB78EB04754F200091E604B7290D6716E51DBA4

Function 00D0E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D0E1FD
MessageBoxW.USER32(?,?,?,?), ref: 00D0E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00D0E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00D0E24D

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 0361c4ad605c399c426a0455df0b45232291e7831d20c6132a3cf121f491e8a4
Instruction ID: cfb620cb10dd0b0855ab46921476a02eb59ce51bc2520d0621b3428cc1decf4f
Opcode Fuzzy Hash: 0361c4ad605c399c426a0455df0b45232291e7831d20c6132a3cf121f491e8a4
Instruction Fuzzy Hash: 7C11AD76904358BBC7019BA8AC09B9A7BACAB45324F044769F929E3391E6B0C94487B0

Function 00CCD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00CCCFF9,00000000,00000004,00000000), ref: 00CCD218
GetLastError.KERNEL32 ref: 00CCD224
__dosmaperr.LIBCMT ref: 00CCD22B
ResumeThread.KERNEL32(00000000), ref: 00CCD249

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: 8d1003379ca001ec579ebf3d3dbf06b1654ad2e1d3f5bce846d37f11369c8d48
Instruction ID: 70f1bee55d6ebb65f382c6a4ed949c79743a96c68afed9093278f78a5aebf20f
Opcode Fuzzy Hash: 8d1003379ca001ec579ebf3d3dbf06b1654ad2e1d3f5bce846d37f11369c8d48
Instruction Fuzzy Hash: 7A01D276805204BBCB216BA5DC09FAE7A6DDF81331F20022DF926921D0CB70CD41E7A0

Function 00D39EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2

GetClientRect.USER32(?,?), ref: 00D39F31
GetCursorPos.USER32(?), ref: 00D39F3B
ScreenToClient.USER32(?,?), ref: 00D39F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00D39F7A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 269445e9ac1f1f9a69b97390e2f9aa8929f7229be12f029eb540ce8285d0950b
Instruction ID: 842ff8c07b2eaf0848c102b162dcf2ff82537b06ed6aef78f2e998af8b93878e
Opcode Fuzzy Hash: 269445e9ac1f1f9a69b97390e2f9aa8929f7229be12f029eb540ce8285d0950b
Instruction Fuzzy Hash: 8411573690021AABDB10EFA8C899DEEB7B8FF05311F004551F911E3250D770BA81CBB1

Function 00CA600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
GetStockObject.GDI32(00000011), ref: 00CA6060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: db2fc674cf4ab2decdb47301fdf39f11bb32fe5736b91ff9ae8e3a64c6d74b89
Instruction ID: 6fc763c7b98d5a62b3269d98f9b68ede8520827371c0c5d409bc46cf1a7a55fb
Opcode Fuzzy Hash: db2fc674cf4ab2decdb47301fdf39f11bb32fe5736b91ff9ae8e3a64c6d74b89
Instruction Fuzzy Hash: D611617250164ABFEF124FA49C45EEABF69EF09398F050215FA1492110D7329DA0EBA4

Function 00CC3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00CC3B56

Part of subcall function 00CC3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00CC3AD2
Part of subcall function 00CC3AA3: ___AdjustPointer.LIBCMT ref: 00CC3AED

_UnwindNestedFrames.LIBCMT ref: 00CC3B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00CC3B7C
CallCatchBlock.LIBVCRUNTIME ref: 00CC3BA4

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 50cfa37b2020b7fe82f3beca904313014b8739cd062866351e8570080e37d389
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: E0010C32100189BBDF125E95DC46EEB7F7EEF58754F048018FE5896121C732E961EBA0

Function 00CD3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00CA13C6,00000000,00000000,?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue), ref: 00CD30A5
GetLastError.KERNEL32(?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue,00D42290,FlsSetValue,00000000,00000364,?,00CD2E46), ref: 00CD30B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue,00D42290,FlsSetValue,00000000), ref: 00CD30BF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 8539b6737afcaef4e2887e9c3a5b11c39b0c45278b06f7953506ed67160a5d92
Instruction ID: e64f0b9406c5c596ce4357ed7eea4688d6e0a45d846cc5ef5c1cd7406fd38d20
Opcode Fuzzy Hash: 8539b6737afcaef4e2887e9c3a5b11c39b0c45278b06f7953506ed67160a5d92
Instruction Fuzzy Hash: 49012B36311362ABCB314B79AC449577B98AF45B61B140621FB15F3380D721EA01C7F1

Function 00D07464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00D0747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00D07497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00D074AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00D074CA

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 3b9fef2a1edb097ad38900ba9353de3d0b36bfc76c7c2c4cbdad6cdfa985f4ac
Instruction ID: 05c20d061389f11af8cfd0f0a11012cd28502c534bc628186ed6d5f7470a99d4
Opcode Fuzzy Hash: 3b9fef2a1edb097ad38900ba9353de3d0b36bfc76c7c2c4cbdad6cdfa985f4ac
Instruction Fuzzy Hash: 2E1180B5A05315AFE7208F54EC09F927FFCEB00B04F108569A65AEA191D7B0F904DB70

Function 00D0B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B126

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 7617ff0a15e48bbace7e6127c23c287aba3dc757e50347794fad70956f549c46
Instruction ID: bb790c3e7c60658f9020b5543013f488875f311db1a743785d700f4696d5265e
Opcode Fuzzy Hash: 7617ff0a15e48bbace7e6127c23c287aba3dc757e50347794fad70956f549c46
Instruction Fuzzy Hash: 26113C31D05718D7CF009FA4D9587EEBB78FF1A721F104086D945B2281CB7095509B72

Function 00D37E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00D37E33
ScreenToClient.USER32(?,?), ref: 00D37E4B
ScreenToClient.USER32(?,?), ref: 00D37E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D37E8A

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 2dd7b1d4ed96d6bf489647303292a94ecd5b3b907cd8e40887aa5e420260e1e4
Instruction ID: 7981f2fba38670bf76f2717fb3a5f99905de72dad33337a22414c34807630f78
Opcode Fuzzy Hash: 2dd7b1d4ed96d6bf489647303292a94ecd5b3b907cd8e40887aa5e420260e1e4
Instruction Fuzzy Hash: 1F1143B9D0020AAFDB51CF98C8849EEBBF5FB08310F505056E915E2210D735AA55CF60

Function 00D02DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D02DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00D02DD6
GetCurrentThreadId.KERNEL32 ref: 00D02DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D02DE4

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 6d833fb474ba774ac9e27776e06e838e0ca1a882e620d7a819e1da7d95deaac0
Instruction ID: 627a46026a9c8e80171f92ba161ec65b0e73296ffd2a0de8f05596f87dbf832e
Opcode Fuzzy Hash: 6d833fb474ba774ac9e27776e06e838e0ca1a882e620d7a819e1da7d95deaac0
Instruction Fuzzy Hash: 9CE092716123247BDB201B729C0EFFB3E6CEF42BA1F041015F109E11909AA4C840C7F0

Function 00D38863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00CB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96A2
Part of subcall function 00CB9639: BeginPath.GDI32(?), ref: 00CB96B9
Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00D38887
LineTo.GDI32(?,?,?), ref: 00D38894
EndPath.GDI32(?), ref: 00D388A4
StrokePath.GDI32(?), ref: 00D388B2

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: cdbd167efcdfef795879ff015df212bfc92b56f8dbf1eac3cf00909374924c55
Instruction ID: 4229e7b4008b76d762b654967f62d21e5ee42b8a24c6416ec23341f02751d7b2
Opcode Fuzzy Hash: cdbd167efcdfef795879ff015df212bfc92b56f8dbf1eac3cf00909374924c55
Instruction Fuzzy Hash: A4F03A36055758BADB125F98AC09FCA3B69AF06310F088100FB12B52E2C7B55551DFF5

Function 00CB98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00CB98CC
SetTextColor.GDI32(?,?), ref: 00CB98D6
SetBkMode.GDI32(?,00000001), ref: 00CB98E9
GetStockObject.GDI32(00000005), ref: 00CB98F1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 99115a795775c9fc74cfa0b62cf9a11f312b87d53dee56a339c08dfc1fb770a0
Instruction ID: 51f3b0ed170682a5fe63536b5c9666f338cb21fd7fac9fe836569c064d4e7372
Opcode Fuzzy Hash: 99115a795775c9fc74cfa0b62cf9a11f312b87d53dee56a339c08dfc1fb770a0
Instruction Fuzzy Hash: A6E06531254744AADB215B74EC09BE83F10EB11375F049319F7F9A41E1C3724640DB21

Function 00D0162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00D01634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00D011D9), ref: 00D0163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00D011D9), ref: 00D01648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00D011D9), ref: 00D0164F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 0b7e5ab564a8984e0351e3a482787ed0442bd6bacfc226fb8971a64c416e7bb9
Instruction ID: 7b8fc1c1c8602545a25564c9920689b00ca609e522f88515d01a987679d71fa4
Opcode Fuzzy Hash: 0b7e5ab564a8984e0351e3a482787ed0442bd6bacfc226fb8971a64c416e7bb9
Instruction Fuzzy Hash: B8E08C36612311EBD7301FA0AE0DB873B7CAF44792F188808F249E9080E7348444CB74

Function 00CFD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00CFD858
GetDC.USER32(00000000), ref: 00CFD862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CFD882
ReleaseDC.USER32(?), ref: 00CFD8A3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 0ad12e34c14c58922ae02c7b970ea77c06a5b2da40cb010ff55343ace5f4b10a
Instruction ID: 277a280f43b3b21ebd874f32cbeb362800718645effb782d4908eeeadf373eea
Opcode Fuzzy Hash: 0ad12e34c14c58922ae02c7b970ea77c06a5b2da40cb010ff55343ace5f4b10a
Instruction Fuzzy Hash: DCE01AB1810305DFCB41AFA1D84D66DBBB2FB08310F109009F846F7360D7388901AF60

Function 00CFD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00CFD86C
GetDC.USER32(00000000), ref: 00CFD876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CFD882
ReleaseDC.USER32(?), ref: 00CFD8A3

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 3ae09b8265559444941ff7070d662719112ada7c6980c8599a70e348aeedcf05
Instruction ID: 0d34a8d7be79c6598d4450e52170f660835ba03f1741a622ab10595385112e69
Opcode Fuzzy Hash: 3ae09b8265559444941ff7070d662719112ada7c6980c8599a70e348aeedcf05
Instruction Fuzzy Hash: 45E012B1810304EFCB40AFA0D84D66DBBB1BB08310F10A008F84AF7360DB389901AF60

Function 00D14D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00D14ED4

Strings

*, xrefs: 00D14E10
LPT, xrefs: 00D14DFB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 401f1a8e9ae0a84c2a6d5fb4279e6813201ad43cd548f0cabbe903ec018e907f
Instruction ID: d23c2c9ecd1ef3002fc0483317c62d0cf95c1b77b26bf644f0360bd7d42d0d17
Opcode Fuzzy Hash: 401f1a8e9ae0a84c2a6d5fb4279e6813201ad43cd548f0cabbe903ec018e907f
Instruction Fuzzy Hash: 63915175A00205AFCB14DF58D484EEABBF1BF45308F198099E4459F352DB35ED86CB60

Function 00CCE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00CCE30D

Strings

pow, xrefs: 00CCE2E5, 00CCE302

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 043009a4813db92cc64d7793e719c56cb527b1ae7c1005633e97801a9ecf295d
Instruction ID: 924bdefaf34d657871346e78faa073d176ff832918a35d0f89ffc17dd8b69e08
Opcode Fuzzy Hash: 043009a4813db92cc64d7793e719c56cb527b1ae7c1005633e97801a9ecf295d
Instruction Fuzzy Hash: 7A515C61A0C3029ACB157B14C901B7A3BA4AF42740F744E9EF5E5823F9FB348D95AA46

Function 00CBE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00CBE1B1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 54330777d9d696ae9c3f6555ee07e1950a6e992eabbcec26d1619e56307b1086
Instruction ID: 612820167b9c31bc5b9d03414d6ebdae3445f6078f47cba7bec5eeb86c202f07
Opcode Fuzzy Hash: 54330777d9d696ae9c3f6555ee07e1950a6e992eabbcec26d1619e56307b1086
Instruction Fuzzy Hash: 5751593550434ADFDB15EF68C081AFA7BA4EF16710F244066FD619B2E0D7349E42DBA2

Function 00CBF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00CBF2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00CBF2BB

Strings

@, xrefs: 00CBF2AF

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: f909c854986455cf5ca09f9424480250b631ad3daf1bf8ed665fed04b3698a00
Instruction ID: e2d1cbc1bb6b6581b1653929f96de6dd6480934e84ede9c5e8a52f61f4898f5b
Opcode Fuzzy Hash: f909c854986455cf5ca09f9424480250b631ad3daf1bf8ed665fed04b3698a00
Instruction Fuzzy Hash: 445134724087499FD320AF54DC86BABBBF8FB85304F81885DF199811A5EB708529CB66

Function 00D25745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00D257E0
_wcslen.LIBCMT ref: 00D257EC

Strings

CALLARGARRAY, xrefs: 00D257E6, 00D257EB

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 75a05f53ad2d4cb6138b325071b3db1c6f82c99422cb62c39acaa138def071ca
Instruction ID: e4de321e68d12cc4717815a2207614e6bdb2a89b2519fa7b17fc277d8c643822
Opcode Fuzzy Hash: 75a05f53ad2d4cb6138b325071b3db1c6f82c99422cb62c39acaa138def071ca
Instruction Fuzzy Hash: D141A131A001199FCB04DFA8E881DAEFBB5FF69318F144029E505A7295D770DD81DBA0

Function 00D1D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D1D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00D1D13A

Strings

|, xrefs: 00D1D10B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 768de2e701f369b616a4a68d7673ef23b5d7dc4efaacc3f44ff3616bccf1d57d
Instruction ID: 6218b5b6783c23dcccf9751c709389e479265025691869224ce40ec7effab1d2
Opcode Fuzzy Hash: 768de2e701f369b616a4a68d7673ef23b5d7dc4efaacc3f44ff3616bccf1d57d
Instruction Fuzzy Hash: 21311971D00219BBCF15EFE4DC85AEEBFBAFF05304F040019E815A6166DB35AA46DB60

Function 00D3356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00D33621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00D3365C

Strings

static, xrefs: 00D335BC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 599b13124aeff6dcdaafcb46492999a3f9f1cabaa6fc9598dc5c1ecbe83e9a55
Instruction ID: 1cef76c26efa56ae50b742cc477caf4f4f7b7448adb5408c99d54fc0f0708fbf
Opcode Fuzzy Hash: 599b13124aeff6dcdaafcb46492999a3f9f1cabaa6fc9598dc5c1ecbe83e9a55
Instruction Fuzzy Hash: A9319A72110204AEDB209F68DC81EFB73A9FF88764F149619F8A5D7290DA30ED91DB70

Function 00D34537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00D3461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D34634

Strings

', xrefs: 00D3458E

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 21be11103693d6397f0957937303ca494949176b6705a4c6ab20af3f277c685f
Instruction ID: 7ba6ffa81d72a3ddfec19cbbac4027bbb4b3dc8f20bbb2f72f495fd593a3d120
Opcode Fuzzy Hash: 21be11103693d6397f0957937303ca494949176b6705a4c6ab20af3f277c685f
Instruction Fuzzy Hash: 8D312575A0130A9FDB14CFA9C981BDABBB5FF09300F14406AE904AB391E774E941CFA0

Function 00D331EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00D3327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D33287

Strings

Combobox, xrefs: 00D33249

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 54241be1e0c340c22dd320259f3a1c341b625db206acfbe20eb58f1030204191
Instruction ID: cdb64d383a8ac77db60958c81e7c06029cd3f6171ed9fe2f6629da51181c8d07
Opcode Fuzzy Hash: 54241be1e0c340c22dd320259f3a1c341b625db206acfbe20eb58f1030204191
Instruction Fuzzy Hash: E711E2753002087FEF219F54DD81EBB376AEB943A4F140228F918DB290D6319D618770

Function 00D33710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00CA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
Part of subcall function 00CA600E: GetStockObject.GDI32(00000011), ref: 00CA6060
Part of subcall function 00CA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A

GetWindowRect.USER32(00000000,?), ref: 00D3377A
GetSysColor.USER32(00000012), ref: 00D33794

Strings

static, xrefs: 00D33757

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 6afa73490b0f6e7fe2759abc18eab60b28c3b853b7185c8be4e0e13ff0fe7a18
Instruction ID: 3f1c512968133706c21444c71cec612f36b6c7b465f68b1b42b7baf413a7b68b
Opcode Fuzzy Hash: 6afa73490b0f6e7fe2759abc18eab60b28c3b853b7185c8be4e0e13ff0fe7a18
Instruction Fuzzy Hash: 901137B261020AAFDF00DFA8CD46EFA7BB8FB08354F045914F955E2250E775E861DB60

Function 00D1CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00D1CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00D1CDA6

Strings

<local>, xrefs: 00D1CD66

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 33f24b611ed72f4d3606d8ff525e1411b4655ccef08b984f823c3d73b0e84a57
Instruction ID: c47936c6f93446e113ff99edb601ac8b2b38f5ce52851bb97e4c250328d0c387
Opcode Fuzzy Hash: 33f24b611ed72f4d3606d8ff525e1411b4655ccef08b984f823c3d73b0e84a57
Instruction Fuzzy Hash: 8E11C6B12A56317AD7344B66BC45EE7BE6CEF127A4F005226B549D3180DB709881D6F0

Function 00D33429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00D334AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00D334BA

Strings

edit, xrefs: 00D3348F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 1cdbfd97c3531672ac8069af41916cd61ef7328c90d894561dce38ef8250e6d5
Instruction ID: cee2b31fcd50e6f8810a1cf585c67848a28b6c39bc8361c39bae8a9024befc69
Opcode Fuzzy Hash: 1cdbfd97c3531672ac8069af41916cd61ef7328c90d894561dce38ef8250e6d5
Instruction Fuzzy Hash: BE118C71100208AFEB228F64DD44AAB376AEB05378F544324F965E32E0C771DCA19B70

Function 00D06C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

CharUpperBuffW.USER32(?,?,?), ref: 00D06CB6
_wcslen.LIBCMT ref: 00D06CC2

Strings

STOP, xrefs: 00D06CBC, 00D06CC1

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: e49834979176e06021e37826151fb49a441dcd6fff734e437f9f9e2b76037d8f
Instruction ID: 5046c9626966f31829b48e0c3008aef2515cf9be671c859b9e71d7fc23eb1460
Opcode Fuzzy Hash: e49834979176e06021e37826151fb49a441dcd6fff734e437f9f9e2b76037d8f
Instruction Fuzzy Hash: 8A012232A005278BDB20AFBDDC81BBF3BB4EF61714B040528E866972D0EB31D860C670

Function 00D01CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00D01D4C

Strings

ComboBox, xrefs: 00D01CEB
ListBox, xrefs: 00D01D16

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 7e927d2c535f67771c56b3bccf5bcacdf7ce2bfd2f2734a48d7469f86e9d80b6
Instruction ID: 7fc9003d59de370618befe3fde8f8f272cd8a048a6546a9b3e799837d2f91266
Opcode Fuzzy Hash: 7e927d2c535f67771c56b3bccf5bcacdf7ce2bfd2f2734a48d7469f86e9d80b6
Instruction Fuzzy Hash: 1B01D875601225ABCB04EBA4CC56EFE7368EB47354F040619F876673D1EA3099089770

Function 00D01BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00D01C46

Strings

ComboBox, xrefs: 00D01BE5
ListBox, xrefs: 00D01C10

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: d1f85fc47ac46eb95d619b6ac83c6335c9de79d1b4763da33441da00677423c9
Instruction ID: 07a5920c1f55ad450828bba99e33109c51c9c1de6d8d8a9ee527238ef51c7acb
Opcode Fuzzy Hash: d1f85fc47ac46eb95d619b6ac83c6335c9de79d1b4763da33441da00677423c9
Instruction Fuzzy Hash: C101A7757811056BDB08EB90C956BFFB7A8DB12344F140019F41A772C1EA24DE4C96B5

Function 00D01C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00D01CC8

Strings

ComboBox, xrefs: 00D01C69
ListBox, xrefs: 00D01C94

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 4635c823b3aafa4447b21a6ea0fe4f3dffe2311b9f020ac2bbf0e5975787b581
Instruction ID: a586625bec0257a22d38af50f10fbaeb1de5f9ed347b01ee4788ae76e42d6643
Opcode Fuzzy Hash: 4635c823b3aafa4447b21a6ea0fe4f3dffe2311b9f020ac2bbf0e5975787b581
Instruction Fuzzy Hash: 2C01D675B801196BEB04EBA5CA16BFEB3ACDB12384F140015B80AB32C1EA70DF08D675

Function 00D01D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD

Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00D01DD3

Strings

ComboBox, xrefs: 00D01D75
ListBox, xrefs: 00D01DA0

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 937c007ab13047fecbc3d6580ebd279f82c54f3e07f95fa0ae49b95a999053f4
Instruction ID: 33491e622ab4fdb80838f1f45d4be9df473f75f60a59f2f12db7a867116c5fb3
Opcode Fuzzy Hash: 937c007ab13047fecbc3d6580ebd279f82c54f3e07f95fa0ae49b95a999053f4
Instruction Fuzzy Hash: 80F0A475B516156BDB04E7A4CC56BFE776CEB02358F040915F866A72C1DA70990C9270

Function 00D2747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00D27493
_wcslen.LIBCMT ref: 00D274B9

Strings

3, 3, 16, 1, xrefs: 00D27483

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 9919a41b3de19afba31e62a804d2710c24c17259c8915673f3ca82edc1bbf1d8
Instruction ID: 1a047bf6fb8894682a43e2d390f5201abb051282355e0c97b9187f84e8f15203
Opcode Fuzzy Hash: 9919a41b3de19afba31e62a804d2710c24c17259c8915673f3ca82edc1bbf1d8
Instruction Fuzzy Hash: F5E02B026042301092353279FCC1EBF568DCFD6754714182FF981C2266EAA4CD93A3B0

Function 00D00B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00D00B23

Strings

Error allocating memory., xrefs: 00D00B1C
AutoIt, xrefs: 00D00B17

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: f0b2aac831c4cbcc57c31c1649d694ba49101e4f35936b0db31f290a49b3177c
Instruction ID: 5cebbeda0eefabdb72e7b50456d4ea0c2d1b5d535933b810f8b6b6b2dbdb3992
Opcode Fuzzy Hash: f0b2aac831c4cbcc57c31c1649d694ba49101e4f35936b0db31f290a49b3177c
Instruction Fuzzy Hash: 53E0DF322943183AD2143794BC03FC97A848F05B61F10042EFB98A56C38AE264902BB9

Function 00CC0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00CBF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00CC0D71,?,?,?,00CA100A), ref: 00CBF7CE

IsDebuggerPresent.KERNEL32(?,?,?,00CA100A), ref: 00CC0D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00CA100A), ref: 00CC0D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00CC0D7F

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: fd52611ed9ffd2189174ac1855d200638a2efc8b035c7b9021c1e9738d2a91cd
Instruction ID: 6469c54dd53a937c9d3a5914ee781518d5cf5d5ffaa3fe8551d0e49d3cf2cec4
Opcode Fuzzy Hash: fd52611ed9ffd2189174ac1855d200638a2efc8b035c7b9021c1e9738d2a91cd
Instruction Fuzzy Hash: 00E06D742007118BD3209FB8D8087427BE0AB00744F104A6DE886D6751DBB4E4848BA1

Function 00D13017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00D1302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00D13044

Strings

aut, xrefs: 00D13038

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: cdea82cefd5bbaeecf39b68d0c2851d9d6ae26db6997c9ac8ab201129811d637
Instruction ID: e637c6d61a73a2ba9effc98ebd82e63ab9f1a8bf225b0146c120a43be6eda844
Opcode Fuzzy Hash: cdea82cefd5bbaeecf39b68d0c2851d9d6ae26db6997c9ac8ab201129811d637
Instruction Fuzzy Hash: 9BD05E765003286BDA20A7A4AC0EFCB3A6CDB05750F0002A1BA55E2191DAB0D984CBE4

Function 00CFD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00CFD220

Strings

X64, xrefs: 00CFD2A8
%.3d, xrefs: 00CFD22B

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: 47566c175de3756d3829ac0cce003d28584e62ea2f8d81dbab2da113b2cfa1d0
Instruction ID: b5832b0183d19afbb4bbcf4772c6bc3bc00edb8d8e6f7df8de5274ede666ada4
Opcode Fuzzy Hash: 47566c175de3756d3829ac0cce003d28584e62ea2f8d81dbab2da113b2cfa1d0
Instruction Fuzzy Hash: 80D012A180810CEACBD097D2DC458FAB37DAB18301F508452FA07E1140E624C90867A3

Function 00D32356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D3236C
PostMessageW.USER32(00000000), ref: 00D32373

Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3

Strings

Shell_TrayWnd, xrefs: 00D32365

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 8fed50e796ee3a5ae519efbd102c6e9fd11a5d23cb9fc7a52532c72748717051
Instruction ID: 400ecca2a56c477a1bdb346ccf986838beb86c932390a8d06c149f2e48b50d13
Opcode Fuzzy Hash: 8fed50e796ee3a5ae519efbd102c6e9fd11a5d23cb9fc7a52532c72748717051
Instruction Fuzzy Hash: F4D0C9323913107BE664A770AC0FFC676149B05B10F1059167645FA2E0C9A0A8058B74

Function 00D32322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D3232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00D3233F

Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3

Strings

Shell_TrayWnd, xrefs: 00D32325

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 073d4945b70a41aa7da866c418609e28697394de21e4e3e277e5eb463dab5db7
Instruction ID: c738f89cd80bfd3dc83ef20b62d93f8361cac4145089b47b2c57e12c84f36fd6
Opcode Fuzzy Hash: 073d4945b70a41aa7da866c418609e28697394de21e4e3e277e5eb463dab5db7
Instruction Fuzzy Hash: 41D012363A4310BBE664B770EC0FFC67A149B00B10F1059167749FA2E0C9F0A805CB74

Function 00CDBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00CDBE93
GetLastError.KERNEL32 ref: 00CDBEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CDBEFC

Memory Dump Source

Source File: 00000000.00000002.3020878726.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true

Associated: 00000000.00000002.3020862819.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020937124.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3020988423.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3021006718.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ca0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 3d5b9a02d78cb0b0d1397a393c120dd168a3abd433f95353094fa9dffeb7c23f
Instruction ID: 1f89d2de916a46d38d4810aa65b634c1e48f9b8bd1c2cfad081ef6b18197f507
Opcode Fuzzy Hash: 3d5b9a02d78cb0b0d1397a393c120dd168a3abd433f95353094fa9dffeb7c23f
Instruction Fuzzy Hash: 6E41B539604346EFCF21CFA5CD54BBA7BA5AF41310F16416AFA69973A1DB308E01DB60

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.72

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Static File Info

General

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre