Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1527622
MD5:	ee95257864261011ce46fdca8c9dcfcf
SHA1:	13e0544afc7a0b615f82a1920647148bd0271fa8
SHA256:	169284dda6e1fe0900948e2120ad74394a7883af6f6a9a5f7e132789177c91aa
Tags:	exeuser-Bitsight
Infos:

Detection

Credential Flusher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Credential Flusher

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Found API chain indicative of sandbox detection

Machine Learning detection for sample

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7384 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EE95257864261011CE46FDCA8C9DCFCF)

taskkill.exe (PID: 7400 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7464 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7528 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7592 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7660 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2931810005.0000000000F88000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: file.exe PID: 7384	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security

String found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_83.13.dr	String found in binary or memory: https://accounts.google.com
Source: chromecache_83.13.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: chromecache_89.13.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_83.13.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: chromecache_83.13.dr	String found in binary or memory: https://families.google.com/intl/
Source: chromecache_89.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_89.13.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: chromecache_83.13.dr	String found in binary or memory: https://g.co/recover
Source: chromecache_83.13.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_83.13.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: chromecache_83.13.dr	String found in binary or memory: https://play.google/intl/
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/terms/location
Source: chromecache_83.13.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
Source: chromecache_89.13.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
Source: chromecache_83.13.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: chromecache_83.13.dr	String found in binary or memory: https://support.google.com/accounts?p=new-si-ui
Source: chromecache_83.13.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: chromecache_89.13.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_83.13.dr	String found in binary or memory: https://www.google.com
Source: chromecache_83.13.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_89.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: chromecache_83.13.dr	String found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
Source: chromecache_83.13.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: file.exe, 00000000.00000002.2931810005.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706799072.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: chromecache_83.13.dr	String found in binary or memory: https://youtube.com/t/terms?gl=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.4:49785 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A7EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00A7EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A7ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00A7ED6A

Source: C:\Users\user\Desktop\file.exe

0_2_00A7EAFF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A6AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

0_2_00A6AA57

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A99576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00A99576

System Summary

Binary is likely a compiled AutoIt script file

Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1684830650.0000000000AC2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_1e5403a7-2
Source: file.exe, 00000000.00000000.1684830650.0000000000AC2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_fb8b701d-1
Source: file.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_c8a27edc-e
Source: file.exe	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_259e2954-3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A6D5EB: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00A6D5EB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A61201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00A61201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A6E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00A6E8F6

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A08060	0_2_00A08060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A72046	0_2_00A72046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A68298	0_2_00A68298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E4FF	0_2_00A3E4FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3676B	0_2_00A3676B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94873	0_2_00A94873
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2CAA0	0_2_00A2CAA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0CAF0	0_2_00A0CAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CC39	0_2_00A1CC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36DD9	0_2_00A36DD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A091C0	0_2_00A091C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1B119	0_2_00A1B119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A21394	0_2_00A21394
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A21706	0_2_00A21706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2781B	0_2_00A2781B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A219B0	0_2_00A219B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A07920	0_2_00A07920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1997D	0_2_00A1997D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A27A4A	0_2_00A27A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A27CA7	0_2_00A27CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A21C77	0_2_00A21C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A39EEE	0_2_00A39EEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8BE44	0_2_00A8BE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A21F32	0_2_00A21F32

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A1F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A20A30 appears 46 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal64.troj.evad.winEXE@46/30@12/8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A737B5 GetLastError,FormatMessageW,

0_2_00A737B5

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A610BF AdjustTokenPrivileges,CloseHandle,		0_2_00A610BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A616C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00A616C3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A751CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00A751CD

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A8A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_00A8A67C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A7648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,

0_2_00A7648E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A042A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00A042A2

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:120:WilError_03

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A042DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A20A76 push ecx; ret

0_2_00A20A89

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00A1F98E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A91C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00A91C41

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\Desktop\file.exe

Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep

graph_0-95822

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7192			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: foregroundWindowGot 1777			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 3.3 %

Source: C:\Users\user\Desktop\file.exe TID: 7388

Thread sleep time: -71920s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Thread sleep count: Count: 7192 delay: -10

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00A6DBBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A768EE FindFirstFileW,FindClose,	0_2_00A768EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	0_2_00A7698F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00A6D076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00A6D3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A79642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00A79642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00A7979D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A79B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	0_2_00A79B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A75C97 FindFirstFileW,FindNextFileW,FindClose,	0_2_00A75C97

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A042DE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A7EAA2 BlockInput,

0_2_00A7EAA2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00A32622

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A042DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A24CE8 mov eax, dword ptr fs:[00000030h]

0_2_00A24CE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A60B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00A60B62

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00A32622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00A2083F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A209D5 SetUnhandledExceptionFilter,	0_2_00A209D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00A20C21

Source: C:\Users\user\Desktop\file.exe

0_2_00A61201

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A42BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00A42BA5

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A6B226 SendInput,keybd_event,

0_2_00A6B226

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A822DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

0_2_00A822DA

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00A60B62

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A61663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00A61663

Source: file.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A20698 cpuid

0_2_00A20698

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A78195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,

0_2_00A78195

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A5D27A GetUserNameW,

0_2_00A5D27A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A3BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00A3BB6F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A042DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00A042DE

Stealing of Sensitive Information

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2931810005.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7384, type: MEMORYSTR

Source: file.exe	Binary or memory string: WIN_81
Source: file.exe	Binary or memory string: WIN_XP
Source: file.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exe	Binary or memory string: WIN_XPe
Source: file.exe	Binary or memory string: WIN_VISTA
Source: file.exe	Binary or memory string: WIN_7
Source: file.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match	File source: 00000000.00000002.2931810005.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7384, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A81204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		0_2_00A81204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A81806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00A81806

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	2 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	2 Valid Accounts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	2 Process Injection	2 Valid Accounts	LSA Secrets	12 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	12 Virtualization/Sandbox Evasion	Cached Domain Credentials	12 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
play.google.com	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
accounts.youtube.com	0%	Virustotal	Browse
youtube-ui.l.google.com	0%	Virustotal	Browse
www3.l.google.com	0%	Virustotal	Browse
youtube.com	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://play.google/intl/	0%	URL Reputation	safe
https://families.google.com/intl/	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://policies.google.com/technologies/location-data	0%	URL Reputation	safe
https://apis.google.com/js/api.js	0%	URL Reputation	safe
https://policies.google.com/privacy/google-partners	0%	URL Reputation	safe
https://policies.google.com/terms/service-specific	0%	URL Reputation	safe
https://g.co/recover	0%	URL Reputation	safe
https://policies.google.com/privacy/additional	0%	URL Reputation	safe
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	0%	URL Reputation	safe
https://policies.google.com/technologies/cookies	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	0%	URL Reputation	safe
https://support.google.com/accounts?hl=	0%	URL Reputation	safe
https://policies.google.com/terms/location	0%	URL Reputation	safe
https://policies.google.com/privacy	0%	URL Reputation	safe
https://support.google.com/accounts?p=new-si-ui	0%	URL Reputation	safe
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	0%	URL Reputation	safe
https://youtube.com/t/terms?gl=	0%	Virustotal		Browse
https://www.google.com/intl/	1%	Virustotal		Browse
https://play.google.com/work/enroll?identifier=	0%	Virustotal		Browse
https://play.google.com/log?hasfast=true&authuser=0&format=json	0%	Virustotal		Browse
https://www.google.com/favicon.ico	0%	Virustotal		Browse
https://www.google.com	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true&authuser=0	0%	Virustotal		Browse
https://www.youtube.com/t/terms?chromeless=1&hl=	0%	Virustotal		Browse
https://play.google.com/log?format=json&hasfast=true	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youtube-ui.l.google.com	216.58.212.174	true	false	0%, Virustotal, Browse	unknown
www3.l.google.com	142.250.186.110	true	false	0%, Virustotal, Browse	unknown
play.google.com	142.250.185.142	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.217.16.196	true	false	0%, Virustotal, Browse	unknown
youtube.com	142.250.184.206	true	false	0%, Virustotal, Browse	unknown
accounts.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true&authuser=0	false	0%, Virustotal, Browse	unknown
https://www.google.com/favicon.ico	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?hasfast=true&authuser=0&format=json	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google/intl/	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://families.google.com/intl/	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://youtube.com/t/terms?gl=	chromecache_83.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/technologies/location-data	chromecache_83.13.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.google.com/intl/	chromecache_83.13.dr	false	1%, Virustotal, Browse	unknown
https://apis.google.com/js/api.js	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/google-partners	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://play.google.com/work/enroll?identifier=	chromecache_83.13.dr	false	0%, Virustotal, Browse	unknown
https://policies.google.com/terms/service-specific	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://g.co/recover	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy/additional	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/technologies/cookies	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_89.13.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_83.13.dr	false	0%, Virustotal, Browse	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_83.13.dr	false	0%, Virustotal, Browse	unknown
https://www.youtube.com/t/terms?chromeless=1&hl=	chromecache_83.13.dr	false	0%, Virustotal, Browse	unknown
https://support.google.com/accounts?hl=	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms/location	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://policies.google.com/privacy	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://support.google.com/accounts?p=new-si-ui	chromecache_83.13.dr	false	URL Reputation: safe	unknown
https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage	chromecache_83.13.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.142	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.110	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.184.206	youtube.com	United States	15169	GOOGLEUS	false
216.58.212.174	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527622
Start date and time:	2024-10-07 07:07:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal64.troj.evad.winEXE@46/30@12/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 38 Number of non-executed functions: 311
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.46, 74.125.206.84, 142.250.186.35, 34.104.35.123, 142.250.185.131, 172.217.16.195, 142.250.186.138, 142.250.186.106, 172.217.16.202, 216.58.212.138, 142.250.185.170, 216.58.206.42, 142.250.74.202, 142.250.185.138, 172.217.18.10, 216.58.206.74, 142.250.185.106, 142.250.185.74, 172.217.18.106, 142.250.184.202, 142.250.186.170, 142.250.185.202, 142.250.184.234, 142.250.185.234, 142.250.186.42, 142.250.181.234, 142.250.186.74, 216.58.212.170, 199.232.210.172, 192.229.221.95, 66.102.1.84, 142.250.74.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	file.exe	Get hash	malicious	Credential Flusher	Browse
	p7SnjaA8NN.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	TVyKPaL2h0.exe	Get hash	malicious	Amadey	Browse
	https://shorturl.at/5LwA8	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	8ObkdHP9Hq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc	Browse
	http://ser0xen.com/sucklemydicknigger.exe	Get hash	malicious	XWorm	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	https://maxask.com	Get hash	malicious	Unknown	Browse
	https://email.m.teachable.com/c/eJwszz3O6yAQheHV4NJiZjA_BcVtso1owOMYyZjIkLv-T47Sn0d6zxqTFQ6TRHC4aDLgaJLK5XhekqW8x7OsUSGCDcHRQggKcdpjELZb4ORzSAyrwUzJbgHE28XoDacSUaPRnjRYHQhm9M4s2iP7ZLOWpIyu8xDOO6dD5tzqdMR9jHdX9E_hQ-GjfoYc5dzaVXmUdvZyueW7rNI7v-QXR0QLenuXXbHz2j7nnMrJZxbUCMro133pK3veWzt-EMEZsO6G_yP-BQAA__8EPU-T	Get hash	malicious	Unknown	Browse

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Setup.exe	Get hash	malicious	LummaC	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	maizu v1.4.exe	Get hash	malicious	LummaC	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	AimBot.exe	Get hash	malicious	LummaC	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	injcheat.exe	Get hash	malicious	LummaC	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	cea5c9ffbf7c8ae9cf3f22399151956f3ee7145b95978.exe	Get hash	malicious	Unknown	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	file.exe	Get hash	malicious	Credential Flusher	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	p7SnjaA8NN.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	TVyKPaL2h0.exe	Get hash	malicious	Amadey	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	MPil9jkBPG.exe	Get hash	malicious	Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.67
	gpfSnYlScw.exe	Get hash	malicious	Vidar	Browse	20.109.210.53 184.28.90.27 13.107.246.67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (395)
Category:	downloaded
Size (bytes):	1608
Entropy (8bit):	5.271783084011668
Encrypted:	false
SSDEEP:	48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
MD5:	45EA91A811A594F81B7F760DD14BE237
SHA1:	2C97782C6D5D0BCFB3676FF24AA1008251090DAE
SHA-256:	7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
SHA-512:	4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (755)
Category:	downloaded
Size (bytes):	1460
Entropy (8bit):	5.274624539239422
Encrypted:	false
SSDEEP:	24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
MD5:	481C149C4D3EE4A53C3E7CBA067371DF
SHA1:	E0FED275636D3492C922C44F010157FAF0936733
SHA-256:	9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
SHA-512:	EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()1E3,a.bS(),d.aa()1E3,b)},h_a=function(a){return Math.random()Math.min(a.xaMath.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	32500
Entropy (8bit):	5.378121087555083
Encrypted:	false
SSDEEP:	768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
MD5:	57D7B0A2CE36496F05AFA27B39C1F219
SHA1:	418AD03C2E75AEAF188E2A00123B70E09D541656
SHA-256:	E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
SHA-512:	78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (683)
Category:	downloaded
Size (bytes):	3131
Entropy (8bit):	5.352056237104327
Encrypted:	false
SSDEEP:	48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
MD5:	ADEF03127F74F5E6742B8CFA7B863F28
SHA1:	58D7C635582AF10E91EC047FD315FAF758AF51DA
SHA-256:	5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
SHA-512:	3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d\|\|(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	23298
Entropy (8bit):	5.429186219736739
Encrypted:	false
SSDEEP:	384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
MD5:	A5C41D7BA22E9CF451810802AE5AC2E8
SHA1:	858F35134A0BD7BAECB1B1A30EC3645642214554
SHA-256:	D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
SHA-512:	DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka\|\|a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5693)
Category:	downloaded
Size (bytes):	698375
Entropy (8bit):	5.594847180822494
Encrypted:	false
SSDEEP:	6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLniy7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxniZU+
MD5:	9CB39A9BED5FF75EEA0E5CDECB8173A2
SHA1:	17221DDCEBFCDD26C01E6EB9A8FB51CFCDE716E8
SHA-256:	37D3F108CC80806B0C46B3D6A2084E33E7370124D3B8AAEF55588370CFEBC014
SHA-512:	8C07EC9BEB91B345B25280EFD158D77F8E4A6F889A9CDFDECF734C12EDAC2D2FC329EF5F72D5DBF7A795E24E5D77A30E4072F8547FCF80560655AB737ED4658E
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	4066
Entropy (8bit):	5.369564168658135
Encrypted:	false
SSDEEP:	96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoT4w:3mTOImedWOVF6vtUJyA8xJt
MD5:	4D3D9750CA5EB8A7D20993397BC5A6B8
SHA1:	DDB05A2C8AB1FD4537EEB2433BDF507CEE8CB8D2
SHA-256:	FCD1C642992A0BAF9038B3710DA080282AF0C80C113E1CE8F984F8143A2B2B32
SHA-512:	482DD926971FACA341058B35D333CEF64EAC460FC29B0B17AF5CD515253BCE973BBCAABADE3C4D125E07DE3BC75DE52059D5B229C44C5F95A30B845651EF64CA
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	9210
Entropy (8bit):	5.393248075042016
Encrypted:	false
SSDEEP:	192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
MD5:	2ED5BC88509286438B682EFF23518005
SHA1:	D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
SHA-256:	F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
SHA-512:	12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null\|\|typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]\|\|null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null\|\|b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	84
Entropy (8bit):	4.875266466142591
Encrypted:	false
SSDEEP:	3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
MD5:	87B6333E98B7620EA1FF98D1A837A39E
SHA1:	105DE6815B0885357DE1414BFC0D77FCC9E924EF
SHA-256:	DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
SHA-512:	867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3467
Entropy (8bit):	5.508385764606741
Encrypted:	false
SSDEEP:	96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
MD5:	231ABD6E6C360E709640B399EDF85476
SHA1:	6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
SHA-256:	44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
SHA-512:	D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (522)
Category:	downloaded
Size (bytes):	5050
Entropy (8bit):	5.30005628600801
Encrypted:	false
SSDEEP:	96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
MD5:	D9F15F1AEAF15673336FAA3507D1A2A7
SHA1:	FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
SHA-256:	AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
SHA-512:	D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")\|\|"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")\|\|"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (553)
Category:	downloaded
Size (bytes):	744316
Entropy (8bit):	5.792609211069255
Encrypted:	false
SSDEEP:	6144:n5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguaH:nOeKGSpguA
MD5:	25F51A1555D1285FE5A2E5257FC514C8
SHA1:	77CF5942A99A1440D296B668AEBF43BA7B795EB9
SHA-256:	D2516587FD91E772341AE4C4C534EAE55E1C2F692ED2CE60EA36621C01EC666E
SHA-512:	566A84271B8E3672078239A3D8FD34FE7059BCA1959A4FCB5B27FF1DC88206030575FFC67742EC81D78775831DD91C978CFC5C80F80ACE53B7A14A1BD5F5D21A
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGRjSKcPrDEBPLLHUwf2sE4iFvUvg/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x2860c1e4, 0x20469860, 0x39e13c40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (468)
Category:	downloaded
Size (bytes):	1858
Entropy (8bit):	5.297658905867848
Encrypted:	false
SSDEEP:	48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
MD5:	B42DB3D22B12B8E3BE1B82961FE2870E
SHA1:	D9CFD11C1C2DE17A7E9301F11AD875B610B96576
SHA-256:	75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
SHA-512:	EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=5MFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlFUNoJA9_Qld_Efe4B4naRfqJdPqA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)\|\|function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)\|\|function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)\|\|function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.583802349692813
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	919'040 bytes
MD5:	ee95257864261011ce46fdca8c9dcfcf
SHA1:	13e0544afc7a0b615f82a1920647148bd0271fa8
SHA256:	169284dda6e1fe0900948e2120ad74394a7883af6f6a9a5f7e132789177c91aa
SHA512:	c28713a7cc70452150ff8f3b3833bbded6a922ca6e4f568b0f2bf3b27a18fd9a4e3d4fb8c03eb146ab49d9357165ea7cab9dfa55c4d3ca2ac99be5a7bb368e41
SSDEEP:	24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8a4tK:DTvC/MTQYxsWR7a4
TLSH:	AA159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x420577
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67036A14 [Mon Oct 7 04:56:52 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	948cc502fe9226992dce9417f952fce3

Entrypoint Preview

Instruction
call 00007F9E3C8017B3h
jmp 00007F9E3C8010BFh
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F9E3C80129Dh
mov dword ptr [esi], 0049FDF0h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FDF8h
mov dword ptr [ecx], 0049FDF0h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007F9E3C80126Ah
mov dword ptr [esi], 0049FE0Ch
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0049FE14h
mov dword ptr [ecx], 0049FE0Ch
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007F9E3C803E5Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0049FDD0h
push eax
call 00007F9E3C803EA8h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0049FDD0h
push eax
call 00007F9E3C803E91h
test byte ptr [ebp+08h], 00000001h
pop ecx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc8e64	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd4000	0x9bb8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xde000	0x7594	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb0ff0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc3400	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb1010	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9c000	0x894	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x9ab1d	0x9ac00	0a1473f3064dcbc32ef93c5c8a90f3a6	False	0.565500681542811	data	6.668273581389308	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9c000	0x2fb82	0x2fc00	c9cf2468b60bf4f80f136ed54b3989fb	False	0.35289185209424084	data	5.691811547483722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xcc000	0x706c	0x4800	53b9025d545d65e23295e30afdbd16d9	False	0.04356553819444445	DOS executable (block device driver @\273\)	0.5846666986982398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xd4000	0x9bb8	0x9c00	668a0ea10b9da342415e1452223f69b2	False	0.3167067307692308	data	5.332072821016956	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xde000	0x7594	0x7600	c68ee8931a32d45eb82dc450ee40efc3	False	0.7628111758474576	data	6.7972128181359786	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xd45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xd46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xd47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xd4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xd4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xd4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xd5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xd6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xd69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xd8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xda038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xda4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xda4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xdaa84	0x68a	data	English	Great Britain	0.2735961768219833
RT_STRING	0xdb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xdb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xdbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdc7b8	0xe7e	data			1.002964959568733
RT_GROUP_ICON	0xdd638	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xdd6b0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xdd6c4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xdd6d8	0x14	data	English	Great Britain	1.25
RT_VERSION	0xdd6ec	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xdd7c8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
WININET.dll	HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
USERENV.dll	DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
USER32.dll	GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
GDI32.dll	EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
SHELL32.dll	DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 07:08:00.825336933 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 7, 2024 07:08:00.869301081 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:00.869385004 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:00.869456053 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:00.870111942 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:00.870146990 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.519622087 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.519759893 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.519819021 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.520597935 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.520658016 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.521596909 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.521641970 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.522401094 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.522490978 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.522519112 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.567430973 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.575474024 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.575500965 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.622360945 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.792999029 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.793051004 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.793076992 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.793183088 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.793227911 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.793996096 CEST	49733	443	192.168.2.4	142.250.184.206
Oct 7, 2024 07:08:01.794047117 CEST	443	49733	142.250.184.206	192.168.2.4
Oct 7, 2024 07:08:01.803442001 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:01.803529978 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:01.803601980 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:01.803824902 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:01.803855896 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.452941895 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.453196049 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.453253031 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.453802109 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.453869104 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.454788923 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.454876900 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.455826044 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.455909014 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.456029892 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.456047058 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.497344017 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.759820938 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.759872913 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.760030031 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:02.760133028 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.760133028 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.762021065 CEST	49736	443	192.168.2.4	216.58.212.174
Oct 7, 2024 07:08:02.762061119 CEST	443	49736	216.58.212.174	192.168.2.4
Oct 7, 2024 07:08:05.324177980 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:05.324282885 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:05.324371099 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:05.326539993 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:05.326570988 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:05.364765882 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:05.364831924 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:05.364900112 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:05.365118027 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:05.365148067 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:05.986500978 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:05.986588955 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:05.996170998 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:05.996203899 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:05.996701002 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.008197069 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:06.020958900 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:06.021001101 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:06.022607088 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:06.022697926 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:06.028628111 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:06.028825998 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:06.050965071 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.078087091 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:06.078182936 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:06.122447014 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.136966944 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:06.163427114 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.311804056 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.311932087 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.312052965 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.312325001 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.312357903 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.312406063 CEST	49741	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.312422037 CEST	443	49741	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.361176968 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.361259937 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:06.361473083 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.361743927 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:06.361777067 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.006665945 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.006737947 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:07.010612965 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:07.010627985 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.011033058 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.012155056 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:07.055428028 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.284312010 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.284368038 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:07.284447908 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:07.285562038 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 7, 2024 07:08:07.285586119 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 7, 2024 07:08:09.816207886 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:09.816298008 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:09.816418886 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:09.817281008 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:09.817361116 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.448584080 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.448905945 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.448966980 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.449547052 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.449644089 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.450603008 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.450663090 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.451674938 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.451760054 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.451894999 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.451913118 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.497075081 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.767129898 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.767292023 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.767571926 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.767632961 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.767713070 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.767720938 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.767736912 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.768030882 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.773123980 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.773313999 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.779484034 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.779541969 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.779567003 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.779625893 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.779714108 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.785798073 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.786005020 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.792259932 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.792416096 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.792463064 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.792525053 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.792593002 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.853694916 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.853910923 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.853934050 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.853996038 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.854073048 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.856858969 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.856956959 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.862931013 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.862982035 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.863156080 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.863218069 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.863303900 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.869477034 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.869573116 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.875248909 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.875314951 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.875395060 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.881768942 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.881841898 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.881870031 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.888127089 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.888201952 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.888215065 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.888438940 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.888504982 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.889317036 CEST	49756	443	192.168.2.4	142.250.186.110
Oct 7, 2024 07:08:10.889348030 CEST	443	49756	142.250.186.110	192.168.2.4
Oct 7, 2024 07:08:10.904901028 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.904980898 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:10.905066013 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.905251980 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.905287027 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:10.976773024 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.976803064 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:10.976895094 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.977145910 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:10.977159023 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.533613920 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.535440922 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.535471916 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.536364079 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.536432028 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.538028002 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.538136959 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.539050102 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.539177895 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.539314032 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.539321899 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.593029022 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.605180025 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.605401039 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.605426073 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.605932951 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.606025934 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.606971979 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.607043982 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.607285976 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.607367039 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.607486010 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.607497931 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.654521942 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.809128046 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.809245110 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.809303045 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.814487934 CEST	49760	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.814506054 CEST	443	49760	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.815918922 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.815929890 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.815987110 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.816396952 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.816409111 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.879509926 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.879590988 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.879650116 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.973592997 CEST	49762	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.973628998 CEST	443	49762	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.974601030 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.974657059 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:11.974719048 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.975346088 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:11.975363970 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.453872919 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.454051018 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.454071045 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.454576015 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.454643965 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.455588102 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.455642939 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.455856085 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.455940008 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.456010103 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.456026077 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.456073999 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.497565031 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.497590065 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.605593920 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.605921984 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.605942011 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.606807947 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.606889963 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.608081102 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.608135939 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.608377934 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.608464003 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.608557940 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.608568907 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.608583927 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.647875071 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.648189068 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.648262024 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.649009943 CEST	49766	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.649035931 CEST	443	49766	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.653759956 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.653776884 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.704709053 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.747452974 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.798666954 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.798815966 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.798865080 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.799490929 CEST	49767	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:12.799499989 CEST	443	49767	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:12.972718954 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.972839117 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.972914934 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.973016024 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.973083019 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.973156929 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.973175049 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.973222017 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.973242044 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:12.973297119 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.974195004 CEST	49742	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:08:12.974261045 CEST	443	49742	172.217.16.196	192.168.2.4
Oct 7, 2024 07:08:13.801604033 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:13.801639080 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:13.801872969 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:13.803412914 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:13.803428888 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:14.500765085 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:14.501029968 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:14.528700113 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:14.528738022 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:14.529804945 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:14.580744982 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.181478024 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.227401018 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406503916 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406569004 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406589031 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406622887 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406630039 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.406676054 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406707048 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.406745911 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406766891 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.406841993 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.406847954 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.408637047 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.408771038 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.408781052 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.408838034 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:15.409455061 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.907705069 CEST	49769	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:15.907717943 CEST	443	49769	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:17.316404104 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 7, 2024 07:08:17.321533918 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 7, 2024 07:08:17.321604013 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 7, 2024 07:08:18.812227011 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:18.812261105 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:18.812330961 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:18.814248085 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:18.814264059 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.459764004 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.460007906 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.460026026 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.461263895 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.461632013 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.461710930 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.461775064 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.461869955 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.461884975 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.675935030 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.676249981 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:19.676331997 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.677150965 CEST	49780	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:19.677167892 CEST	443	49780	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.205591917 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.205698967 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.205811024 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.206101894 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.206139088 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.218827009 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.218861103 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.218914032 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.219293118 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.219306946 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.811127901 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.811177015 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.811326981 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.811527967 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.811539888 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.845931053 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.850653887 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.850737095 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.851145029 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.851434946 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.851512909 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.851614952 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.851655006 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.851669073 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.855753899 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.855938911 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.855945110 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.857538939 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.857933044 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.858072042 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.858091116 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.858123064 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:41.858371973 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:41.902570009 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.125971079 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.126111031 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.126152992 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.126434088 CEST	49781	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.126449108 CEST	443	49781	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.131827116 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.132160902 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.132208109 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.132369995 CEST	49782	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.132375002 CEST	443	49782	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.456747055 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.457030058 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.457046032 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.458930016 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.459074974 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.461507082 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.461575985 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.461714029 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.461874962 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.461880922 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.461910009 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.462163925 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.511976957 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.512006044 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.558732986 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.731456995 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.731625080 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:42.731674910 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.732239962 CEST	49783	443	192.168.2.4	142.250.185.142
Oct 7, 2024 07:08:42.732258081 CEST	443	49783	142.250.185.142	192.168.2.4
Oct 7, 2024 07:08:52.503930092 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:52.504035950 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:52.504297972 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:52.504748106 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:52.504832029 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.170953989 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.171086073 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.174683094 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.174711943 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.175059080 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.183099031 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.223452091 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.425846100 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.425877094 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.425968885 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.426032066 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.426142931 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.427117109 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.427184105 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.427194118 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.427237034 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.427273035 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.427303076 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.427359104 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.518172979 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.518172979 CEST	49784	443	192.168.2.4	20.109.210.53
Oct 7, 2024 07:08:53.518239021 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.518285036 CEST	443	49784	20.109.210.53	192.168.2.4
Oct 7, 2024 07:08:53.557477951 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:53.557498932 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:53.557570934 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:53.557827950 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:53.557843924 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.215416908 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.215497971 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.219697952 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.219703913 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.220113993 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.230782032 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.275449991 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.328517914 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.328542948 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.328562975 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.328768969 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.328768969 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.328793049 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.328849077 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.414446115 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.414467096 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.414591074 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.414612055 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.414896011 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.416121960 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.416169882 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.416198015 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.416210890 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.416240931 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.416254044 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.500849009 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.500869036 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.501044035 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.501072884 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.501213074 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.502103090 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.502121925 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.502183914 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.502192974 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.502315998 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.503417969 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.503436089 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.503500938 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.503509045 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.503614902 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.504605055 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.504622936 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.504873991 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.504882097 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.504972935 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.587706089 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.587726116 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.588073015 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.588098049 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.588166952 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.588710070 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.588727951 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.588807106 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.588814974 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.588907957 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.590333939 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.590356112 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.590651035 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.590658903 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.590732098 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.591267109 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.591289043 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.591344118 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.591351986 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.591415882 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.591415882 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.592751980 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.592771053 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.592905045 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.592911959 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.593009949 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.593713045 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.593732119 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.593868971 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.593878031 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.594017029 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.594527006 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.594605923 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.594613075 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.594624996 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.594687939 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.594753981 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.594753981 CEST	49785	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.594767094 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.594777107 CEST	443	49785	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.642869949 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.642900944 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.643142939 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.643404007 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.643420935 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.644536018 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.644598961 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.644664049 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.644829035 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.644838095 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.646481991 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.646527052 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.646620989 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.647628069 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.647670984 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.647752047 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.648133039 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.648152113 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.648277044 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.648296118 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.649111032 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.649121046 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:54.649197102 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.649324894 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:54.649336100 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.275912046 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.276855946 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.276870012 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.277276039 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.277281046 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.299359083 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.299783945 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.299840927 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.300163031 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.300177097 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.311337948 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.311351061 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.311675072 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.311702967 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.312717915 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.312724113 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.312849045 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.312877893 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.313690901 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.313697100 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.317090988 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.317435026 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.317465067 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.317991972 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.318001986 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377182007 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377243996 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377324104 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.377346992 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377386093 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377408981 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.377443075 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.377671003 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.377681971 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.377692938 CEST	49786	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.377697945 CEST	443	49786	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.380564928 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.380604982 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.380691051 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.380816936 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.380836010 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.399991989 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.400018930 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.400091887 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.400096893 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.400157928 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.400312901 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.400350094 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.400401115 CEST	49789	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.400417089 CEST	443	49789	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.403033018 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.403076887 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.403182983 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.403333902 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.403350115 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.413526058 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.413675070 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.413759947 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.413819075 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.413858891 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.413887024 CEST	49787	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.413902044 CEST	443	49787	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.414199114 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.414221048 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.414274931 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.414283991 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.414329052 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.414366961 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.414382935 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.414395094 CEST	49788	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.414401054 CEST	443	49788	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.417679071 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.417762995 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.417862892 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.418947935 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.419156075 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.419224977 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.420087099 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.420131922 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.420213938 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.427189112 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.427229881 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.427287102 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.427287102 CEST	49790	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.427304983 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.427325010 CEST	443	49790	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.427429914 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.427457094 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.432399988 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.432414055 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:55.432475090 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.436623096 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:55.436638117 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.115803003 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.115840912 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.116214991 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.116221905 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.116247892 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.116306067 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.116745949 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.116753101 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.116911888 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.116985083 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.117082119 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.117099047 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.117253065 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.117268085 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.117475033 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.117506027 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.117805004 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.117810965 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.118186951 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.118192911 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.125128031 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.125529051 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.125560999 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.125888109 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.125897884 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.214711905 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.214868069 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.214967012 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.215142965 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.215150118 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.215365887 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.215411901 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.215436935 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.215471029 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.216073990 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.216074944 CEST	49793	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.216142893 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.216178894 CEST	443	49793	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.216674089 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.216697931 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.216708899 CEST	49791	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.216716051 CEST	443	49791	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217101097 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217252016 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217391968 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.217443943 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.217443943 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.217443943 CEST	49792	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.217463970 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217477083 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217485905 CEST	443	49792	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.217535973 CEST	49795	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.217542887 CEST	443	49795	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.219922066 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220010042 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.220103979 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220160961 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220247984 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.220383883 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220575094 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220603943 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.220643044 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220665932 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.220747948 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220854998 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220889091 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.220913887 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.220942020 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.221649885 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.221681118 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.221755981 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.221919060 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.221942902 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.227291107 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.227487087 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.227556944 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.227632046 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.227632046 CEST	49794	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.227673054 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.227700949 CEST	443	49794	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.229808092 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.229892015 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.229984045 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.230129004 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.230161905 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.876732111 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.877546072 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.877587080 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.878160954 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.878175020 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.878856897 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.879204988 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.879281044 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.879679918 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.879695892 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.880316973 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.880605936 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.880634069 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.881041050 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.881052017 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.884844065 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.885149002 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.885227919 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.885581970 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.885596991 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.887620926 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.887901068 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.887928963 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.888421059 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.888431072 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.976028919 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.976207018 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.976303101 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.976397038 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.976429939 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.976469040 CEST	49796	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.976486921 CEST	443	49796	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.979389906 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.979449034 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.979541063 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.979710102 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.979722977 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.979734898 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.979892969 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.979974031 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.980051041 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.980051041 CEST	49800	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.980093002 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.980122089 CEST	443	49800	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.980803967 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.980957985 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.981041908 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.981115103 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.981149912 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.981173038 CEST	49799	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.981184959 CEST	443	49799	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.984761000 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.984781027 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.984853983 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.985656023 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.985714912 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.985805035 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.986047029 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.986064911 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.986094952 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.986126900 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.988142014 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.988208055 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.988279104 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.988398075 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.988444090 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.988475084 CEST	49798	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.988491058 CEST	443	49798	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.990830898 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.990854025 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.990925074 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.991322041 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.991549015 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.991619110 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.991993904 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.992007971 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.992113113 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.992127895 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.992157936 CEST	49797	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.992167950 CEST	443	49797	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.999034882 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.999136925 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:56.999243021 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.999428034 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:56.999461889 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.619736910 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.620287895 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.620315075 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.620992899 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.621000051 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.629292965 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.629782915 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.629808903 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.630332947 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.630337954 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.631181955 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.631583929 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.631594896 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.632158995 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.632164001 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.640424013 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.640851021 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.640897036 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.641489029 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.641505957 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.666203976 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.666637897 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.666651011 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.667159081 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.667165995 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.718302965 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.718451977 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.718507051 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.718852043 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.718873024 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.718890905 CEST	49801	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.718898058 CEST	443	49801	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.723126888 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.723196030 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.723289013 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.723951101 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.723982096 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.726927042 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.727072954 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.727128983 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.727173090 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.727185011 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.727195978 CEST	49803	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.727200031 CEST	443	49803	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.729636908 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.729660034 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.729718924 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.730001926 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.730015039 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.733737946 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.733896971 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.733948946 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.734122038 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.734127998 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.734138966 CEST	49804	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.734142065 CEST	443	49804	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.737193108 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.737276077 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.737360954 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.737512112 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.737540960 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.738722086 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.738881111 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.738946915 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.738982916 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.739007950 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.739048958 CEST	49805	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.739078045 CEST	443	49805	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.741499901 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.741579056 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.741646051 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.741797924 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.741826057 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.770369053 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.770503998 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.770564079 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.770700932 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.770716906 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.770730019 CEST	49802	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.770735979 CEST	443	49802	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.774164915 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.774211884 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:57.774281979 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.774471998 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:57.774499893 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.290196896 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.294431925 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.294450045 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.294893980 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.294898987 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.379230976 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.382484913 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.383939981 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.383992910 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.387453079 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.387479067 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.390074015 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.390228033 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.390280962 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.390724897 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.390739918 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.390749931 CEST	49807	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.390755892 CEST	443	49807	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.394198895 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.394249916 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.397573948 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.397591114 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.414448977 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.414537907 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.414633989 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.417521000 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.417557955 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.417711973 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.420792103 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.421026945 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.421060085 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.424468040 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.424479961 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.442028046 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.442071915 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.445936918 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.445951939 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.484812021 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.484973907 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.485146046 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.485146046 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.485146046 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.492958069 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.493040085 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.493141890 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.493868113 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.494039059 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.494098902 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.495877028 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.495918036 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.496006012 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.496006012 CEST	49809	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.496041059 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.496066093 CEST	443	49809	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.501775980 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.501831055 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.501960039 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.501996040 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.502002001 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.525988102 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.526135921 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.526227951 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.526427031 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.526427984 CEST	49808	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.526469946 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.526495934 CEST	443	49808	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.528656006 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.528681040 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.528774023 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.528866053 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.528875113 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.541968107 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.542160034 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.542241096 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.542468071 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.542468071 CEST	49810	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.542485952 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.542505980 CEST	443	49810	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.544203043 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.544286966 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.544373035 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.544476032 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.544497013 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:58.794251919 CEST	49806	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:58.794296980 CEST	443	49806	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.059099913 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.059884071 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.059942007 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.060355902 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.060370922 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.136075020 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.136588097 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.136667013 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.137275934 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.137290955 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.164983988 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.165127993 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.165199041 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.165280104 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.165280104 CEST	49811	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.165321112 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.165347099 CEST	443	49811	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.168168068 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.168215990 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.168694019 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.168754101 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.168936014 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.168951035 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.169289112 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.169305086 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.170245886 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.170252085 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.182749987 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.183451891 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.183460951 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.184201956 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.184207916 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.197771072 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.198087931 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.198148012 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.198462009 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.198476076 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.235331059 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.235414028 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.235474110 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.235583067 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.235618114 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.235646963 CEST	49812	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.235661983 CEST	443	49812	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.238081932 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.238101959 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.238182068 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.238305092 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.238317966 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.278007030 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.278172016 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.278250933 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.278733015 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.278733015 CEST	49813	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.278749943 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.278760910 CEST	443	49813	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.280770063 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.280791998 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.280877113 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.280992985 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.281007051 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.285193920 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.285346031 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.285438061 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.285438061 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.285455942 CEST	49814	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.285460949 CEST	443	49814	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.287055969 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.287101030 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.287163019 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.287266970 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.287281990 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.297840118 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.297991991 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.298090935 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.298186064 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.298186064 CEST	49815	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.298228979 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.298260927 CEST	443	49815	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.299778938 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.299823999 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.299890041 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.299989939 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.300000906 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.852648020 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.853121042 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.853195906 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.853553057 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.853569031 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.903139114 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.903556108 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.903585911 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.903979063 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.903984070 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.933202028 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.933221102 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.933653116 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.933679104 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.934015036 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.934045076 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.934254885 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.934266090 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.934461117 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.934468031 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.955224037 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.955378056 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.955485106 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.955543041 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.955543041 CEST	49816	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.955579996 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.955605984 CEST	443	49816	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.957462072 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.957838058 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.957920074 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.958093882 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.958127975 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.958137989 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.958245039 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.958277941 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:08:59.958444118 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:08:59.958456039 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.005306005 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.005491972 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.005548000 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.005572081 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.005589008 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.005600929 CEST	49817	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.005605936 CEST	443	49817	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.007661104 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.007742882 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.007827997 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.007952929 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.007973909 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.032938004 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.033011913 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.033159018 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.033184052 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.033200026 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.033212900 CEST	49820	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.033220053 CEST	443	49820	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.034301043 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.034509897 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.035178900 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035200119 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.035218000 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035257101 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035280943 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035285950 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.035295963 CEST	49818	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035300016 CEST	443	49818	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.035404921 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.035418034 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.037215948 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.037225008 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.037295103 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.037419081 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.037434101 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.060336113 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.060499907 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.060605049 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.060719013 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.060744047 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.060767889 CEST	49819	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.060781956 CEST	443	49819	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.062472105 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.062556028 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.062647104 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.062748909 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.062781096 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.631686926 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.632102013 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.632132053 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.632527113 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.632534027 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.677213907 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.677700043 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.677727938 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.678105116 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.678112030 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.686723948 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.687025070 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.687033892 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.687407970 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.687413931 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.691061974 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.691351891 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.691433907 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.691962004 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.691978931 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.719477892 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.719948053 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.719989061 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.720566034 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.720582008 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.733983040 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.734144926 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.734200954 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.734272957 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.734289885 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.734323025 CEST	49821	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.734329939 CEST	443	49821	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.738811016 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.738892078 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.739000082 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.739110947 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.739125013 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.775685072 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.775859118 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.775924921 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.782924891 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.782924891 CEST	49823	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.782960892 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.782989025 CEST	443	49823	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.787133932 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.787271023 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.787329912 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.795465946 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.795465946 CEST	49824	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.795502901 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.795523882 CEST	443	49824	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.795821905 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.795967102 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.796112061 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.797231913 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.797261000 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.797282934 CEST	49822	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.797291040 CEST	443	49822	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.800296068 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.800359011 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.800422907 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.801961899 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.801992893 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.802067041 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.802150965 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.802171946 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.803435087 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.803447962 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.803500891 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.803814888 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.803829908 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.803921938 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.803935051 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.819340944 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.819526911 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.819591045 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.819802999 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.819802999 CEST	49825	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.819823980 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.819844961 CEST	443	49825	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.823009014 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.823056936 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:00.823116064 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.823367119 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:00.823412895 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.391993999 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.392548084 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.392606974 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.392998934 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.393012047 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.443195105 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.443979979 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.444072008 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.444782972 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.444797039 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.453466892 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.453808069 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.453851938 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.454214096 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.454224110 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.459770918 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.460226059 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.460258007 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.460591078 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.460601091 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.461906910 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.462198019 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.462225914 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.462763071 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.462770939 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.493063927 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.493223906 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.493293047 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.493347883 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.493347883 CEST	49827	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.493388891 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.493413925 CEST	443	49827	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.495867014 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.495954990 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.496053934 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.497103930 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.497143984 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.541294098 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.541441917 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.541513920 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.541547060 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.541567087 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.541579962 CEST	49828	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.541587114 CEST	443	49828	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.544064045 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.544092894 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.544157982 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.544244051 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.544251919 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.554651022 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.554723978 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.554791927 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.554886103 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.554903984 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.554919004 CEST	49830	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.554929018 CEST	443	49830	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.557281017 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.557291985 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.557363033 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.557454109 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.557457924 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.558962107 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.559031963 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.559094906 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.561220884 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.561220884 CEST	49831	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.561244011 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.561264038 CEST	443	49831	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.561861038 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.562016010 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.562084913 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.562169075 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.562185049 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.562200069 CEST	49829	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.562206030 CEST	443	49829	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.563973904 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564013958 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.564078093 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564212084 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564222097 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.564623117 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564709902 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:01.564800978 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564877033 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:01.564898968 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.149956942 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.150603056 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.150690079 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.151073933 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.151128054 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.182585955 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.182907104 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.182920933 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.183307886 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.183312893 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.197340012 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.197897911 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.197983980 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.198041916 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.198304892 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.198360920 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.198426962 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.198440075 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.198815107 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.198820114 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.203691006 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.203991890 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.204072952 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.204412937 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.204467058 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.250813961 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.250953913 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.251013994 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.251111984 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.251156092 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.251189947 CEST	49832	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.251205921 CEST	443	49832	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.253643036 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.253734112 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.253818035 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.253927946 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.253947020 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.281203032 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.281363964 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.281428099 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.281467915 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.281478882 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.281487942 CEST	49833	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.281492949 CEST	443	49833	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.283624887 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.283649921 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.283723116 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.283829927 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.283842087 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.296081066 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.296154022 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.296344995 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.296344995 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.296344995 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.296751976 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.296928883 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.296992064 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.297029972 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.297034979 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.297046900 CEST	49834	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.297050953 CEST	443	49834	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.298389912 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298476934 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.298578024 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298683882 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298708916 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.298729897 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298773050 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.298834085 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298959970 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.298971891 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.303131104 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.303286076 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.303369999 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.303370953 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.303370953 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.305226088 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.305309057 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.305408955 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.305536032 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.305552959 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.605885029 CEST	49836	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.605890036 CEST	49835	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.605952978 CEST	443	49835	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.605978966 CEST	443	49836	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.922225952 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.922722101 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.922782898 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.923171997 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.923187017 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.928385973 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.928641081 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.928656101 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.928973913 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.928985119 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.946520090 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.946983099 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.947043896 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.947173119 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.947187901 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.956644058 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.956991911 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.957053900 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.957331896 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.957350016 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.971955061 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.972321987 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.972352982 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:02.972587109 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:02.972615004 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.024543047 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.024684906 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.024867058 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.024926901 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.024926901 CEST	49837	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.024966002 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.024990082 CEST	443	49837	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.026249886 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.026396036 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.026468992 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.026591063 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.026591063 CEST	49838	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.026606083 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.026645899 CEST	443	49838	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.028256893 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.028342009 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.028429985 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.029254913 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.029278994 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.029299021 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.029313087 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.029376984 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.029438019 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.029448032 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.045403004 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.045550108 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.045728922 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.045728922 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.045728922 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.047909021 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.047992945 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.048109055 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.048444986 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.048526049 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.058254004 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.058326006 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.058399916 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.058501959 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.058536053 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.058561087 CEST	49841	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.058573961 CEST	443	49841	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.060795069 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.060873985 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.060956001 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.061074018 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.061089993 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.077563047 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.077621937 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.077697039 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.077821016 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.077841997 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.077856064 CEST	49840	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.077862978 CEST	443	49840	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.079523087 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.079576015 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.079654932 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.079757929 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.079792023 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.355849981 CEST	49839	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.355912924 CEST	443	49839	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.664625883 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.665204048 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.665249109 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.665663004 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.665692091 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.671880960 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.672281027 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.672362089 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.672694921 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.672710896 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.689495087 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.689853907 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.689915895 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.690341949 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.690396070 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.727193117 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.727523088 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.727570057 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.727921009 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.727933884 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.729103088 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.729391098 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.729407072 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.729808092 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.729818106 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.764697075 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.764853954 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.764913082 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.765037060 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.765058041 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.765074015 CEST	49843	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.765094995 CEST	443	49843	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.767971992 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.768057108 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.768131971 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.768443108 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.768516064 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.769494057 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.769649029 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.769707918 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.769753933 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.769753933 CEST	49842	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.769778967 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.769790888 CEST	443	49842	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.771682024 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.771775961 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.771842957 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.772023916 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.772042990 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.789330959 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.789488077 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.789577961 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.789638042 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.789638042 CEST	49844	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.789670944 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.789695978 CEST	443	49844	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.791464090 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.791551113 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.791649103 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.791778088 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.791811943 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.828901052 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829065084 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829137087 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829193115 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829193115 CEST	49846	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829230070 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829255104 CEST	443	49846	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829591036 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829751015 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829802990 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829838037 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829838991 CEST	49845	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.829853058 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.829873085 CEST	443	49845	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.831425905 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831427097 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831459045 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.831520081 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.831537008 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831598043 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831646919 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831660032 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:03.831769943 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:03.831804991 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.413929939 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.414598942 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.414649010 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.415069103 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.415080070 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.434067011 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.434536934 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.434572935 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.434995890 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.435004950 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.453784943 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.454233885 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.454319000 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.454571962 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.454627037 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.470993042 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.471254110 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.471307993 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.471573114 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.471586943 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.480983973 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.481378078 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.481456995 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.481764078 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.481777906 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.512140989 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.512291908 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.512362003 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.512419939 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.512419939 CEST	49848	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.512459040 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.512485981 CEST	443	49848	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.514729977 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.514763117 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.514935970 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.514982939 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.514988899 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.538568020 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.538734913 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.538806915 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.538887978 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.538887978 CEST	49849	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.538930893 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.538966894 CEST	443	49849	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.541394949 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.541436911 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.541656971 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.541709900 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.541726112 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.559442997 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.559595108 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.559813023 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.559813976 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.559813976 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.561660051 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.561702013 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.561774015 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.561892033 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.561902046 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.569103003 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.569252014 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.569322109 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.569370985 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.569370985 CEST	49851	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.569394112 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.569415092 CEST	443	49851	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.571170092 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.571197033 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.571301937 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.571372986 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.571377993 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.581171989 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.581322908 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.581406116 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.581484079 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.581484079 CEST	49850	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.581526041 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.581553936 CEST	443	49850	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.583159924 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.583214998 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.583297014 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.583436012 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.583451033 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:04.872090101 CEST	49847	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:04.872153044 CEST	443	49847	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.420674086 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:05.420788050 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:05.420892954 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:05.421127081 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:05.421148062 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:05.506392002 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.507011890 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.507087946 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.507491112 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.507504940 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.511856079 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.512639046 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.512804031 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.512847900 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.513036966 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.513120890 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.513379097 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.513394117 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.513672113 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.513693094 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.513839960 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.513849974 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.514103889 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.514116049 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.514245033 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.514250994 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.514600992 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.514600992 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.514605999 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.514617920 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.605531931 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.605683088 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.605776072 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.606317997 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.606353045 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.606379986 CEST	49853	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.606395006 CEST	443	49853	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.608835936 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.608903885 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.608985901 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.609132051 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.609153986 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.611021996 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.611159086 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.611236095 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.611352921 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.611352921 CEST	49856	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.611422062 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.611449957 CEST	443	49856	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.613126040 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.613179922 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.613249063 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.613677979 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.613712072 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.615210056 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.615284920 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.615376949 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.615448952 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.615448952 CEST	49852	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.615468025 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.615474939 CEST	443	49852	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.615849972 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.616010904 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.616122007 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.616224051 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.616224051 CEST	49855	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.616229057 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.616235971 CEST	443	49855	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.616331100 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.616390944 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.618046045 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618072033 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618088007 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618088007 CEST	49854	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618112087 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.618113041 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.618133068 CEST	443	49854	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.618170977 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618896008 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.618908882 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.619976044 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.620026112 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.620105982 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.620210886 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.620235920 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.621026993 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.621047974 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:05.621638060 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.621969938 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:05.621999979 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.057908058 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:06.058377981 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:06.058429003 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:06.060066938 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:06.060564995 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:06.060992956 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:06.089531898 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 7, 2024 07:09:06.094980001 CEST	80	49724	93.184.221.240	192.168.2.4
Oct 7, 2024 07:09:06.095084906 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 7, 2024 07:09:06.104923964 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:06.253756046 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.254663944 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.254724979 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.255196095 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.255249977 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.261837006 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.262314081 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.262336969 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.262718916 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.262725115 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.274208069 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.274630070 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.274688005 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.275202036 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.275216103 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.289068937 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.291645050 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.292316914 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.292339087 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.292975903 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.292983055 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.293225050 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.293282986 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.294225931 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.294239998 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.352948904 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.353095055 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.353425980 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.353425980 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.354897976 CEST	49858	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.354963064 CEST	443	49858	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.356177092 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.356230021 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.356314898 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.356729031 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.356739998 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.360451937 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.360614061 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.360682964 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.360752106 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.360752106 CEST	49859	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.360785007 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.360815048 CEST	443	49859	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.362687111 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.362736940 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.362823963 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.362937927 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.362951994 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.373725891 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.373795033 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.373859882 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.373944998 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.373944998 CEST	49862	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.373987913 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.374015093 CEST	443	49862	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.375725031 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.375818014 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.375902891 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.376022100 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.376041889 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.391844988 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.391905069 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.391993999 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.392173052 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.392173052 CEST	49860	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.392185926 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.392196894 CEST	443	49860	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.392683983 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.392843008 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.392915964 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.392990112 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.392991066 CEST	49861	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.393032074 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.393059015 CEST	443	49861	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.394022942 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.394051075 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.394136906 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.394229889 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.394244909 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.394687891 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.394731998 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.394797087 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.395059109 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.395098925 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.997312069 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.997843027 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.997867107 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:06.998533010 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:06.998538017 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.005465984 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.006010056 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.006038904 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.006341934 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.006369114 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.015568018 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.015894890 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.015949965 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.016239882 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.016253948 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.044893980 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.045629025 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.045651913 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.046242952 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.046252966 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.048350096 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.048974037 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.049004078 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.049627066 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.049654007 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.095808983 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.095856905 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.095982075 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.096012115 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.096079111 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.096355915 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.096371889 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.096400976 CEST	49863	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.096409082 CEST	443	49863	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.099627972 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.099741936 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.099910975 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.100258112 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.100317001 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.103956938 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.104115009 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.104182005 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.104226112 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.104226112 CEST	49864	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.104245901 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.104271889 CEST	443	49864	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.106492996 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.106585979 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.106678963 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.106825113 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.106844902 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.114917040 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.114989042 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.115045071 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.115341902 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.115343094 CEST	49865	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.115381002 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.115417957 CEST	443	49865	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.117669106 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.117701054 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.117798090 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.117959023 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.117970943 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.145814896 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.145864010 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.145921946 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.145946026 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.146011114 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.146071911 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.146240950 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.146255970 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.146281958 CEST	49866	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.146296978 CEST	443	49866	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148500919 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148559093 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148616076 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148636103 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148665905 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148699999 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148719072 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148724079 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148797035 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148900032 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148907900 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.148926973 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.148994923 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.149010897 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.149024010 CEST	49867	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.149030924 CEST	443	49867	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.151246071 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.151334047 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.151458025 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.151581049 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.151601076 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.741740942 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.742374897 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.742403984 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.742803097 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.742830992 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.752536058 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.752931118 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.752964020 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.753555059 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.753561974 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.787947893 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.788669109 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.788729906 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.788985014 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.789009094 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.796335936 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.796787024 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.796803951 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.797322989 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.797328949 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.803374052 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.803883076 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.803945065 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.804557085 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.804610014 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.851671934 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.851828098 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.851908922 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.851984024 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.852009058 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852020979 CEST	49869	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.852029085 CEST	443	49869	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852371931 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852426052 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852485895 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.852516890 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852636099 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.852689028 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.853526115 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.853526115 CEST	49868	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.853598118 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.853637934 CEST	443	49868	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.858490944 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.858535051 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.858611107 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.859301090 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.859316111 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.859426022 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.859440088 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.859478951 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.859895945 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.859910011 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.886444092 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.886848927 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.887032986 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.889142990 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.889142990 CEST	49872	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.889209986 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.889245987 CEST	443	49872	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.894196033 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.894284010 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.894357920 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.894596100 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.894629955 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.901766062 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.901843071 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.901905060 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.902024984 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.902050018 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.902075052 CEST	49870	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.902087927 CEST	443	49870	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.903985023 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.904047966 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.904131889 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.904557943 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.904557943 CEST	49871	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.904623985 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.904663086 CEST	443	49871	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.905270100 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.905304909 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.905361891 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.905540943 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.905559063 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.906611919 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.906706095 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:07.906780005 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.906929016 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:07.906955957 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.502777100 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.508066893 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.508086920 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.508430004 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.508435965 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.526017904 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.527002096 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.527020931 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.530613899 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.530625105 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.541321993 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.541569948 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.541837931 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.541915894 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.542396069 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.542434931 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.542448997 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.542511940 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.542895079 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.542910099 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.544472933 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.545373917 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.545449972 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.545919895 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.545938969 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.603856087 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.604038954 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.604120970 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.604187965 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.604207993 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.604233980 CEST	49873	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.604243040 CEST	443	49873	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.607855082 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.607906103 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.607985020 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.608169079 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.608191013 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.629909992 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.630096912 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.630187988 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.630187988 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.630214930 CEST	49874	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.630232096 CEST	443	49874	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.633141041 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.633229017 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.633310080 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.633435011 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.633471012 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640173912 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640182018 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640286922 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640341043 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.640454054 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.640480042 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640507936 CEST	49876	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.640520096 CEST	443	49876	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640880108 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.640938997 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.640994072 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.640995026 CEST	49877	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.641025066 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.641047955 CEST	443	49877	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.642983913 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643074036 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.643151999 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643220901 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643284082 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643286943 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.643323898 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.643357992 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643486023 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.643517017 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.644920111 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.645159960 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.645234108 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.645308018 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.645308971 CEST	49875	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.645351887 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.645379066 CEST	443	49875	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.647305965 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.647332907 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:08.647420883 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.647531033 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:08.647556067 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.246151924 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.246696949 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.246733904 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.247391939 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.247399092 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.297719955 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.297921896 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.298337936 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.298367977 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.298810959 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.298810959 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.298837900 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.298870087 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.299401999 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.299408913 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.299793005 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.300112963 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.300139904 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.300592899 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.300599098 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.308485031 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.308902025 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.308962107 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.309412003 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.309464931 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.351907969 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.352142096 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.352258921 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.352345943 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.352380991 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.352437019 CEST	49878	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.352453947 CEST	443	49878	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.355467081 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.355530977 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.355616093 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.355766058 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.355781078 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.395734072 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.395963907 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.396073103 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.396120071 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.396142960 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.396157026 CEST	49882	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.396163940 CEST	443	49882	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.396974087 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.397006989 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.397053957 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.397068977 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.397131920 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.397317886 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.397325993 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.397336960 CEST	49881	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.397341013 CEST	443	49881	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399362087 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399414062 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399457932 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399486065 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399503946 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399522066 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399549007 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399576902 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399599075 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399676085 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399694920 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399713039 CEST	49880	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399720907 CEST	443	49880	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399740934 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399766922 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.399838924 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.399857998 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.401976109 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.401987076 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.402056932 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.402180910 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.402193069 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.406624079 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.406692028 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.406790972 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.406833887 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.406897068 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.406938076 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.406938076 CEST	49879	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.406980038 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.407006979 CEST	443	49879	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.409133911 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.409158945 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:09.409259081 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.409363985 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:09.409389973 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.012422085 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.013484955 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.013516903 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.013952971 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.013958931 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.043709993 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.045047998 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.045077085 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.045483112 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.045492887 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.045522928 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.049176931 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.049217939 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.049431086 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.049438953 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.066144943 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.069124937 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.069165945 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.069557905 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.069570065 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.077958107 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.081151009 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.081172943 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.081700087 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.081711054 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.116111040 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.116260052 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.116451025 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.116574049 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.116574049 CEST	49883	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.116596937 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.116607904 CEST	443	49883	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.119282007 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.119354963 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.119457960 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.119616032 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.119630098 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.142271042 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.142410994 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.142535925 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.142584085 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.142606974 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.142623901 CEST	49886	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.142631054 CEST	443	49886	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.144929886 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.144973993 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.145216942 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.145216942 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.145279884 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.145883083 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.145955086 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.146059990 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.146070957 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.146140099 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.146177053 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.146187067 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.146199942 CEST	49885	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.146205902 CEST	443	49885	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.148073912 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.148092031 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.148303986 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.148304939 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.148324966 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.170689106 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.170759916 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.170938969 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.170991898 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.170991898 CEST	49884	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.171025038 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.171067953 CEST	443	49884	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.173037052 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.173075914 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.173305988 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.173305988 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.173377991 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.180607080 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.180768967 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.180838108 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.180875063 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.180896044 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.180917978 CEST	49887	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.180929899 CEST	443	49887	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.182884932 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.182919979 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.183134079 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.183134079 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.183170080 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.772480011 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.800899982 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.811182022 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.813184977 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.826019049 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.827043056 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.830935001 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.830974102 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.831623077 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.831636906 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.831880093 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.831899881 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.832284927 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.832297087 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.832906961 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.832933903 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.834625959 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.834633112 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.834903955 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.834934950 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.835261106 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.835270882 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.840564966 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.840595007 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.844736099 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.844750881 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.927566051 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.928026915 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.928112030 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.928137064 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.928884983 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.928960085 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.929805040 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.929847002 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.929898024 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.929912090 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.929933071 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.929991007 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.931112051 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.931180954 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.931313038 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.945751905 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.945825100 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.945880890 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.945897102 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.945926905 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.946038961 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.963942051 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.963942051 CEST	49892	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.964014053 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.964050055 CEST	443	49892	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.974888086 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.974888086 CEST	49889	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.974910975 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.974924088 CEST	443	49889	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.977371931 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.977407932 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.977432966 CEST	49888	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.977451086 CEST	443	49888	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.978622913 CEST	49891	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.978636026 CEST	443	49891	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.979630947 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.979646921 CEST	49890	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:10.979655981 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:10.979670048 CEST	443	49890	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.014559031 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.014648914 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.014734983 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.016645908 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.016729116 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.016813040 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.017149925 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.017189026 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.017241955 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.017487049 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.017569065 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.018151999 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.018240929 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.018318892 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.018435001 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.018460035 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.019006968 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.019092083 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.019177914 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.019315958 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.019346952 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.019613028 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.019644976 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.019694090 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.019717932 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.654253006 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.654812098 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.654901981 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.655154943 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.655172110 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.658987045 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.659751892 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.659751892 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.659817934 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.659848928 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.662693977 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.663218021 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.663300037 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.663450003 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.663465977 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.670730114 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.671042919 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.671111107 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.671405077 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.671421051 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.689034939 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.689590931 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.689637899 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.690000057 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.690026999 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.753071070 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.753138065 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.753233910 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.753660917 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.753662109 CEST	49893	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.753731012 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.753772974 CEST	443	49893	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.756175041 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.756263971 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.756331921 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.756467104 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.756481886 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.756864071 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.756938934 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.756985903 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.757005930 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.757054090 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.757088900 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.757090092 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.757126093 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.757154942 CEST	49897	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.757167101 CEST	443	49897	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.759288073 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.759419918 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.759505033 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.759646893 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.759682894 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.762074947 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.762236118 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.762409925 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.762409925 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.762409925 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.765028000 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.765115976 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.765203953 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.765640020 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.765678883 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.771857023 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.771929026 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.771997929 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.772375107 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.772418976 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.772454023 CEST	49895	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.772470951 CEST	443	49895	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.775773048 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.775835037 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.775949955 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.776529074 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.776550055 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.791027069 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.791146994 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.791397095 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.791467905 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.791467905 CEST	49894	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.791495085 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.791512012 CEST	443	49894	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.795747042 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.795773983 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:11.796104908 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.796104908 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:11.796135902 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.074707031 CEST	49896	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.074774027 CEST	443	49896	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.445450068 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.446118116 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.446178913 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.446595907 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.446650982 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.478246927 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.478897095 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.478948116 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.479235888 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.479252100 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.479485035 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.479998112 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.480019093 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.480242968 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.480248928 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.480818987 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.481137037 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.481209040 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.481230021 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.481401920 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.481417894 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.481761932 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.481767893 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.481796980 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.481802940 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548408985 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548480034 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548542976 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.548563957 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548592091 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548636913 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.548787117 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.548805952 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.548821926 CEST	49899	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.548830032 CEST	443	49899	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.551848888 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.551901102 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.552155018 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.552212000 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.552227020 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.577440023 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.577687979 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.577828884 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.577857971 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.577857971 CEST	49902	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.577871084 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.577884912 CEST	443	49902	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.580916882 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.580981970 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.581067085 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.581237078 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.581259966 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.582441092 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.582726002 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.582781076 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.582829952 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.582829952 CEST	49898	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.582860947 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.582887888 CEST	443	49898	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.583839893 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.584001064 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.584081888 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.584124088 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.584124088 CEST	49900	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.584144115 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.584158897 CEST	443	49900	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.584873915 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.584897995 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.584974051 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.585093975 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.585118055 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.585541010 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.585717916 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.585825920 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.585825920 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.585825920 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.586211920 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.586242914 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.586312056 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.586442947 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.586453915 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.587762117 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.587812901 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.587905884 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.588032007 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.588049889 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:12.886933088 CEST	49901	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:12.886965990 CEST	443	49901	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.282006025 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.282294035 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.288187027 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.290070057 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.290843964 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.308635950 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.308701992 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.309016943 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.309036016 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.309209108 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.309241056 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.309710026 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.309765100 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.309770107 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.309803009 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.310218096 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.310245037 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.310249090 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.310297966 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.310549021 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.310555935 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.310731888 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.310748100 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.311053038 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.311063051 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404602051 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404742002 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404815912 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404916048 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404917002 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.404985905 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.404985905 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.405014992 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.405097008 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.405097008 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.405334949 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.405389071 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.405484915 CEST	49908	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.405498981 CEST	443	49908	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.407618046 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.408395052 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.408431053 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.408477068 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.408648968 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.408719063 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.410454035 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.410619974 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.410689116 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.415437937 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.415467978 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.415582895 CEST	49907	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.415612936 CEST	443	49907	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.425707102 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.425707102 CEST	49906	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.425755024 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.425785065 CEST	443	49906	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.436513901 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.436608076 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.436717033 CEST	49904	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.436737061 CEST	443	49904	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.437088013 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.437156916 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.437191010 CEST	49905	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.437210083 CEST	443	49905	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.440845013 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.440941095 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.441020966 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.442192078 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.442214966 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.442286968 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.442850113 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.442877054 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.442887068 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.442925930 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.442992926 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443336964 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443367958 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.443495989 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443531990 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.443690062 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443830013 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443846941 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.443952084 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.443977118 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.444806099 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.444890022 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.444991112 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.445113897 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:13.445138931 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:13.617759943 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.617856979 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:13.617929935 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.618149996 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.618177891 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:13.717998028 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.718043089 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:13.718127012 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.718477964 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:13.718513012 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.084253073 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.084877968 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.084906101 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.085350037 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.085355043 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.089086056 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.089363098 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.089418888 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.089806080 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.089821100 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.092888117 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.093327045 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.093355894 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.093612909 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.093638897 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.096291065 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.096689939 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.096709013 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.096982956 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.096990108 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.110275984 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.110661030 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.110680103 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.110992908 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.111002922 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.183866978 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.183940887 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.183995962 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.184010983 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.184051991 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.184099913 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.187906981 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.187927008 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.187939882 CEST	49911	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.187947035 CEST	443	49911	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.189199924 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.189270020 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.189331055 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.189477921 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.189477921 CEST	49910	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.189523935 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.189551115 CEST	443	49910	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.191458941 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191531897 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191555023 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.191620111 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.191653013 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191679955 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191765070 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191783905 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.191838980 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.191858053 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.192250967 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.192404985 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.192584991 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.192584991 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.192584991 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.194158077 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.194183111 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.194261074 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.194353104 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.194370985 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.196687937 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.196855068 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.196974993 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.196974993 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.196974993 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.198920012 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.198956013 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.199040890 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.199300051 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.199330091 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213046074 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213108063 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213174105 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.213197947 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213227987 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213287115 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.213372946 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.213372946 CEST	49909	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.213392973 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.213413000 CEST	443	49909	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.215825081 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.215909004 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.215990067 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.216109037 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.216137886 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.271255016 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.271661997 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.271697998 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.272428989 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.272742987 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.272840977 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.272912025 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.272938013 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.272953987 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.348712921 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.349118948 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.349195957 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.349793911 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.350114107 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.350318909 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.350353003 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.350353003 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.350398064 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.402446032 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.496131897 CEST	49913	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.496165991 CEST	443	49913	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.511696100 CEST	49912	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.511742115 CEST	443	49912	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.551898956 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.552206039 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.552325964 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.552462101 CEST	49914	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.552524090 CEST	443	49914	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.625103951 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.625227928 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.625279903 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.625861883 CEST	49915	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:14.625926018 CEST	443	49915	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:14.834408998 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.834942102 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.834968090 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.835514069 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.835520983 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.838284016 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.838781118 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.838872910 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.839220047 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.839273930 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.840311050 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.840593100 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.840601921 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.840806007 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.841204882 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.841212034 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.841800928 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.841870070 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.842302084 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.842355013 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.848998070 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.849381924 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.849461079 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.849822998 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.849878073 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.932775974 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.932918072 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.933166981 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.933728933 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.933763027 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.933789015 CEST	49916	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.933804989 CEST	443	49916	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.936846972 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.936886072 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.936976910 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937246084 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937273026 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.937423944 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.937491894 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.937551022 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937588930 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.937655926 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937705994 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937705994 CEST	49917	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.937763929 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.937792063 CEST	443	49917	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939687014 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939759016 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939820051 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.939841986 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939870119 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.939874887 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939883947 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939929008 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.939930916 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.939980030 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940064907 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940066099 CEST	49918	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940082073 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940082073 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.940087080 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.940105915 CEST	443	49918	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.940829992 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.940901995 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940947056 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940964937 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.940987110 CEST	49919	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.940998077 CEST	443	49919	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.942205906 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.942293882 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.942414999 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.942497969 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.942519903 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.942982912 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.943026066 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.943100929 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.943222046 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.943236113 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.948015928 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.948168993 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.948369980 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.948369980 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.948784113 CEST	49920	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.948848009 CEST	443	49920	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.950263023 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.950297117 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:14.950377941 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.950522900 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:14.950537920 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.577646971 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.580307961 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.580328941 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.580796957 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.580804110 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.592281103 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.592629910 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.592643023 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.593084097 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.593089104 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.596087933 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.596519947 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.596564054 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.596805096 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.596812963 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.598161936 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.598436117 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.598496914 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.598778963 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.598800898 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.601088047 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.601308107 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.601334095 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.601644993 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.601653099 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.681380033 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.682905912 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.683017015 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.683202028 CEST	49921	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.683221102 CEST	443	49921	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698014975 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698021889 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698092937 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698159933 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.698163986 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698199034 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698364019 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.698528051 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.698596954 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.702486038 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.702550888 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.702625036 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.702989101 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.703058958 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.703151941 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.703289032 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.703289032 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.743076086 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.743144035 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.743200064 CEST	49925	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.743220091 CEST	443	49925	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.744143009 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.744143009 CEST	49924	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.744215012 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.744255066 CEST	443	49924	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.745704889 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.745704889 CEST	49922	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.745728016 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.745739937 CEST	443	49922	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.767971992 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.767972946 CEST	49923	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.768040895 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.768076897 CEST	443	49923	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.772406101 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.772465944 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.772555113 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.772934914 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773025990 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773344994 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773375034 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773459911 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773544073 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773591995 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773608923 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773632050 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773701906 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773739100 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773740053 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773787975 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773811102 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.773808956 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773950100 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.773962975 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.774353981 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.774523973 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.774590015 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.774698019 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:15.774714947 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:15.959686041 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:15.959754944 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:15.959839106 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:16.418771982 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.419348955 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.419401884 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.419804096 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.419811010 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.420535088 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.420804024 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.420849085 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.421150923 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.421164036 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.422219992 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.422465086 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.422540903 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.422785044 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.422799110 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.441696882 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.442287922 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.442327976 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.442704916 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.442730904 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.451242924 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.451554060 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.451620102 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.451896906 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.451911926 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.518290043 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.518438101 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.518723011 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.518723965 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.519808054 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.519857883 CEST	49930	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.519879103 CEST	443	49930	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.519967079 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520035982 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.520104885 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.520104885 CEST	49926	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.520136118 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520162106 CEST	443	49926	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520555973 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520662069 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520710945 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.520718098 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.520760059 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.521008015 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.521051884 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.521106005 CEST	49927	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.521121979 CEST	443	49927	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.521833897 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.521902084 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.521972895 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523026943 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523102999 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.523106098 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523145914 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523149014 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.523179054 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.523190975 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523360968 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523361921 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523433924 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.523435116 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.523469925 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.544864893 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.545017958 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.545223951 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.545224905 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.545224905 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.547235012 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.547276974 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.547378063 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.547502041 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.547514915 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.556180000 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.556255102 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.556314945 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.556346893 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.556411982 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.556463957 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.556507111 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.556535959 CEST	49928	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.556551933 CEST	443	49928	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.558469057 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.558511972 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.558592081 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.558707952 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.558721066 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:16.854867935 CEST	49929	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:16.854881048 CEST	443	49929	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.169553041 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.170095921 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.170141935 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.170799017 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.170811892 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.170818090 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.171106100 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.171117067 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.171447992 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.171453953 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.192832947 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.193304062 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.193336964 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.193802118 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.193809032 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.196834087 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.197156906 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.197168112 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.197561979 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.197567940 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.211909056 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.212312937 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.212349892 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.212675095 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.212686062 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.268080950 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.268266916 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.268346071 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.268399000 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.268433094 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.268460989 CEST	49932	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.268476009 CEST	443	49932	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.269428015 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.269576073 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.269664049 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.269665003 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.269701958 CEST	49933	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.269721031 CEST	443	49933	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.271075010 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271159887 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.271256924 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271365881 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271403074 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.271496058 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271584988 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.271697044 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271822929 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.271855116 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.294943094 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.295192957 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.295259953 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.295322895 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.295322895 CEST	49931	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.295355082 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.295377970 CEST	443	49931	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.296067953 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.296205997 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.296391010 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.296391010 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.296391010 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.298259974 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.298341990 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.298434973 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.298791885 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.298871994 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.299269915 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.299299002 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.299367905 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.299828053 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.299856901 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.312107086 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.312398911 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.312479973 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.315341949 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.315366983 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.315402985 CEST	49935	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.315414906 CEST	443	49935	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.317955971 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.318007946 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.318109989 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.318244934 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.318253994 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.606781006 CEST	49934	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.606820107 CEST	443	49934	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.904993057 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.905632973 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.905694962 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.906095982 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.906110048 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.911485910 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.911983013 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.912076950 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.912477970 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.912532091 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.943057060 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.943481922 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.943569899 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.943965912 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.944020033 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.953618050 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.954019070 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.954039097 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.954431057 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.954437971 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.980006933 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.980392933 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.980458975 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:17.980782032 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:17.980794907 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.004118919 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.004209995 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.004276991 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.004395008 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.004436016 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.004463911 CEST	49936	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.004478931 CEST	443	49936	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.007006884 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.007102013 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.007436037 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.007436037 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.007570028 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.011115074 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.011269093 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.011344910 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.011465073 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.011465073 CEST	49937	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.011507034 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.011544943 CEST	443	49937	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.014789104 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.014874935 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.015259027 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.015367985 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.015422106 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.042838097 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.043003082 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.043087006 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.043217897 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.043258905 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.043296099 CEST	49938	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.043311119 CEST	443	49938	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.047432899 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.047485113 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.047597885 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.047743082 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.047759056 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.053356886 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.053422928 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.053571939 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.053571939 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.053597927 CEST	49940	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.053610086 CEST	443	49940	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.055697918 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.055741072 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.055815935 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.056077957 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.056088924 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.084832907 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.084904909 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.084973097 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.085000992 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.085031033 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.085098028 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.086812019 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.086829901 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.086863995 CEST	49939	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.086875916 CEST	443	49939	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.093007088 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.093108892 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.093206882 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.093559027 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.093583107 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.648785114 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.649507046 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.649568081 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.649859905 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.649876118 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.681984901 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.682661057 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.682689905 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.683157921 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.683185101 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.690687895 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.692224979 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.692255974 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.692780972 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.692795992 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.728496075 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.728929996 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.728943110 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.729370117 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.729376078 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.746213913 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.746623039 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.746679068 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.746982098 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.746994972 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.749587059 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.749742985 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.749811888 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.749851942 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.749875069 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.749891043 CEST	49941	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.749897957 CEST	443	49941	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.752830029 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.752908945 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.753005028 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.753175020 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.753196955 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785303116 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785356998 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785470009 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.785500050 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785538912 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785594940 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.785661936 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.785677910 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.785712957 CEST	49942	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.785718918 CEST	443	49942	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.788397074 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.788440943 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.788738966 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.788738966 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.788805962 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790107965 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790184021 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790240049 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.790254116 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790292025 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790342093 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.790406942 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.790421009 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.790436983 CEST	49944	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.790443897 CEST	443	49944	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.792561054 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.792644978 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.792722940 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.792968988 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.793005943 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.833765030 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.833836079 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.833900928 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.833916903 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.833949089 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.834069014 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.834145069 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.834145069 CEST	49943	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.834163904 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.834175110 CEST	443	49943	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.836957932 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.837043047 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.837110043 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.837306023 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.837323904 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.847692966 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.847884893 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.847973108 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.848053932 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.848053932 CEST	49945	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.848094940 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.848121881 CEST	443	49945	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.850301981 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.850323915 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:18.850394964 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.850534916 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:18.850545883 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.405812979 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.406290054 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.406326056 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.406932116 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.406986952 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.425539970 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.425961018 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.425983906 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.426384926 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.426390886 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.432827950 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.433343887 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.433430910 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.433732986 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.433788061 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.477917910 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.478365898 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.478427887 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.478811026 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.478823900 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.506521940 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.506593943 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.506704092 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.506913900 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.506913900 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.506913900 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.509690046 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.509732962 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.509943008 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.510001898 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.510016918 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.515697002 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.516014099 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.516036034 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.516405106 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.516417027 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.525064945 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.525229931 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.525420904 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.525420904 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.525420904 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.527883053 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.527967930 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.528084040 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.528168917 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.528192997 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.536587954 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.536640882 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.536757946 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.536791086 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.536850929 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.536894083 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.536894083 CEST	49948	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.536936045 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.536973000 CEST	443	49948	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.538980007 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.539037943 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.539283037 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.539283037 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.539351940 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.577934980 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.578000069 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.578113079 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.578146935 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.578206062 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.578238010 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.578267097 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.578291893 CEST	49949	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.578305960 CEST	443	49949	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.580282927 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.580307961 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.580390930 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.580537081 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.580557108 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.619292021 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.619374990 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.619509935 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.619590998 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.619640112 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.619664907 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.619688988 CEST	49950	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.619699955 CEST	443	49950	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.622193098 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.622278929 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.622373104 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.622518063 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.622550964 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.809196949 CEST	49946	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.809267044 CEST	443	49946	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:19.825112104 CEST	49947	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:19.825128078 CEST	443	49947	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.169096947 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.170057058 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.170119047 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.170562029 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.170617104 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.178356886 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.178872108 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.178914070 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.179312944 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.179341078 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.194489002 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.194917917 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.194950104 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.195429087 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.195436001 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.264190912 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.264715910 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.264748096 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.265036106 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.265045881 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.270526886 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.270685911 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.270915985 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.270916939 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.270916939 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.273513079 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.273555994 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.273638964 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.273910999 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.273941040 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.282660007 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.282812119 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.283024073 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.283024073 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.283024073 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.284941912 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.285001040 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.285080910 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.285202980 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.285217047 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.294369936 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.294512033 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.294595957 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.294631004 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.294650078 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.294661999 CEST	49953	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.294668913 CEST	443	49953	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.297179937 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.297199965 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.297265053 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.297373056 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.297382116 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.303942919 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.304379940 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.304440975 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.304766893 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.304822922 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.368591070 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.368650913 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.368733883 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.368801117 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.368879080 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.368895054 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.368906975 CEST	49954	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.368913889 CEST	443	49954	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.371256113 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.371296883 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.371423960 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.371530056 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.371541023 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.409559965 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.410387993 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.410598993 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.410599947 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.410599947 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.413288116 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.413332939 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.413620949 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.413726091 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.413738012 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.573791981 CEST	49952	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.573856115 CEST	443	49952	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.589405060 CEST	49951	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.589468002 CEST	443	49951	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.714402914 CEST	49955	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.714498997 CEST	443	49955	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.915240049 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.927620888 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.927637100 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.928307056 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.928313017 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.931364059 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.932229996 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.932272911 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.932672024 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.932684898 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.947551966 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.950767994 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.950784922 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:20.951400995 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:20.951411009 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.013355017 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.013957977 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.013978958 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.014375925 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.014383078 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.023933887 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.024003029 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.024104118 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.024125099 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.024153948 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.024260998 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.024276018 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.024290085 CEST	49956	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.024296045 CEST	443	49956	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.027514935 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.027599096 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.027863979 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.028017044 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.028057098 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.030921936 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.031075001 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.031150103 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.031224012 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.031224966 CEST	49957	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.031263113 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.031287909 CEST	443	49957	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.033857107 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.033941984 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.034028053 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.034187078 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.034219980 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.046574116 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.046890020 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.046967030 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.046989918 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.047035933 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.047086954 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.047086954 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.047112942 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.047139883 CEST	49958	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.047169924 CEST	443	49958	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.049674034 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.049716949 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.049808979 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.049902916 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.049918890 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.059560061 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.060030937 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.060050964 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.060564995 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.060571909 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.113069057 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.113230944 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.113296032 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.113404036 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.113415003 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.113464117 CEST	49959	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.113471985 CEST	443	49959	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.116169930 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.116205931 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.116478920 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.116682053 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.116699934 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.158337116 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.158469915 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.158590078 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.158766031 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.158781052 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.158835888 CEST	49960	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.158843994 CEST	443	49960	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.161784887 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.161870956 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.162127972 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.162231922 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.162264109 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.680286884 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.680757999 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.680836916 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.681337118 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.681391001 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.684475899 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.685096979 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.685120106 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.685775042 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.685781956 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.712321043 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.713035107 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.713116884 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.713254929 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.713270903 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.756470919 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.761162043 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.761198044 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.763072968 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.763089895 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.780965090 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.781825066 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.782048941 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.782135963 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.782135963 CEST	49961	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.782180071 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.782212973 CEST	443	49961	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.784069061 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.784301043 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.784430981 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.784495115 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.784512997 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.784524918 CEST	49963	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.784532070 CEST	443	49963	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.784837961 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.784984112 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.785058975 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.785430908 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.785520077 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.786214113 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.786277056 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.786358118 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.786497116 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.786523104 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.802381992 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.805026054 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.805054903 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.805248022 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.805258036 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.817624092 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.817768097 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.817898989 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.817992926 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.818031073 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.818077087 CEST	49962	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.818093061 CEST	443	49962	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.820074081 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.820157051 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.820729017 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.820842981 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.820859909 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.859831095 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.859858990 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.859908104 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.859919071 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.859937906 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.859994888 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.860181093 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.860194921 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.860209942 CEST	49964	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.860215902 CEST	443	49964	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.862646103 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.862673998 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.862963915 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.863102913 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.863116026 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.901355982 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.901566029 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.901738882 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.901738882 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.901738882 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.904696941 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.904728889 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:21.905073881 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.905169964 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:21.905179977 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.215150118 CEST	49965	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.215218067 CEST	443	49965	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.434078932 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.434660912 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.434745073 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.435110092 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.435163975 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.462460995 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.463016033 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.463093996 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.463496923 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.463510990 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.468480110 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.468858004 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.468923092 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.469326973 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.469355106 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.508022070 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.509105921 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.509150982 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.509509087 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.509517908 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.541734934 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.541822910 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.541930914 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.542156935 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.542156935 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.542577982 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.542577982 CEST	49966	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.542645931 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.542680979 CEST	443	49966	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.545583010 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.545658112 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.545785904 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.546011925 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.546032906 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.547146082 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.547678947 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.547719002 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.548068047 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.548094988 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.562242985 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.562314034 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.562419891 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.562578917 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.562639952 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.562639952 CEST	49968	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.562669039 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.562690973 CEST	443	49968	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.565507889 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.565619946 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.565788031 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.565988064 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.566008091 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.573632956 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.574856997 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.574974060 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.575052977 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.575052977 CEST	49967	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.575093985 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.575118065 CEST	443	49967	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.577609062 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.577698946 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.577964067 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.577964067 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.578126907 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.607815027 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.607954979 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.608160973 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.608160973 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.608160973 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.611329079 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.611434937 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.611779928 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.611780882 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.611937046 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.652144909 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.652219057 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.652319908 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.652429104 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.652760983 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.652760983 CEST	49970	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.652792931 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.652810097 CEST	443	49970	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.655814886 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.655889034 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.655967951 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.656172991 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.656196117 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:22.919661999 CEST	49969	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:22.919681072 CEST	443	49969	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.220545053 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.230427980 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.249066114 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.253196001 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.265536070 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.280524015 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.290329933 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.294967890 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.295001030 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.295444012 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.295455933 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.295677900 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.295696020 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.296031952 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.296044111 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.296266079 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.296292067 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.296616077 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.296627998 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.296864033 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.296880007 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.297194958 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.297205925 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.337347984 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.341886044 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.341906071 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.345233917 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.345248938 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.392374992 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.392441988 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.392505884 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.392544985 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.392580986 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.392663002 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.393893957 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.393924952 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.393950939 CEST	49974	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.393965960 CEST	443	49974	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.397548914 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.397598028 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.397654057 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.397675037 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.397718906 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.397773981 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.398679018 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.398833036 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.398891926 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.405258894 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.405309916 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.405370951 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.405390024 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.405459881 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.405525923 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.420631886 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.420665979 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.420691967 CEST	49972	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.420707941 CEST	443	49972	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.423753023 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.423753023 CEST	49971	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.423795938 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.423819065 CEST	443	49971	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.424645901 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.424670935 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.424695969 CEST	49973	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.424707890 CEST	443	49973	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.435323954 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.435406923 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.435492039 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.436369896 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.436439991 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.436497927 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437403917 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437423944 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.437491894 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437629938 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437668085 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.437699080 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437733889 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.437825918 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.437850952 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.438951969 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.438977957 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.439033985 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.439141989 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.439157963 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.448262930 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.448342085 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.448395014 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.473798990 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.473798990 CEST	49975	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.473829985 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.473851919 CEST	443	49975	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.477102041 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.477153063 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:23.477221966 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.477308989 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:23.477332115 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.076757908 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.077300072 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.077342033 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.077740908 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.077754974 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.078602076 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.078938007 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.078979015 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.079284906 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.079298019 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.094806910 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.095128059 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.095160961 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.095503092 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.095516920 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.120759964 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.121673107 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.121691942 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.122581959 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.122592926 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.124465942 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.124768972 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.124818087 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.125148058 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.125161886 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174309969 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174370050 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174453974 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.174479008 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174511909 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174572945 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.174727917 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.174727917 CEST	49976	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.174762964 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.174786091 CEST	443	49976	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.176852942 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.177016020 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.177090883 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.177155018 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.177155018 CEST	49977	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.177189112 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.177212954 CEST	443	49977	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.177752018 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.177786112 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.177865982 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.177994967 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.178009033 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.179028034 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.179037094 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.179122925 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.179224968 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.179239035 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.194956064 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.195120096 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.195204973 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.195266008 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.195266008 CEST	49979	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.195295095 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.195319891 CEST	443	49979	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.197154999 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.197242975 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.197329044 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.197468996 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.197491884 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.224931002 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225008011 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225125074 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225131035 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.225228071 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.225502014 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.225533962 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225560904 CEST	49978	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.225575924 CEST	443	49978	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225765944 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225837946 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225923061 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.225935936 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.225996017 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.226054907 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.226097107 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.226131916 CEST	49980	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.226147890 CEST	443	49980	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.227741957 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.227828026 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.227870941 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.227912903 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.227929115 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.227973938 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.228034019 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.228058100 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.228131056 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.228147984 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.831804991 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.832492113 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.832509995 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.832813978 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.832819939 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.847033024 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.847477913 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.847492933 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.847883940 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.847887993 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.871113062 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.871551991 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.871634007 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.872073889 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.872128010 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.882636070 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.882939100 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.882983923 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.883352995 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.883366108 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.896773100 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.897109032 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.897157907 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.897521973 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.897535086 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933089018 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933190107 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933254957 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.933269024 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933307886 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933450937 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.933566093 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.933566093 CEST	49982	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.933581114 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.933589935 CEST	443	49982	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.936325073 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.936388016 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.936481953 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.936722040 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.936752081 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.949651957 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.950030088 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.950130939 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.950130939 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.950184107 CEST	49981	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.950190067 CEST	443	49981	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.952541113 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.952631950 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.952722073 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.952838898 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.952867985 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.970689058 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.970840931 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.970907927 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.970953941 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.970953941 CEST	49984	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.970977068 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.971016884 CEST	443	49984	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.973280907 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.973340034 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.973423958 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.973617077 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.973644018 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.986610889 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.986794949 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.986860037 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.986903906 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.986927986 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.986962080 CEST	49983	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.986974955 CEST	443	49983	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.988951921 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.988982916 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.989075899 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.989253044 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.989268064 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999380112 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999492884 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999553919 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.999600887 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999640942 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999707937 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.999752998 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.999753952 CEST	49985	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:24.999783039 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:24.999804974 CEST	443	49985	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.001607895 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.001617908 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.001692057 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.001844883 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.001856089 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.597069979 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.598871946 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.598933935 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.599278927 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.599332094 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.607510090 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.610651016 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.610693932 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.611046076 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.611059904 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.618171930 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.618635893 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.618666887 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.619003057 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.619009972 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.669483900 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.670835018 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.670852900 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.672619104 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.672626972 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.681365967 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.682703018 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.682712078 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.683058023 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.683062077 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.696707010 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.696947098 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.697194099 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.711062908 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.711236000 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.711345911 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.716278076 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.716346979 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.716442108 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.716536999 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.716536999 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.751631975 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.751657963 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.751754999 CEST	49987	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.751771927 CEST	443	49987	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.756773949 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.756774902 CEST	49986	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.756793022 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.756814003 CEST	443	49986	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.773525953 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.773680925 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.773793936 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.785165071 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.785165071 CEST	49988	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.785232067 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.785274982 CEST	443	49988	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.785891056 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.785938978 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.785985947 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.786010027 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.786083937 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.839042902 CEST	49989	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.839067936 CEST	443	49989	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.861448050 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.861455917 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.861498117 CEST	49990	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.861506939 CEST	443	49990	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.930871010 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.930957079 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.931051016 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.931458950 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.931566954 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.931664944 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.933491945 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.933520079 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.933722019 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.934112072 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.934144974 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.934186935 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.934192896 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.934935093 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.934947014 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.935005903 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.935112953 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.935125113 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.935172081 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.935179949 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.935892105 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.935921907 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:25.935986042 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.936218023 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:25.936244011 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.575355053 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.575974941 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.575993061 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.577044010 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.577054024 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.578073978 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.579252005 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.581233025 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.581293106 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.581319094 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.581346035 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.581934929 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.581947088 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.581984043 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.581994057 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.604032993 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.605007887 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.605097055 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.605245113 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.605261087 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.626673937 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.627031088 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.627073050 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.627363920 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.627403975 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.673583031 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.674256086 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.674458981 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.674458981 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.674458981 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.677030087 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.677090883 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.677176952 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.677314043 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.677329063 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.678579092 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.678771019 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.678839922 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.678899050 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.678899050 CEST	49992	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.678931952 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.678952932 CEST	443	49992	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.679569960 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.679667950 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.679727077 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.679759026 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.679759026 CEST	49995	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.679773092 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.679791927 CEST	443	49995	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.681159019 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681250095 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.681327105 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681441069 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681466103 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.681619883 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681642056 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.681710958 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681792974 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.681818008 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.706646919 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.706793070 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.706896067 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.707231045 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.707231045 CEST	49991	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.707298994 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.707341909 CEST	443	49991	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.709849119 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.709906101 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.710006952 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.710176945 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.710202932 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.733458996 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.733911991 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.733989000 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.734090090 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.734090090 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.734134912 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.734134912 CEST	49994	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.734154940 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.734184980 CEST	443	49994	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.736330986 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.736365080 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.736552000 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.736552000 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.736582041 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:26.979780912 CEST	49993	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:26.979804039 CEST	443	49993	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.317856073 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.318706036 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.318754911 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.319207907 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.319220066 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.334290028 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.334582090 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.334614038 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.334933996 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.334940910 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.355839968 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.356291056 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.356321096 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.356535912 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.356544971 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.383517981 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.383784056 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.383794069 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.384191990 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.384197950 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.393589020 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.393873930 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.393898010 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.394262075 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.394273996 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.417591095 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.417660952 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.417733908 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.417764902 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.417803049 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.417881966 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.418025017 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.418061018 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.418086052 CEST	49996	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.418103933 CEST	443	49996	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.420958042 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.421022892 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.421118975 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.421284914 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.421307087 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.434392929 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.434541941 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.434699059 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.434746027 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.434767962 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.434786081 CEST	49997	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.434792995 CEST	443	49997	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.436861038 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.436908007 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.436988115 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.437119007 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.437149048 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.463918924 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.463962078 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.464004040 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.464072943 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.464255095 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.464538097 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.464557886 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.464571953 CEST	49998	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.464580059 CEST	443	49998	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.466499090 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.466526031 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.466597080 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.466715097 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.466738939 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.484724998 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.484801054 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.484869003 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.484936953 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.484936953 CEST	50000	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.484946966 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.484956026 CEST	443	50000	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.486898899 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.486979961 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.487062931 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.487195015 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.487231970 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.497730017 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.497864008 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.497926950 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.498024940 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.498025894 CEST	49999	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.498047113 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.498081923 CEST	443	49999	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.499893904 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.499921083 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:27.500133991 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.500134945 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:27.500166893 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.063118935 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.063652992 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.063697100 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.064133883 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.064147949 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.074548960 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.075547934 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.075607061 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.076179028 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.076232910 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.108582973 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.109122038 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.109129906 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.109488964 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.109498024 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.126183033 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.126622915 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.126674891 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.127027988 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.127042055 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.137370110 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.138571024 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.138633013 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.139014006 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.139067888 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.162024021 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.162208080 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.162333965 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.169034004 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.169034004 CEST	50001	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.169104099 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.169192076 CEST	443	50001	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.172106981 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.172195911 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.172321081 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.172463894 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.172488928 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173609018 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173680067 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173741102 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.173803091 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173841000 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173891068 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.173940897 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.173940897 CEST	50002	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.173974037 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.173996925 CEST	443	50002	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.175769091 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.175837040 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.175906897 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.176019907 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.176029921 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.207274914 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.207446098 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.207568884 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.225286007 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.225363016 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.225452900 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.225462914 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.225521088 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.238008022 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.238265991 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.238471985 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.243648052 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.243648052 CEST	50003	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.243674994 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.243685007 CEST	443	50003	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.259669065 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.259669065 CEST	50004	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.259716988 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.259743929 CEST	443	50004	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.286850929 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.286850929 CEST	50005	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.286885023 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.286902905 CEST	443	50005	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.391366005 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.391473055 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.391558886 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.393193007 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.393294096 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.393356085 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.393747091 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.393826962 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.397353888 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.397383928 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.397447109 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.397648096 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.397670984 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.397775888 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.397800922 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.820034027 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.820722103 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.820806980 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.821181059 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.821235895 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.842216015 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.842550039 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.842622042 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.842904091 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.842917919 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.919918060 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.919990063 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.920094013 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.920172930 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.920173883 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.920305967 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.920305967 CEST	50006	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.920351028 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.920380116 CEST	443	50006	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.923314095 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.923449039 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.923526049 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.923701048 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.923734903 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.946708918 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.947284937 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.947355986 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.947444916 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.947444916 CEST	50007	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.947480917 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.947506905 CEST	443	50007	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.950177908 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.950211048 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:28.950288057 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.950378895 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:28.950404882 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.037015915 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.037662029 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.037749052 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.038016081 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.038033009 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.038577080 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.038916111 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.038975000 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.039304972 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.039319992 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.079051018 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.079487085 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.079518080 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.079931021 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.079936981 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.135662079 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.135802031 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.136006117 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.136130095 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.136130095 CEST	50008	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.136173964 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.136203051 CEST	443	50008	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.137146950 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.137319088 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.137384892 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.137636900 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.137636900 CEST	50010	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.137664080 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.137689114 CEST	443	50010	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.140424967 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140513897 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.140547037 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140564919 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.140613079 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140674114 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140774965 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140774965 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.140794992 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.140829086 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183589935 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183666945 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183723927 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.183738947 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183774948 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183840036 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.183865070 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.183872938 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.183885098 CEST	50009	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.183891058 CEST	443	50009	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.186395884 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.186425924 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.186599016 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.186599016 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.186630964 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.310846090 CEST	49857	443	192.168.2.4	172.217.16.196
Oct 7, 2024 07:09:29.310920000 CEST	443	49857	172.217.16.196	192.168.2.4
Oct 7, 2024 07:09:29.593945980 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.594474077 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.594495058 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.594933033 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.594939947 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.603877068 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.604449034 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.604509115 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.604707956 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.604737997 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.736362934 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.736749887 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.736949921 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.736951113 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.736951113 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.739758968 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.739780903 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.739866018 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.740082979 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.740096092 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.745831013 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.745974064 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.746052027 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.746157885 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.746203899 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.746233940 CEST	50011	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.746248960 CEST	443	50011	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.748657942 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.748750925 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.748841047 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.749010086 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.749049902 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.808465004 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.810687065 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.810745001 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.811510086 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.811523914 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.844738960 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.845326900 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.845364094 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.845822096 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.845833063 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.908873081 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.908957958 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.909195900 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.909470081 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.909502029 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.909528971 CEST	50013	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.909545898 CEST	443	50013	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.911680937 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.912024021 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.912045002 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.912245035 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.912281036 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.912349939 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.912410975 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.912416935 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.912489891 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.912507057 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.949126005 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.949264050 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.949328899 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.949368000 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.949379921 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.949407101 CEST	50014	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.949418068 CEST	443	50014	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.951530933 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.951564074 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:29.951630116 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.951738119 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:29.951751947 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.016463995 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.016633987 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.016690969 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.016779900 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.016799927 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.016814947 CEST	50015	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.016823053 CEST	443	50015	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.019906044 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.019989014 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.020086050 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.020239115 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.020263910 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.042117119 CEST	50012	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.042124987 CEST	443	50012	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.380923033 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.381531000 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.381551027 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.381999016 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.382004976 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.401027918 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.401685953 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.401755095 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.402142048 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.402153969 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.480341911 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.480515957 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.483354092 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.483421087 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.483421087 CEST	50016	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.483442068 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.483453989 CEST	443	50016	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.485934973 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.485979080 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.486350060 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.486459017 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.486464977 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.504407883 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.504561901 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.504652023 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.504841089 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.504882097 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.504908085 CEST	50017	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.504924059 CEST	443	50017	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.507189989 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.507275105 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.507394075 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.507503033 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.507531881 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.589647055 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.592818975 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.592886925 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.593288898 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.593312025 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.593432903 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.596937895 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.596966982 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.597280025 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.597286940 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.670023918 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.693378925 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.693535089 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.693675041 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.695167065 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.695229053 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.695519924 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.695534945 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.695736885 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696050882 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696154118 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696254015 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696254969 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696520090 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696520090 CEST	50018	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696573973 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696603060 CEST	443	50018	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696893930 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696921110 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.696974993 CEST	50019	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.696981907 CEST	443	50019	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.711375952 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.711491108 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.711571932 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.712054968 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.712135077 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.712158918 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.712196112 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.712218046 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.712299109 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.712318897 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.792917967 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.792992115 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.793231964 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.793298960 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.793387890 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.794334888 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.801163912 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.801203966 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.801230907 CEST	50020	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.801245928 CEST	443	50020	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.839353085 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.839426994 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:30.839571953 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.843858957 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:30.843887091 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.127794981 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.128598928 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.128616095 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.129050016 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.129060030 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.158910990 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.159408092 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.159467936 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.159693956 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.159709930 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.227139950 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.227325916 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.227509975 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.227782011 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.227782011 CEST	50022	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.227817059 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.227843046 CEST	443	50022	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.230427027 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.230492115 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.230581999 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.230741024 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.230772972 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.259352922 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.259458065 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.259506941 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.259767056 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.260027885 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.260027885 CEST	50023	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.260073900 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.260102034 CEST	443	50023	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.262537003 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.262563944 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.262691975 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.262767076 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.262773991 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.362917900 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.366292953 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.366329908 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.366759062 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.366770983 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.369607925 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.370105028 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.370137930 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.370539904 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.370553017 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.464046001 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.464205980 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.464297056 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.464507103 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.464531898 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.464555979 CEST	50025	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.464569092 CEST	443	50025	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.467258930 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.467339039 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.467434883 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.467552900 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.467576027 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.511358976 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.512027025 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.512065887 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.512453079 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.512465000 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.573636055 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.573795080 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.573862076 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.574172974 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.574172974 CEST	50024	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.574204922 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.574229002 CEST	443	50024	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.577424049 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.577495098 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.577568054 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.577701092 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.577722073 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.611733913 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.611886024 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.611969948 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.612091064 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.612126112 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.612152100 CEST	50026	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.612164974 CEST	443	50026	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.614579916 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.614623070 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.614789009 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.614851952 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.614860058 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.882338047 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.882913113 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.882968903 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.883279085 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.883291006 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.902431011 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.902853966 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.902882099 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.903450966 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.903455973 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.983793974 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.983866930 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.983926058 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.983948946 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.983979940 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.984030008 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.984170914 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.984201908 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.984226942 CEST	50027	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.984263897 CEST	443	50027	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.986881971 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.986915112 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:31.986984015 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.987118959 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:31.987133026 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.003190994 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.003329039 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.003420115 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.003420115 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.003449917 CEST	50028	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.003463984 CEST	443	50028	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.005698919 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.005749941 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.005820990 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.005961895 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.005984068 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.125787973 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.126220942 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.126251936 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.126641035 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.126646996 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.227907896 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.228400946 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.228437901 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.228868961 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.228874922 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.228993893 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.229151011 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.229213953 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.229408979 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.229424000 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.229435921 CEST	50029	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.229443073 CEST	443	50029	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.232397079 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.232424021 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.232511997 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.232631922 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.232656956 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.284631014 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.285083055 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.285099030 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.285453081 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.285459042 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.325934887 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.325984001 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.326066017 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.326114893 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.326147079 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.326203108 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.326273918 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.326302052 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.326328039 CEST	50030	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.326343060 CEST	443	50030	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.329088926 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.329149961 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.329257965 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.329365969 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.329391956 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.387156010 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.387301922 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.387403011 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.387988091 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.387988091 CEST	50031	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.388001919 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.388010025 CEST	443	50031	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.389960051 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.390006065 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.390137911 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.390273094 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.390301943 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.634093046 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.634732008 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.634762049 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.635193110 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.635206938 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.659302950 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.659673929 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.659753084 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.660114050 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.660166979 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.732861042 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.732892990 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.732949018 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.732978106 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.733074903 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.733127117 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.733198881 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.733232975 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.733258009 CEST	50032	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.733273983 CEST	443	50032	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.739834070 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.739866972 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.739934921 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.740124941 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.740138054 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.760427952 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.760477066 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.760592937 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.760629892 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.760695934 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.760860920 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.760860920 CEST	50033	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.760904074 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.760930061 CEST	443	50033	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.763139009 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.763150930 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.763219118 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.763334990 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.763349056 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.897955894 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.898515940 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.898565054 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.898971081 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.898983955 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.973084927 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.973860979 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.973910093 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:32.974502087 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:32.974513054 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000411987 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000463963 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000516891 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.000540018 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000638008 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000709057 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.000763893 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.000787973 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.000813007 CEST	50034	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.000827074 CEST	443	50034	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.005458117 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.005511999 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.005599022 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.005913019 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.005929947 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.026376009 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.027683973 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.027704000 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.028350115 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.028378963 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073247910 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073304892 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073376894 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.073407888 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073436975 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073519945 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.073628902 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.073657036 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.073681116 CEST	50035	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.073695898 CEST	443	50035	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.077188969 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.077270985 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.077347040 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.077640057 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.077672958 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.126174927 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.126328945 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.126400948 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.128051043 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.128089905 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.128114939 CEST	50036	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.128130913 CEST	443	50036	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.130511999 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.130554914 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.130640030 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.130781889 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.130786896 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.378092051 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.378555059 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.378580093 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.378983021 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.378990889 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.439302921 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.439730883 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.439742088 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.440165997 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.440171957 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.476269007 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.476435900 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.476492882 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.476560116 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.476578951 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.476592064 CEST	50037	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.476607084 CEST	443	50037	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.479418993 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.479454994 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.479593992 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.479794979 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.479811907 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.544874907 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.545073032 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.545131922 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.545169115 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.545182943 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.545195103 CEST	50038	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.545201063 CEST	443	50038	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.547776937 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.547811985 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.547890902 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.548043966 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.548054934 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.658900976 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.659492970 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.659586906 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.659946918 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.659962893 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.725064993 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.725692034 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.725749969 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.726152897 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.726171017 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.761173964 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.761478901 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.761584044 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.761584044 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.761678934 CEST	50039	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.761723995 CEST	443	50039	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.764110088 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.764199972 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.764305115 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.764421940 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.764451027 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.824112892 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.824140072 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.824209929 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.824239016 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.824301958 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.824775934 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.824775934 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.824775934 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.824775934 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.827157974 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.827229023 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.827311039 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.827435970 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.827470064 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.830471992 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.830866098 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.830887079 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.831290007 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.831295013 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.937320948 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.937390089 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.937509060 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.937552929 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.937552929 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.937721014 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.937721014 CEST	50041	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.937742949 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.937751055 CEST	443	50041	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.940164089 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.940227985 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:33.940320015 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.940468073 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:33.940500975 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.136915922 CEST	50040	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.136964083 CEST	443	50040	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.155752897 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.156229973 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.156245947 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.156757116 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.156763077 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.188750029 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.189150095 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.189193964 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.189513922 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.189528942 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.262723923 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.262754917 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.262778997 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.262857914 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.262871981 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.262955904 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.284591913 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.284634113 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.284727097 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.284754992 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.284854889 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.284905910 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.284945011 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.284969091 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.284991980 CEST	50043	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.285006046 CEST	443	50043	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.287725925 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.287770033 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.287910938 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.288038969 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.288062096 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.353379965 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.353463888 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.353472948 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.353514910 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.353590965 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.353590965 CEST	50042	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.353607893 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.353622913 CEST	443	50042	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.355968952 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.356015921 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.356096983 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.356230974 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.356251001 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.443541050 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.443964958 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.443989992 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.444391966 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.444403887 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.491909981 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.492415905 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.492460966 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.492820024 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.492835999 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.552331924 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.552386045 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.552428007 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.552468061 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.552509069 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.552541018 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.552565098 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.583956957 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.584347963 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.584403992 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.584798098 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.584810019 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.594938040 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595000029 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595071077 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.595092058 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595144987 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.595196962 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.595196962 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.595213890 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595639944 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595721960 CEST	443	50045	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.595771074 CEST	50045	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.597538948 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.597636938 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.597729921 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.597831964 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.597855091 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640460014 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640526056 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640552998 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640603065 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640635014 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640660048 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640667915 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640711069 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640763998 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640783072 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.640795946 CEST	50044	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.640801907 CEST	443	50044	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.643529892 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.643585920 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.643655062 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.643831015 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.643862009 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.683840036 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.683898926 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.683948994 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.683986902 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.684106112 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.684140921 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.684163094 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.684730053 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.684822083 CEST	443	50046	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.684874058 CEST	50046	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.686064005 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.686110973 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.686178923 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.686288118 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.686296940 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.935976982 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.936634064 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.936652899 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:34.937077045 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:34.937083006 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.019886017 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.020337105 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.020361900 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.020941973 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.020950079 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.036376953 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.036461115 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.036511898 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.036601067 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.036612988 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.036624908 CEST	50047	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.036632061 CEST	443	50047	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.039213896 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.039297104 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.039398909 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.039501905 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.039532900 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.122139931 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.122287035 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.122354984 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.122395992 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.122416019 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.122436047 CEST	50048	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.122442007 CEST	443	50048	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.124517918 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.124558926 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.124649048 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.124769926 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.124784946 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.234401941 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.234823942 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.234860897 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.235244036 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.235255003 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.283371925 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.283955097 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.284018993 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.284380913 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.284398079 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.333257914 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.333345890 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.333534956 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.333626032 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.333626986 CEST	50049	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.333673000 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.333703995 CEST	443	50049	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.334434032 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.334862947 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.334881067 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.335406065 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.335412025 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.336472988 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.336519957 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.336600065 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.336730957 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.336743116 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.381428957 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.381827116 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.382023096 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.382024050 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.382024050 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.383938074 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.384023905 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.384113073 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.384216070 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.384241104 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.435265064 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.435300112 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.435340881 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.435353994 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.435398102 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.435535908 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.435554028 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.435569048 CEST	50051	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.435575962 CEST	443	50051	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.685224056 CEST	50050	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.685295105 CEST	443	50050	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.685523987 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.686276913 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.686362028 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.686733007 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.686748981 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.761073112 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.761518002 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.761553049 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.762038946 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.762049913 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.788727045 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.788791895 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.788975000 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.789058924 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.789058924 CEST	50052	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.789100885 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.789130926 CEST	443	50052	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.860395908 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.860682011 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.860744953 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.861263990 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.861290932 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.861315012 CEST	50053	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.861344099 CEST	443	50053	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.976630926 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.977147102 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.977212906 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:35.977622986 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:35.977639914 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.024880886 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.025511026 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.025593996 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.025851011 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.025866032 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.076570034 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.076642990 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.076706886 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.077085018 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.077085018 CEST	50054	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.077133894 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.077161074 CEST	443	50054	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.136877060 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.137036085 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.137113094 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.137501001 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.137547016 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:36.137578011 CEST	50055	443	192.168.2.4	13.107.246.67
Oct 7, 2024 07:09:36.137593985 CEST	443	50055	13.107.246.67	192.168.2.4
Oct 7, 2024 07:09:43.766510010 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:43.766545057 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:43.766625881 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:43.766920090 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:43.766931057 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.406240940 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.406605959 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.406646013 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.407012939 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.407399893 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.407469034 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.407568932 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.407589912 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.407598019 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.683505058 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.683620930 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:44.683666945 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.684000015 CEST	50056	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:44.684015989 CEST	443	50056	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:45.765317917 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:45.765443087 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:45.765649080 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:45.766280890 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:45.766319036 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.220398903 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.221025944 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.221090078 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.221630096 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.222028971 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.222124100 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.222232103 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.222266912 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.222335100 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.502248049 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.502394915 CEST	443	50057	142.250.185.174	192.168.2.4
Oct 7, 2024 07:09:47.502631903 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.503138065 CEST	50057	443	192.168.2.4	142.250.185.174
Oct 7, 2024 07:09:47.503181934 CEST	443	50057	142.250.185.174	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 07:08:00.799453020 CEST	63217	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:00.799662113 CEST	64667	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:00.806318045 CEST	53	63217	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:00.806682110 CEST	53	64667	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:00.807156086 CEST	53	60841	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:00.827018976 CEST	53	54150	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:01.796056986 CEST	57484	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:01.796170950 CEST	54271	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:01.802653074 CEST	53	54271	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:01.802983046 CEST	53	57484	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:01.842279911 CEST	53	64307	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:05.356976032 CEST	53327	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:05.357176065 CEST	58396	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:05.363632917 CEST	53	53327	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:05.363986015 CEST	53	58396	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:07.150454998 CEST	53	55134	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:09.793991089 CEST	54694	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:09.795062065 CEST	58758	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:09.800952911 CEST	53	54694	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:09.801937103 CEST	53	58758	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:10.896270037 CEST	62416	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:10.896490097 CEST	59444	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:08:10.904213905 CEST	53	62416	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:10.904581070 CEST	53	59444	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:13.068485022 CEST	53	58719	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:17.680201054 CEST	138	138	192.168.2.4	192.168.2.255
Oct 7, 2024 07:08:18.816310883 CEST	53	61386	1.1.1.1	192.168.2.4
Oct 7, 2024 07:08:37.742697001 CEST	53	61264	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:00.618520975 CEST	53	56544	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:00.817197084 CEST	53	62893	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:11.821382999 CEST	53	49460	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:13.609843969 CEST	56465	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:09:13.609946012 CEST	60443	53	192.168.2.4	1.1.1.1
Oct 7, 2024 07:09:13.617194891 CEST	53	60443	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:13.617227077 CEST	53	56465	1.1.1.1	192.168.2.4
Oct 7, 2024 07:09:29.318312883 CEST	53	56983	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 07:08:00.799453020 CEST	192.168.2.4	1.1.1.1	0xfa06	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:00.799662113 CEST	192.168.2.4	1.1.1.1	0x2989	Standard query (0)	youtube.com	65	IN (0x0001)	false
Oct 7, 2024 07:08:01.796056986 CEST	192.168.2.4	1.1.1.1	0x1127	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.796170950 CEST	192.168.2.4	1.1.1.1	0x6791	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 07:08:05.356976032 CEST	192.168.2.4	1.1.1.1	0xa213	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:05.357176065 CEST	192.168.2.4	1.1.1.1	0xf505	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 7, 2024 07:08:09.793991089 CEST	192.168.2.4	1.1.1.1	0x17f3	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:09.795062065 CEST	192.168.2.4	1.1.1.1	0x3ddf	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Oct 7, 2024 07:08:10.896270037 CEST	192.168.2.4	1.1.1.1	0x860f	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:10.896490097 CEST	192.168.2.4	1.1.1.1	0xd5e7	Standard query (0)	play.google.com	65	IN (0x0001)	false
Oct 7, 2024 07:09:13.609843969 CEST	192.168.2.4	1.1.1.1	0x76bc	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:09:13.609946012 CEST	192.168.2.4	1.1.1.1	0x159c	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 07:08:00.806318045 CEST	1.1.1.1	192.168.2.4	0xfa06	No error (0)	youtube.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:00.806682110 CEST	1.1.1.1	192.168.2.4	0x2989	No error (0)	youtube.com			65	IN (0x0001)	false
Oct 7, 2024 07:08:01.802653074 CEST	1.1.1.1	192.168.2.4	0x6791	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802653074 CEST	1.1.1.1	192.168.2.4	0x6791	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:01.802983046 CEST	1.1.1.1	192.168.2.4	0x1127	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:05.363632917 CEST	1.1.1.1	192.168.2.4	0xa213	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:05.363986015 CEST	1.1.1.1	192.168.2.4	0xf505	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 7, 2024 07:08:09.800952911 CEST	1.1.1.1	192.168.2.4	0x17f3	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 07:08:09.800952911 CEST	1.1.1.1	192.168.2.4	0x17f3	No error (0)	www3.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:08:09.801937103 CEST	1.1.1.1	192.168.2.4	0x3ddf	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 07:08:10.904213905 CEST	1.1.1.1	192.168.2.4	0x860f	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 7, 2024 07:09:13.617227077 CEST	1.1.1.1	192.168.2.4	0x76bc	No error (0)	play.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

youtube.com

www.youtube.com

fs.microsoft.com

https:

accounts.youtube.com

play.google.com

www.google.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	142.250.184.206	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:01 UTC	851	OUT	GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1 Host: youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:01 UTC	1704	IN	HTTP/1.1 301 Moved Permanently Content-Type: application/binary X-Content-Type-Options: nosniff Expires: Mon, 07 Oct 2024 05:08:01 GMT Date: Mon, 07 Oct 2024 05:08:01 GMT Cache-Control: private, max-age=31536000 Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Frame-Options: SAMEORIGIN Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script' Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Server: ESF Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	216.58.212.174	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:02 UTC	869	OUT	GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1 Host: www.youtube.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:02 UTC	2656	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 05:08:02 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 07-Oct-2024 05:38:02 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=0RK944a25Xg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=YMx5AitSKSo; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 05:08:02 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgCw%3D%3D; Domain=.youtube.com; Expires=Sat, 05-Apr-2025 05:08:02 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 05:08:06 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF45) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=214656 Date: Mon, 07 Oct 2024 05:08:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-07 05:08:07 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=214591 Date: Mon, 07 Oct 2024 05:08:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-07 05:08:07 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49756	142.250.186.110	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:10 UTC	1236	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-726507873&timestamp=1728277688431 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:10 UTC	1969	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-lM4sF1k-S6Ci8yXMGo-D-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 07 Oct 2024 05:08:10 GMT Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw0pBikPj6kkkLiJ3SZ7CGAHHSv_OsJUB8ufsS63UgVu25xGoOxEUSV1hbgFiIh2PXzd4dbAIrWh5tYVLSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAA1-YtXg" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6c 4d 34 73 46 31 6b 2d 53 36 43 69 38 79 58 4d 47 6f 2d 44 2d 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 761c<html><head><script nonce="lM4sF1k-S6Ci8yXMGo-D-A">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29 Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45 Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb\|\|{},q=this\|\|self,gb=q._F_toggles\|\|[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c\|\|q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
2024-10-07 05:08:10 UTC	1969	IN	Data Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49760	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:11 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:11 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:11 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49762	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:11 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:11 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:11 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49766	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:12 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 519 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:12 UTC	519	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 36 38 39 35 33 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277689537",null,null,null
2024-10-07 05:08:12 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=l_MMzgCkXMQDBdfhz3z5DU4r64WD2fnShNFbdOTv1c5g0BwKAHFoLIW81KTgjlQVOCwm-rIn7ChJfVNN9F9OFJlwycwFbTGIZRiC8Bl9AUnC4vtyvSYVEJmaOtSTyqrWDTwxvIWL1UCRKyzmXJh2_oKKssbfrt6eLgyhdA3JVSoR4YXniA; expires=Tue, 08-Apr-2025 05:08:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 05:08:12 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:12 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49767	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:12 UTC	1124	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 505 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 05:08:12 UTC	505	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 36 38 39 36 32 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277689623",null,null,null
2024-10-07 05:08:12 UTC	932	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=fvfclg15sz9bo-chVRJBIcXwnpSwLk01ilUhwT9Le2VyEhVlDlHk_HH5mhIJuFIHI1xijQmUxzA37SV-E5mE21IFbhGGNcMlFq-M4dBnKJiIo_PzoZtDBoVsv9pkqH_P_xH3ck1tWV_BnDt6J1gLtLCThMtAOj_GyYvriouScyxAiN50HA; expires=Tue, 08-Apr-2025 05:08:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:12 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 05:08:12 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:12 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49742	172.217.16.196	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:12 UTC	1213	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=l_MMzgCkXMQDBdfhz3z5DU4r64WD2fnShNFbdOTv1c5g0BwKAHFoLIW81KTgjlQVOCwm-rIn7ChJfVNN9F9OFJlwycwFbTGIZRiC8Bl9AUnC4vtyvSYVEJmaOtSTyqrWDTwxvIWL1UCRKyzmXJh2_oKKssbfrt6eLgyhdA3JVSoR4YXniA
2024-10-07 05:08:12 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 07 Oct 2024 04:07:34 GMT Expires: Tue, 15 Oct 2024 04:07:34 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 3638 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-07 05:08:12 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-10-07 05:08:12 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-10-07 05:08:12 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-10-07 05:08:12 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-10-07 05:08:12 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49769	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7zOO46Pw5MbMGW+&MD=w+d75o56 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 05:08:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8a3f0735-6f47-49e2-b607-51922a9d74c9 MS-RequestId: c135ff60-049f-43f0-b91b-df2978294e98 MS-CV: tCkXR9Hfs0i4OJZg.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 05:08:14 GMT Connection: close Content-Length: 24490
2024-10-07 05:08:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-07 05:08:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49780	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:19 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1221 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=fvfclg15sz9bo-chVRJBIcXwnpSwLk01ilUhwT9Le2VyEhVlDlHk_HH5mhIJuFIHI1xijQmUxzA37SV-E5mE21IFbhGGNcMlFq-M4dBnKJiIo_PzoZtDBoVsv9pkqH_P_xH3ck1tWV_BnDt6J1gLtLCThMtAOj_GyYvriouScyxAiN50HA
2024-10-07 05:08:19 UTC	1221	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 32 37 37 36 38 37 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728277687000",null,null,null,
2024-10-07 05:08:19 UTC	940	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg; expires=Tue, 08-Apr-2025 05:08:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:19 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 07 Oct 2024 05:08:19 GMT Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49781	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:41 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1261 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg
2024-10-07 05:08:41 UTC	1261	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 37 31 39 38 35 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277719852",null,null,null
2024-10-07 05:08:42 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:42 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:42 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49782	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:41 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1374 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg
2024-10-07 05:08:41 UTC	1374	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 37 31 39 38 36 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277719865",null,null,null
2024-10-07 05:08:42 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:42 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:42 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49783	142.250.185.142	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:42 UTC	1288	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 890 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg
2024-10-07 05:08:42 UTC	890	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-10-07 05:08:42 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:08:42 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:08:42 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:08:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49784	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7zOO46Pw5MbMGW+&MD=w+d75o56 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-07 05:08:53 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 1595fa67-ba48-442a-b259-e7b6fb3880dc MS-RequestId: acc7dbdd-9e38-4d81-a17b-fc17074fa6fd MS-CV: gsSDC7VJhUqE4oPf.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 07 Oct 2024 05:08:52 GMT Connection: close Content-Length: 30005
2024-10-07 05:08:53 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-07 05:08:53 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49785	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:54 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:54 UTC	540	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:54 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 04 Oct 2024 23:21:50 GMT ETag: "0x8DCE4CB535A72FA" x-ms-request-id: 4dad204e-401e-005b-4bf5-169c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050854Z-1657d5bbd482krtfgrg72dfbtn00000002s0000000008a53 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:54 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-07 05:08:54 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49786	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:55 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:55 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:55 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 4545068c-701e-0050-0e05-176767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050855Z-1657d5bbd482lxwq1dp2t1zwkc00000002q000000000fvaw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:55 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49789	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:55 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:55 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:55 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c59bb0f9-701e-0097-2d01-17b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050855Z-1657d5bbd48xdq5dkwwugdpzr0000000038000000000h3c8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:55 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49787	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:55 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:55 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:55 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: d4448e94-101e-00a2-2703-179f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050855Z-1657d5bbd48jwrqbupe3ktsx9w00000003a00000000015em x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:55 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49788	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:55 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:55 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:55 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8aaf7b13-d01e-0028-46fd-167896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050855Z-1657d5bbd48t66tjar5xuq22r80000000300000000007fyb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:55 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49790	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:55 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:55 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:55 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b27588a3-a01e-003d-6001-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050855Z-1657d5bbd48lknvp09v995n79000000002k000000000gzda x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:55 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49795	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 87fc294c-201e-0051-40f3-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48tnj6wmberkg2xy8000000030000000000m999 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49793	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 73fc0cc0-d01e-008e-5fee-16387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48f7nlxc7n5fnfzh000000002q0000000005h6w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49791	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3ea0840d-701e-0053-1012-173a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48dfrdj7px744zp8s00000002pg00000000gfkg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49792	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1707b783-801e-00a3-53e5-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48tqvfc1ysmtbdrg000000002x0000000006chb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49794	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 15158de7-401e-0029-4b00-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48tnj6wmberkg2xy8000000030g00000000gp2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49796	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 0a3893d3-c01e-0082-33ee-16af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48sdh4cyzadbb374800000002v0000000009k61 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49800	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 99ffd5e0-b01e-0053-0101-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48vhs7r2p1ky7cs5w000000039000000000ccv9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49799	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: bf7deccb-401e-0064-0f0e-1754af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd487nf59mzf5b3gk8n00000002hg00000000mw39 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49798	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 915c1ee4-001e-0079-3000-1712e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48brl8we3nu8cxwgn00000003c0000000004u9e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49797	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:56 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:56 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 789c8418-601e-0032-5905-17eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050856Z-1657d5bbd48vlsxxpe15ac3q7n00000002y000000000cgnr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:56 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49801	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:57 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:57 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: e72ec3ca-501e-005b-2401-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050857Z-1657d5bbd48wd55zet5pcra0cg0000000300000000007nq1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:57 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49803	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:57 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:57 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c2d0a885-201e-0003-7ced-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050857Z-1657d5bbd48tqvfc1ysmtbdrg000000002y00000000041en x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:57 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49804	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:57 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:57 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 5a59384b-a01e-0053-3602-178603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050857Z-1657d5bbd48762wn1qw4s5sd3000000002z0000000001urk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:57 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49805	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:57 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:57 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: d3d0b776-b01e-003d-1803-17d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050857Z-1657d5bbd48sdh4cyzadbb374800000002z0000000000k20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:57 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49802	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:57 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:57 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 27ba9a72-001e-0046-2a01-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050857Z-1657d5bbd48cpbzgkvtewk0wu0000000030g00000000g5hv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:57 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49807	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:58 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:58 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 20b36261-201e-006e-7102-17bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050858Z-1657d5bbd48brl8we3nu8cxwgn00000003dg000000001duv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:58 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49806	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:58 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:58 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 09392ef7-101e-0046-3f05-1791b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050858Z-1657d5bbd48vlsxxpe15ac3q7n00000002yg00000000b8ed x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:58 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49809	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:58 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:58 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 81e42967-c01e-0014-5ee9-16a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050858Z-1657d5bbd48xdq5dkwwugdpzr000000003c0000000004uuw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:58 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49808	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:58 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:58 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f57b7c9f-801e-00a0-4a13-172196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050858Z-1657d5bbd48t66tjar5xuq22r800000002xg00000000ezv7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:58 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49810	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:58 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:58 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 6be05283-001e-00a2-2700-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050858Z-1657d5bbd48sqtlf1huhzuwq7000000002t00000000065kd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:58 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49811	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 40323690-a01e-0002-0100-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48sdh4cyzadbb374800000002u000000000d3yw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49812	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: c530354f-501e-0016-5013-17181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd4824mj9d6vp65b6n4000000034g00000000ggak x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49813	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 7cec3a6f-e01e-0033-3414-174695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48cpbzgkvtewk0wu00000000360000000001za7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49814	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d415a278-e01e-0051-6efe-1684b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48dfrdj7px744zp8s00000002vg000000001nvr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49815	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 7c825ef0-601e-0001-5f02-17faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48p2j6x2quer0q028000000034g00000000e271 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49816	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:08:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 4c0632d0-601e-0097-4413-17f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48qjg85buwfdynm5w0000000330000000009zkt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:08:59 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49817	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: b27116a7-a01e-003d-3a00-1798d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd487nf59mzf5b3gk8n00000002rg000000001wu2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49818	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: a62739ea-301e-005d-6402-17e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48tnj6wmberkg2xy8000000032000000000cfuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49820	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: a2d01d3c-801e-0083-4800-17f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48qjg85buwfdynm5w0000000340000000006s66 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49819	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:08:59 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:08:59 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 92e59db7-001e-002b-6700-1799f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050859Z-1657d5bbd48p2j6x2quer0q0280000000380000000005k1f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49821	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:00 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:00 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4dd19665-401e-005b-7705-179c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050900Z-1657d5bbd48tnj6wmberkg2xy800000002zg00000000mbne x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49823	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:00 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:00 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: db28b7eb-d01e-0065-5efe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050900Z-1657d5bbd48sqtlf1huhzuwq7000000002p000000000hd98 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49824	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:00 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:00 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 53f69819-801e-0048-7802-17f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050900Z-1657d5bbd48xsz2nuzq4vfrzg800000002w000000000a6cb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49822	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:00 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:00 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 151ca1e1-401e-0029-2b03-179b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050900Z-1657d5bbd48brl8we3nu8cxwgn00000003dg000000001dw6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49825	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:00 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:00 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 1be548a6-001e-00a2-4166-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050900Z-1657d5bbd48vlsxxpe15ac3q7n00000002zg000000008fk2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:00 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49827	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:01 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:01 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 7709e3c3-b01e-0097-5e02-174f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050901Z-1657d5bbd48cpbzgkvtewk0wu0000000030000000000hy88 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:01 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49828	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:01 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:01 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: c5dbf9be-001e-0017-2cf1-160c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050901Z-1657d5bbd48f7nlxc7n5fnfzh000000002mg00000000d8uu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:01 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49830	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:01 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:01 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 721d8bd8-801e-002a-4f00-1731dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050901Z-1657d5bbd48xdq5dkwwugdpzr000000003d00000000029tb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:01 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49831	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:01 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:01 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: cb78c1b2-201e-003f-2e04-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050901Z-1657d5bbd48f7nlxc7n5fnfzh000000002h000000000r3ts x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:01 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49829	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:01 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:01 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 5e879109-c01e-00a2-3e73-172327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050901Z-1657d5bbd48f7nlxc7n5fnfzh000000002pg000000006srg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:01 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49832	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 27b6de9f-001e-0046-1e00-17da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48p2j6x2quer0q028000000035000000000deqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49833	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 04801829-801e-00ac-6301-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48xdq5dkwwugdpzr000000003ag000000008p5a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49836	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: cde3aec9-601e-0084-63e5-166b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48762wn1qw4s5sd3000000002wg00000000822q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:02 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49834	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 2f3972b1-401e-0035-1b02-1782d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48jwrqbupe3ktsx9w000000038g000000004zsr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:02 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49835	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 1ed82642-401e-0048-7b12-170409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48762wn1qw4s5sd3000000002yg000000002mxq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:02 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49837	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 3a03d6b9-d01e-0066-52e9-16ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48762wn1qw4s5sd3000000002s000000000s06v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49838	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 678513bd-b01e-0053-4460-17cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48xsz2nuzq4vfrzg800000002z0000000002ud9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49839	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 938e68e0-901e-0029-0160-17274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48wd55zet5pcra0cg000000032g000000001upt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49841	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: b0fdb72d-401e-0015-37ce-160e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050902Z-1657d5bbd48tnj6wmberkg2xy800000002z000000000qdm4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49840	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:02 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: d803a4ff-401e-0083-3904-17075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd48sdh4cyzadbb374800000002rg00000000mad9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49843	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:03 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8d044b15-901e-00ac-3902-17b69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd48p2j6x2quer0q0280000000380000000005k42 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49842	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:03 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 8d3bec0a-601e-0070-32fe-16a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd48f7nlxc7n5fnfzh000000002qg000000004ckp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49844	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:03 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: e72b6989-501e-005b-2b00-17d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd4824mj9d6vp65b6n4000000034g00000000ggee x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49845	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:03 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 0377c3fc-101e-000b-65dc-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd48cpbzgkvtewk0wu0000000035g0000000031kd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49846	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:03 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:03 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: a5e58c1d-b01e-00ab-5ac9-16dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050903Z-1657d5bbd48p2j6x2quer0q028000000037g000000005kq6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:03 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49848	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:04 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:04 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: ef9cab6f-f01e-0099-0d00-179171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050904Z-1657d5bbd48cpbzgkvtewk0wu0000000032000000000d63h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:04 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49849	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:04 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:04 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f519f63-901e-0016-75ff-16efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050904Z-1657d5bbd48xlwdx82gahegw40000000036g000000009a1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:04 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49847	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:04 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:04 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 78a0432a-701e-001e-1805-17f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050904Z-1657d5bbd4824mj9d6vp65b6n4000000036g000000009qwz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:04 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49851	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:04 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:04 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 821e4157-c01e-0014-3301-17a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050904Z-1657d5bbd48jwrqbupe3ktsx9w000000034000000000h544 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:04 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49850	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:04 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:04 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: b67c2655-301e-0096-2300-17e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050904Z-1657d5bbd48lknvp09v995n79000000002rg0000000025r1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:04 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49853	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:05 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:05 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: bfab55ab-401e-0015-6202-170e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050905Z-1657d5bbd48qjg85buwfdynm5w000000035g000000003khb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:05 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49856	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:05 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:05 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 3b7b7106-501e-0064-43e7-161f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050905Z-1657d5bbd48762wn1qw4s5sd3000000002ug00000000enx2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:05 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49854	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:05 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:05 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 01bf113a-f01e-003c-3703-178cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050905Z-1657d5bbd48cpbzgkvtewk0wu0000000034g0000000055pv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:05 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49852	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:05 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 763e8d43-601e-000d-6912-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050905Z-1657d5bbd487nf59mzf5b3gk8n00000002h000000000mtw8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49855	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:05 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:05 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 7875ffac-201e-000c-7f02-1779c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050905Z-1657d5bbd48p2j6x2quer0q0280000000390000000003mca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:05 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49858	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: f196d52c-b01e-0002-1604-171b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48cpbzgkvtewk0wu0000000031000000000fpp9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49859	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:06 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 2f576d96-401e-0047-3902-178597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48p2j6x2quer0q028000000034g00000000e2gk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:06 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49862	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:06 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 0607cd43-401e-0078-1b00-174d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48vlsxxpe15ac3q7n00000002zg000000008fst x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:06 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49860	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:06 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: dfb96d6a-f01e-003f-17e5-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48f7nlxc7n5fnfzh000000002qg000000004cpv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:06 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49861	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:06 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: f5ee0945-901e-0083-4202-17bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48xsz2nuzq4vfrzg800000002tg00000000h24g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:06 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49863	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:06 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: a5ff6bd9-301e-005d-3af2-16e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd48tnj6wmberkg2xy8000000033g0000000082b3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49864	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0c165d1d-a01e-000d-7dfe-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd48q6t9vvmrkd293mg00000003000000000074rt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49865	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: c2f609cb-201e-0003-75fd-16f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd487nf59mzf5b3gk8n00000002s00000000017pm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49866	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 33b4d0ae-a01e-0032-35ff-161949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050906Z-1657d5bbd48sqtlf1huhzuwq7000000002pg00000000h5xw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49867	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 960edd56-701e-005c-4100-17bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd482tlqpvyz9e93p54000000036g000000001c64 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49868	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: b738acd5-401e-0067-1502-1709c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd48cpbzgkvtewk0wu00000000330000000008why x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49869	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 8a5fd43d-c01e-0066-4506-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd48lknvp09v995n79000000002m000000000cx8c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49872	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: db28c537-d01e-0065-47fe-16b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd482tlqpvyz9e93p54000000031g00000000ds3p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49870	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 0480ed94-801e-00ac-5102-17fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd4824mj9d6vp65b6n400000003ag000000000cdt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49871	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:07 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:07 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:07 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b72ef555-401e-0067-78fe-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050907Z-1657d5bbd48762wn1qw4s5sd3000000002sg00000000qunu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:07 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49873	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:08 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:08 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: cb759915-201e-003f-5f03-176d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050908Z-1657d5bbd48f7nlxc7n5fnfzh000000002p0000000007v1z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:08 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49874	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:08 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:08 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 84e7aa3f-c01e-008e-74ff-167381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050908Z-1657d5bbd482lxwq1dp2t1zwkc00000002sg000000008xa4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:08 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49876	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:08 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:08 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 76165599-601e-000d-1a02-172618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050908Z-1657d5bbd48brl8we3nu8cxwgn000000039g00000000bx6h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:08 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49877	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:08 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:08 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 29f28342-e01e-003c-5d00-17c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050908Z-1657d5bbd482krtfgrg72dfbtn00000002ng00000000kvt1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:08 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49875	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:08 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:08 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:08 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 03c3f781-101e-000b-56fe-165e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050908Z-1657d5bbd48brl8we3nu8cxwgn00000003e0000000000cqy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:08 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49878	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:09 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:09 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: a9a45936-c01e-00a1-54f1-167e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050909Z-1657d5bbd482tlqpvyz9e93p540000000360000000001sm3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:09 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49882	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:09 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:09 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 04600955-801e-00ac-55f4-16fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050909Z-1657d5bbd48brl8we3nu8cxwgn00000003d0000000002by8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:09 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49881	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:09 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:09 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 6bee43b5-001e-00a2-2106-17d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050909Z-1657d5bbd48vhs7r2p1ky7cs5w000000038g00000000en54 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:09 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49880	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:09 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:09 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 173e0f62-801e-00a3-24fe-167cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050909Z-1657d5bbd48q6t9vvmrkd293mg00000002wg00000000n4mv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:09 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49879	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:09 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:09 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:09 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 6f1c5b1d-901e-0048-485a-17b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050909Z-1657d5bbd48sqtlf1huhzuwq7000000002qg00000000da5d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:09 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49883	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 4035d6e2-a01e-0002-4602-175074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd482tlqpvyz9e93p54000000030g00000000fws6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49886	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fcca05a5-501e-00a0-3202-179d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd48xdq5dkwwugdpzr0000000039g00000000c49f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49885	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 87e26173-201e-0051-15e7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd482krtfgrg72dfbtn00000002vg000000001g8g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49884	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 62f7f1ae-f01e-0096-4d0c-1710ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd482lxwq1dp2t1zwkc00000002sg000000008xau x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49887	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 31868579-401e-008c-0af2-1686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd482lxwq1dp2t1zwkc00000002qg00000000epft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49892	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 77012b0e-b01e-0097-0bff-164f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd482tlqpvyz9e93p54000000036g000000001c84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49888	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: fbb49b00-e01e-00aa-4806-17ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd48jwrqbupe3ktsx9w00000003700000000091bs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49890	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 7d21ea5d-701e-0098-0502-17395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd48t66tjar5xuq22r80000000330000000000w10 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49891	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: b6fa471e-401e-0067-43e5-1609c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd48vlsxxpe15ac3q7n00000002z0000000008uyp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49889	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:10 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:10 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:10 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 08bf7a15-f01e-0020-7706-17956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050910Z-1657d5bbd48lknvp09v995n79000000002pg000000006va0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:10 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49893	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:11 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:11 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: a18d9b1d-601e-0002-1f03-17a786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050911Z-1657d5bbd48xlwdx82gahegw40000000034g00000000gbg6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:11 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49897	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:11 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:11 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 6d2b2f65-e01e-0099-735a-17da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050911Z-1657d5bbd48gqrfwecymhhbfm800000001ug0000000097pr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:11 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49896	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:11 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:11 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d4fd285a-d01e-005a-06ed-167fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050911Z-1657d5bbd48wd55zet5pcra0cg000000031g000000004tew x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:11 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49895	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:11 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:11 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 76dbcc6a-501e-0035-36ed-16c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050911Z-1657d5bbd48xlwdx82gahegw40000000034000000000h6tx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:11 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49894	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:11 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:11 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:11 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: c9f5ea47-201e-0071-33fe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050911Z-1657d5bbd48vhs7r2p1ky7cs5w000000037g00000000kns1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:11 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49899	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:12 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:12 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4d8e5842-701e-0021-0efe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050912Z-1657d5bbd48tqvfc1ysmtbdrg000000002zg000000000ph7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:12 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49898	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:12 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:12 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 838d785c-001e-0014-24fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050912Z-1657d5bbd48762wn1qw4s5sd3000000002s000000000s0k0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:12 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49902	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:12 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:12 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 0c184816-a01e-000d-72ff-16d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050912Z-1657d5bbd48tnj6wmberkg2xy8000000030000000000m9xq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:12 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49900	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:12 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:12 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 8a56303a-c01e-0066-0f01-17a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050912Z-1657d5bbd48f7nlxc7n5fnfzh000000002rg00000000268b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:12 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49901	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:12 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:12 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:12 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: cd0b82ba-d01e-0049-1304-17e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050912Z-1657d5bbd48tnj6wmberkg2xy8000000034g000000006edf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:12 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49907	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:13 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:13 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 4ef38422-401e-000a-160c-174a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050913Z-1657d5bbd48brl8we3nu8cxwgn000000038g00000000e2e0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:13 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49904	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:13 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: d3a3eb01-b01e-003d-1ef1-16d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050913Z-1657d5bbd4824mj9d6vp65b6n4000000035g00000000bvhg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:13 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49908	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:13 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:13 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: c326dec7-201e-0003-0c12-17f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050913Z-1657d5bbd48sdh4cyzadbb374800000002ug00000000bhtx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:13 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49905	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:13 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: ca2bab4f-201e-0071-5e14-17ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050913Z-1657d5bbd487nf59mzf5b3gk8n00000002sg0000000008gf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49906	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:13 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:13 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:13 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 4d8e59a4-701e-0021-64fe-163d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050913Z-1657d5bbd48vlsxxpe15ac3q7n0000000330000000000crd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:13 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49911	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: c9f5e5fc-201e-0071-5dfe-16ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48tqvfc1ysmtbdrg000000002w0000000009ef2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49910	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 87e265fd-201e-0051-4fe7-167340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48762wn1qw4s5sd3000000002sg00000000quv0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49913	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 3e7839e3-701e-0053-5cff-163a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48cpbzgkvtewk0wu0000000034g0000000055w8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49912	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 75ef523f-601e-000d-02f2-162618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48sdh4cyzadbb374800000002t000000000h51q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49909	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: cad35e9e-b01e-0021-3602-17cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd482tlqpvyz9e93p540000000350000000004m8c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49914	142.250.185.174	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1244 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg
2024-10-07 05:09:14 UTC	1244	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 37 35 32 32 35 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277752252",null,null,null
2024-10-07 05:09:14 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:09:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:09:14 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:09:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49915	142.250.185.174	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	1329	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 1450 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=dc2mC3WLyPrGNiX3EZEO2XFz7MGWNfgVKzXjwxAyvzG3xAbtXwNvrNQWDWDxVbP_K_ce_NUhj4qLD6oWuuUeyeTbZpOCsVZL-0wXFloGVoFoYe8ijzc8ibpKvEnNSLHOtd9cO7zby3EsDERdNsPh6w8aB1ttwIi0Pgltd-DMYniRxkBkrD1bvfiVbg
2024-10-07 05:09:14 UTC	1450	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 32 37 37 37 35 32 33 36 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728277752361",null,null,null
2024-10-07 05:09:14 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Mon, 07 Oct 2024 05:09:14 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-07 05:09:14 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-07 05:09:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49916	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: dfa7567c-f01e-003f-67de-16d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48dfrdj7px744zp8s00000002ng00000000pf7z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49917	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: c7b470af-b01e-005c-24fe-164c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48p2j6x2quer0q0280000000380000000005kf4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49919	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 838d7376-001e-0014-17fe-165151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd482tlqpvyz9e93p540000000360000000001ssd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49918	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 20e89b60-501e-008c-3a03-17cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48wd55zet5pcra0cg00000002w000000000m64n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49920	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:14 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:14 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 7d18055e-701e-0098-56ff-16395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050914Z-1657d5bbd48f7nlxc7n5fnfzh000000002m000000000f85f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49921	13.107.246.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-07 05:09:15 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-07 05:09:15 UTC	563	IN	HTTP/1.1 200 OK Date: Mon, 07 Oct 2024 05:09:15 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: b1fbfe33-a01e-003d-4fd4-1698d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241007T050915Z-1657d5bbd48wd55zet5pcra0cg00000002yg00000000bkzf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-07 05:09:15 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Target ID:	0
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa00000
File size:	919'040 bytes
MD5 hash:	EE95257864261011CE46FDCA8C9DCFCF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialFlusher, Description: Yara detected Credential Flusher, Source: 00000000.00000002.2931810005.0000000000F88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x730000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x730000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x730000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x730000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x730000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:07:56
Start date:	07/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:07:58
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	01:07:59
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	01:08:09
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	01:08:09
Start date:	07/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=2188,i,17232835038344296850,10898188785994000437,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	1533
Total number of Limit Nodes:	55

Executed Functions

Function 00A042DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00A0430D

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

GetCurrentProcess.KERNEL32(?,00A9CB64,00000000,?,?), ref: 00A04422
IsWow64Process.KERNEL32(00000000,?,?), ref: 00A04429
LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A04454
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A04466
GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00A04474
FreeLibrary.KERNEL32(00000000,?,?), ref: 00A0447B
GetSystemInfo.KERNEL32(?,?,?), ref: 00A044A0

Strings

GetNativeSystemInfo, xrefs: 00A04460
kernel32.dll, xrefs: 00A0444F
|O, xrefs: 00A436F8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
String ID: GetNativeSystemInfo$kernel32.dll$|O
API String ID: 3290436268-3101561225
Opcode ID: 8cd282573c20b1cb25f2662c8b1f91d790d9cdebe8de93b35e865463aaae15f2
Instruction ID: 0aa2a0d01a97b9c341f31f59668bd33e645e84415fdd03b614e67b8c30de02f4
Opcode Fuzzy Hash: 8cd282573c20b1cb25f2662c8b1f91d790d9cdebe8de93b35e865463aaae15f2
Instruction Fuzzy Hash: 9DA1C7B690B3C4FFCB91C7E9BC851957FA5BB66700B18489BD0839FA62D2314607DB21

Function 00A042A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A050AA,?,?,00000000,00000000), ref: 00A042B2
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A050AA,?,?,00000000,00000000), ref: 00A042C9
LoadResource.KERNEL32(?,00000000,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20), ref: 00A435BE
SizeofResource.KERNEL32(?,00000000,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20), ref: 00A435D3
LockResource.KERNEL32(00A050AA,?,?,00A050AA,?,?,00000000,00000000,?,?,?,?,?,?,00A04F20,?), ref: 00A435E6

Strings

SCRIPT, xrefs: 00A042BF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: ed765d32bc0aea1134e4fddaa50086afb962de5f54753b80cf991f106787959d
Instruction ID: 56e3dcd90e2db2b343185272d30b45b7a82242fd7a44860966bff67439a31f8f
Opcode Fuzzy Hash: ed765d32bc0aea1134e4fddaa50086afb962de5f54753b80cf991f106787959d
Instruction Fuzzy Hash: A0117CB1300B04BFDB219BA5EC48FA77BB9FBC9B61F10816AB502D6290DF71D8018630

Function 00A42BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryW.KERNEL32(?), ref: 00A02B6B

Part of subcall function 00A03A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AD1418,?,00A02E7F,?,?,?,00000000), ref: 00A03A78

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

GetForegroundWindow.USER32(runas,?,?,?,?,?,00AC2224), ref: 00A42C10
ShellExecuteW.SHELL32(00000000,?,?,00AC2224), ref: 00A42C17

Strings

runas, xrefs: 00A42C0B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
String ID: runas
API String ID: 448630720-4000483414
Opcode ID: 7b377f0003200f423f3994ab14b2e7831744c5cdc972d8336b6bf080765f9724
Instruction ID: 4addac14d7e714eb3e080a56ebbb206201f5d3d7acee7dc071272eb307f48769
Opcode Fuzzy Hash: 7b377f0003200f423f3994ab14b2e7831744c5cdc972d8336b6bf080765f9724
Instruction Fuzzy Hash: 661106726083496ACB04FFA0FA56FBE77A8AB91350F44082EF142460E3CF20894AC713

Function 00A8A67C Relevance: 6.2, APIs: 4, Instructions: 175
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A8A6AC
Process32FirstW.KERNEL32(00000000,?), ref: 00A8A6BA

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Process32NextW.KERNEL32(00000000,?), ref: 00A8A79C
CloseHandle.KERNELBASE(00000000), ref: 00A8A7AB

Part of subcall function 00A1CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A43303,?), ref: 00A1CE8A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
String ID:
API String ID: 1991900642-0
Opcode ID: 674e7b17a3e60a7df84a6f7edfdfbb7c6677493c56acfe1e41479423aa86f86d
Instruction ID: 10ded8debbe23b955548c8c944144f0a17a21e55bdefc93f5516a5e096a9d08e
Opcode Fuzzy Hash: 674e7b17a3e60a7df84a6f7edfdfbb7c6677493c56acfe1e41479423aa86f86d
Instruction Fuzzy Hash: FC516E71508304AFD710EF24D986E6BBBE8FF89754F00891DF58597292EB70D904CBA2

Function 00A6DBBE Relevance: 6.0, APIs: 4, Instructions: 29
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(?,00A45222), ref: 00A6DBCE
GetFileAttributesW.KERNELBASE(?), ref: 00A6DBDD
FindFirstFileW.KERNEL32(?,?), ref: 00A6DBEE
FindClose.KERNEL32(00000000), ref: 00A6DBFA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FileFind$AttributesCloseFirstlstrlen
String ID:
API String ID: 2695905019-0
Opcode ID: 603aa57ad865e6e841f1c8c53b61d2cc40d70e5a85308f10d7ad3b7564e6e096
Instruction ID: 65f20fd1c38f7ddf6431b170db26d7884c4988c7a23b32a6f09825ed7394703e
Opcode Fuzzy Hash: 603aa57ad865e6e841f1c8c53b61d2cc40d70e5a85308f10d7ad3b7564e6e096
Instruction Fuzzy Hash: C5F0A030A10D1867C320EBB8AC0D8AA377C9E01374B504703F836C20E0EFB1599686D9

Function 00A8AFF9 Relevance: 24.4, APIs: 16, Instructions: 418
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcslen.LIBCMT ref: 00A8B198
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B1B0
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B1D4
_wcslen.LIBCMT ref: 00A8B200
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B214
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A8B236
_wcslen.LIBCMT ref: 00A8B332

Part of subcall function 00A705A7: GetStdHandle.KERNEL32(000000F6), ref: 00A705C6

_wcslen.LIBCMT ref: 00A8B34B
_wcslen.LIBCMT ref: 00A8B366
CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A8B3B6
GetLastError.KERNEL32(00000000), ref: 00A8B407
CloseHandle.KERNEL32(?), ref: 00A8B439
CloseHandle.KERNEL32(00000000), ref: 00A8B44A
CloseHandle.KERNEL32(00000000), ref: 00A8B45C
CloseHandle.KERNEL32(00000000), ref: 00A8B46E
CloseHandle.KERNEL32(?), ref: 00A8B4E3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
String ID:
API String ID: 2178637699-0
Opcode ID: 853610b19180df7a846617a3fd9ad8112d8a75becda531d559f925483057f108
Instruction ID: 9c594a20fd0c0362a1a5eea7478b4a0fd5183cc532816647ac8d98493386ab99
Opcode Fuzzy Hash: 853610b19180df7a846617a3fd9ad8112d8a75becda531d559f925483057f108
Instruction Fuzzy Hash: EEF1AE316183409FCB14EF24D991B6FBBE1AF85314F14855DF49A9B2A2DB31EC41CB62

Function 00A0D730 Relevance: 21.6, APIs: 14, Instructions: 616windowsleeptimeCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A0D807
timeGetTime.WINMM ref: 00A0DA07
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB28
TranslateMessage.USER32(?), ref: 00A0DB7B
DispatchMessageW.USER32(?), ref: 00A0DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB9F
Sleep.KERNELBASE(0000000A), ref: 00A0DBB1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
String ID:
API String ID: 2189390790-0
Opcode ID: 54019db98d4f509c3479cd3b6c0be8335bf505656285f598e38d97a5bb7b2bb5
Instruction ID: 1bf6ef4873c5ae23f5a9e190bb3ad8d046ccdd1e3d82c6a06966152c7034f800
Opcode Fuzzy Hash: 54019db98d4f509c3479cd3b6c0be8335bf505656285f598e38d97a5bb7b2bb5
Instruction Fuzzy Hash: BC42F131608345EFD728CF64D844BAAB7F0BF46354F148A1EE956872D1D770E889CB92

Function 00A02CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A02D07
RegisterClassExW.USER32(00000030), ref: 00A02D31
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A02D42
InitCommonControlsEx.COMCTL32(?), ref: 00A02D5F
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A02D6F
LoadIconW.USER32(000000A9), ref: 00A02D85
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A02D94

Strings

TaskbarCreated, xrefs: 00A02D37
AutoIt v3 GUI, xrefs: 00A02D23
0, xrefs: 00A02CE9
+, xrefs: 00A02CF0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: eb97f9ceaa05f5f9a94a19c81fc10b12ce4a3a033591be1f9b5dc862c129dd96
Instruction ID: 63d1dabe4cbacc2aa871bd7113aa53a19cb545fc6d5e817957ca7e7c7c81689d
Opcode Fuzzy Hash: eb97f9ceaa05f5f9a94a19c81fc10b12ce4a3a033591be1f9b5dc862c129dd96
Instruction Fuzzy Hash: 4221C3B5A02218AFDB00DFE4E859BDDBBB8FB08714F00411BF512A62A0DBB14546CF91

Function 00A4065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A4039A: CreateFileW.KERNELBASE(00000000,00000000,?,00A40704,?,?,00000000,?,00A40704,00000000,0000000C), ref: 00A403B7

GetLastError.KERNEL32 ref: 00A4076F
__dosmaperr.LIBCMT ref: 00A40776
GetFileType.KERNELBASE(00000000), ref: 00A40782
GetLastError.KERNEL32 ref: 00A4078C
__dosmaperr.LIBCMT ref: 00A40795
CloseHandle.KERNEL32(00000000), ref: 00A407B5
CloseHandle.KERNEL32(?), ref: 00A408FF
GetLastError.KERNEL32 ref: 00A40931
__dosmaperr.LIBCMT ref: 00A40938

Strings

H, xrefs: 00A408BD

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 69d9b53fb7ba589f5b0887b657d17be500d55ab258608d5fddc8ae536f6ef5fe
Instruction ID: 4dfd296709553267e007aca3668e0f0c41b9e221fe0ada27c743bd018043e6e0
Opcode Fuzzy Hash: 69d9b53fb7ba589f5b0887b657d17be500d55ab258608d5fddc8ae536f6ef5fe
Instruction Fuzzy Hash: 33A1273AA005048FDF19EF78D951FAE7BB0EB86320F24015AF9119F292DB359813DB91

Function 00A0344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A03A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AD1418,?,00A02E7F,?,?,?,00000000), ref: 00A03A78

Part of subcall function 00A03357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A03379

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A0356A
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A4318D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A431CE
RegCloseKey.ADVAPI32(?), ref: 00A43210
_wcslen.LIBCMT ref: 00A43277
_wcslen.LIBCMT ref: 00A43286

Strings

Software\AutoIt v3\AutoIt, xrefs: 00A03560
\Include\, xrefs: 00A03527
\, xrefs: 00A4328C
Include, xrefs: 00A43184, 00A431C5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 98802146-2727554177
Opcode ID: 635bb5982575de96efc7ce62ebb3164102dae92b9d13a08e60f77bf2879d5324
Instruction ID: f6b34dd93939e3c71208086e2bc97ac99a7ae29da238563778fa9b8d205908bc
Opcode Fuzzy Hash: 635bb5982575de96efc7ce62ebb3164102dae92b9d13a08e60f77bf2879d5324
Instruction Fuzzy Hash: 2971D6715053049FD704EFA9ED81AABB7F8FFA4750F40052EF5468B1A0EB709A49CB62

Function 00A02B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A02B8E
LoadCursorW.USER32(00000000,00007F00), ref: 00A02B9D
LoadIconW.USER32(00000063), ref: 00A02BB3
LoadIconW.USER32(000000A4), ref: 00A02BC5
LoadIconW.USER32(000000A2), ref: 00A02BD7
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A02BEF
RegisterClassExW.USER32(?), ref: 00A02C40

Part of subcall function 00A02CD4: GetSysColorBrush.USER32(0000000F), ref: 00A02D07
Part of subcall function 00A02CD4: RegisterClassExW.USER32(00000030), ref: 00A02D31
Part of subcall function 00A02CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A02D42
Part of subcall function 00A02CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A02D5F
Part of subcall function 00A02CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A02D6F
Part of subcall function 00A02CD4: LoadIconW.USER32(000000A9), ref: 00A02D85
Part of subcall function 00A02CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A02D94

Strings

#, xrefs: 00A02C16
AutoIt v3, xrefs: 00A02C2F
0, xrefs: 00A02C0F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 86c6fd07524931a7cc54b200b50b4c9b637c93e2a63200a91db9c9a08a33ffbd
Instruction ID: 66808110944748f7b6b82e81369c6ca6b82059e3427bedd3c6daf9dcd245a784
Opcode Fuzzy Hash: 86c6fd07524931a7cc54b200b50b4c9b637c93e2a63200a91db9c9a08a33ffbd
Instruction Fuzzy Hash: 03211875E02318BBDB50DFE5EC59AA97FB4FB48B54F40011BE506AA6A0DBB10542CF90

Function 00A03170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A0316A,?,?), ref: 00A031D8
KillTimer.USER32(?,00000001,?,?,?,?,?,00A0316A,?,?), ref: 00A03204
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A03227
RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A0316A,?,?), ref: 00A03232
CreatePopupMenu.USER32 ref: 00A03246
PostQuitMessage.USER32(00000000), ref: 00A03267

Strings

TaskbarCreated, xrefs: 00A0322D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 150249fc8c16d73da5301c96e9e6e5e2e2451fa0ab7f6a76c8b56ea37133fd5c
Instruction ID: fd01530455baaebe9f795d006da803d08305b7b1f293689b2508f65e75cfddf2
Opcode Fuzzy Hash: 150249fc8c16d73da5301c96e9e6e5e2e2451fa0ab7f6a76c8b56ea37133fd5c
Instruction Fuzzy Hash: 4341193A340208BBDF149BF8BD69BB93B6DEB5D350F040217F503862E1DB618A419761

Function 00A02C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A02C91
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A02CB2
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A01CAD,?), ref: 00A02CC6
ShowWindow.USER32(00000000,?,?,?,?,?,?,00A01CAD,?), ref: 00A02CCF

Strings

edit, xrefs: 00A02CAC
AutoIt v3, xrefs: 00A02C89, 00A02C8E, 00A02C8F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a578df43ee5a7b468df13870cb5dfae2e213d66e7748eeaa3f5a0c2968e53501
Instruction ID: 8956243da50682672bda2516b448a0ba84e2d289232c7beb0ce66f754cdb3823
Opcode Fuzzy Hash: a578df43ee5a7b468df13870cb5dfae2e213d66e7748eeaa3f5a0c2968e53501
Instruction Fuzzy Hash: C4F0DA796412907BEB719797AC0CEB73FBDD7C6F60B00005BF905AA5A0D6611852DAB0

Function 00A03B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B40
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B61
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A03B0F,SwapMouseButtons,00000004,?), ref: 00A03B83

Strings

Control Panel\Mouse, xrefs: 00A03B3E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: ba0cd34bb398f5cc06e916466c6fa855d66f601926580bcb18415a859323f586
Instruction ID: 871ab383ea39851247695e35cf4392e119709e1d1bd33380329126ccbd5af492
Opcode Fuzzy Hash: ba0cd34bb398f5cc06e916466c6fa855d66f601926580bcb18415a859323f586
Instruction Fuzzy Hash: 1F112AB6610208FFDF20CFA5EC85AAEBBBCEF05758B10445AA806D7150E6719E459760

Function 00A03923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A433A2

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A03A04

Strings

Line: , xrefs: 00A433EB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconLoadNotifyShell_String_wcslen
String ID: Line:
API String ID: 2289894680-1585850449
Opcode ID: e38a4a8da0844889836e2fc61b659ec82b6b68e5113931de4a39a09c464f1f36
Instruction ID: f8fe95aae5edcb403aece39de2d8f1f3d565c5d7bac609c958296d746e602f4d
Opcode Fuzzy Hash: e38a4a8da0844889836e2fc61b659ec82b6b68e5113931de4a39a09c464f1f36
Instruction Fuzzy Hash: 6931E272508308ABCB20EB64EC45BEBB3ECAB40314F00492BF59A861D1DB709649C7C2

Function 00A1FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 00A20668

Part of subcall function 00A232A4: RaiseException.KERNEL32(?,?,?,00A2068A,?,00AD1444,?,?,?,?,?,?,00A2068A,00A01129,00AC8738,00A01129), ref: 00A23304

__CxxThrowException@8.LIBVCRUNTIME ref: 00A20685

Strings

Unknown exception, xrefs: 00A20692

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Unknown exception
API String ID: 3476068407-410509341
Opcode ID: 18740180b2afdf83990b53bb7f2672f3572e0e265e57f926764690f10d2b7041
Instruction ID: 367688f4346185c3cf79a5205a466dc388effbb69bf0764e103ce6940c60ddbb
Opcode Fuzzy Hash: 18740180b2afdf83990b53bb7f2672f3572e0e265e57f926764690f10d2b7041
Instruction Fuzzy Hash: C5F0C23490021DBBCF04B7ACF946DEE7B6C6E00354B604535B824D6593EF75DA65C6C0

Function 00A010F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A01BF4
Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A01BFC
Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A01C07
Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A01C12
Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A01C1A
Part of subcall function 00A01BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A01C22

Part of subcall function 00A01B4A: RegisterWindowMessageW.USER32(00000004,?,00A012C4), ref: 00A01BA2

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A0136A
OleInitialize.OLE32 ref: 00A01388
CloseHandle.KERNEL32(00000000,00000000), ref: 00A424AB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 8fa47585e86ba49f98233c5e4d3a14d7d8f574c3d090f2f74795a566ffff9cc2
Instruction ID: c87d053c80840732456209aabc0b01ae1909ea73c51b31732c3577f3c8af908a
Opcode Fuzzy Hash: 8fa47585e86ba49f98233c5e4d3a14d7d8f574c3d090f2f74795a566ffff9cc2
Instruction Fuzzy Hash: C0718BB4A12304AFC784EFF9BA456993BE1FB89354754826BD41BC73A2EB384442CF51

Function 00A6C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A03923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A03A04

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A6C259
KillTimer.USER32(?,00000001,?,?), ref: 00A6C261
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A6C270

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconNotifyShell_Timer$Kill
String ID:
API String ID: 3500052701-0
Opcode ID: 0bd6369bcaa68d0f2f1a3f17f33334f6e8940371c1eafa8bb69316192e8ae4b0
Instruction ID: d63afa22550d45b5d86e4fc41deaf59edba9e585cc9dfd2e61bdfc22742088e2
Opcode Fuzzy Hash: 0bd6369bcaa68d0f2f1a3f17f33334f6e8940371c1eafa8bb69316192e8ae4b0
Instruction Fuzzy Hash: 7331C370A04344AFEB22DFB488A5BE7BBFC9F06314F00049AD6EA97241C7745A85CB51

Function 00A386AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00000000,?,?,00A385CC,?,00AC8CC8,0000000C), ref: 00A38704
GetLastError.KERNEL32(?,00A385CC,?,00AC8CC8,0000000C), ref: 00A3870E
__dosmaperr.LIBCMT ref: 00A38739

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 2434f71c894c25b0831c346bf7a39889eaeaf0552f31f72b64b77810e43bbe06
Instruction ID: d003ac3d34d1d1b2258ec764d9119dcffc71e57fd258b6187af31ce948dab4df
Opcode Fuzzy Hash: 2434f71c894c25b0831c346bf7a39889eaeaf0552f31f72b64b77810e43bbe06
Instruction Fuzzy Hash: B5014E32A0572017D634A378AA47B7E77594B82774F39011AF8158F1D2DFA8CC819150

Function 00A0DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON

Download Yara Rule

APIs

TranslateMessage.USER32(?), ref: 00A0DB7B
DispatchMessageW.USER32(?), ref: 00A0DB89
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A0DB9F
Sleep.KERNELBASE(0000000A), ref: 00A0DBB1
TranslateAcceleratorW.USER32(?,?,?), ref: 00A51CC9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchPeekSleep
String ID:
API String ID: 3288985973-0
Opcode ID: efc1006eb2c205f07141f35f7cc43fdeef9c856ff20856cb444c778d058ccfdc
Instruction ID: cc4cd7a467ef15d463a3680325714ec18b1c711850a6e9849b93d1ba902e0e30
Opcode Fuzzy Hash: efc1006eb2c205f07141f35f7cc43fdeef9c856ff20856cb444c778d058ccfdc
Instruction Fuzzy Hash: DCF0FE316443849BE730DBE09C89FEA73ADEB85711F504A1AE65A970D0DB309489DB25

Function 00A11310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A117F6

Strings

CALL, xrefs: 00A117C6

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: CALL
API String ID: 1385522511-4196123274
Opcode ID: 5a4949f6f82121880eec94443b2b9c2225918e6839b7c8422d116458f74aaa50
Instruction ID: 443232628dff59a4adad29b273aafec6707e8138955d8da7baa7df5cf4d2638b
Opcode Fuzzy Hash: 5a4949f6f82121880eec94443b2b9c2225918e6839b7c8422d116458f74aaa50
Instruction Fuzzy Hash: C5228C706083419FC714DF14C580BAABBF2BF85314F64895DF9968B3A1D735E885CB92

Function 00A02DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00A42C8C

Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2

Part of subcall function 00A02DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A02DC4

Strings

X, xrefs: 00A42C5A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: afa868059812207867841be80b9a3683d9832070ee2b0675c9a4e0e5940156d6
Instruction ID: ffb88907bf82efbd0f65d6fc680176a835dc291e998e24cdf0ef4dd8e868a1ab
Opcode Fuzzy Hash: afa868059812207867841be80b9a3683d9832070ee2b0675c9a4e0e5940156d6
Instruction Fuzzy Hash: 7621A571A0025C9FCF01EF94D949BEE7BFCAF49314F00405AE405AB281DBB45A898F61

Function 00A03837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A03908

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 82df8420eac3355da1fd49e73e1b164ec6f5a86042d14b18b3e59456badafd7d
Instruction ID: 2b04cc4bab64a189971fda547cc30ab93150df857524d6116e327c4227e83765
Opcode Fuzzy Hash: 82df8420eac3355da1fd49e73e1b164ec6f5a86042d14b18b3e59456badafd7d
Instruction Fuzzy Hash: C931C3756057059FD760DF64E884797BBF8FB49308F00096EF59A87280E771AA48CB52

Function 00A1F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A1F661

Part of subcall function 00A0D730: GetInputState.USER32 ref: 00A0D807

Sleep.KERNEL32(00000000), ref: 00A5F2DE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InputSleepStateTimetime
String ID:
API String ID: 4149333218-0
Opcode ID: f8c219f56f3e970220d4c5c5c87df302f6230ef125a122ccd1c1a8ef60cabe41
Instruction ID: afb730434a9b242ab5946043b36dab6f9045a8c8aa6547cc0b1660a18baa7af7
Opcode Fuzzy Hash: f8c219f56f3e970220d4c5c5c87df302f6230ef125a122ccd1c1a8ef60cabe41
Instruction Fuzzy Hash: 57F082312406059FD310EFA5E945B5AB7E4FF49761F00006AE85EC73A0DB70BC00CB90

Function 00A0B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 00A0BB4E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID:
API String ID: 1385522511-0
Opcode ID: e6ed115bfc2d685675edc5bdfc0b1897603862b1fab51075c3157c4cfeb2c9dc
Instruction ID: dc9bb8fdad118009101db8e4f8cef920027d5073e1264be89f394108f4b68412
Opcode Fuzzy Hash: e6ed115bfc2d685675edc5bdfc0b1897603862b1fab51075c3157c4cfeb2c9dc
Instruction Fuzzy Hash: AB32AB34A00209AFDB24CF54DA94FBEB7B5FF44350F14805AED16AB2A1C774AD85CBA1

Function 00A04ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A04E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E9C
Part of subcall function 00A04E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A04EAE
Part of subcall function 00A04E90: FreeLibrary.KERNEL32(00000000,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EC0

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EFD

Part of subcall function 00A04E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E62
Part of subcall function 00A04E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A04E74
Part of subcall function 00A04E59: FreeLibrary.KERNEL32(00000000,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E87

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Library$Load$AddressFreeProc
String ID:
API String ID: 2632591731-0
Opcode ID: 6dbbd94a9f81de633b3a1073c944fd0fc8d4d2eaaecc9b27d007d07c18ed3b5b
Instruction ID: 51af687baab1a4e265d43a19a9ccde6316dee1904ea769521e1c3d6f09c06a2e
Opcode Fuzzy Hash: 6dbbd94a9f81de633b3a1073c944fd0fc8d4d2eaaecc9b27d007d07c18ed3b5b
Instruction Fuzzy Hash: 3D11E7B261020AABDF14FF74EE02FED77A5BF44B11F10842DF642A61C1DEB09A459B50

Function 00A38402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00A38440

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 6067391b432d3a65a3503174865d37e02bb296c47430cdffa929088eed8ed083
Instruction ID: 8caa7f04de6f9bca9a4e606dd1f22b824634d11c0e2dbac7f9453d4c0d02c4e3
Opcode Fuzzy Hash: 6067391b432d3a65a3503174865d37e02bb296c47430cdffa929088eed8ed083
Instruction Fuzzy Hash: 1311187590420AAFCF15DF58E94199A7BF5EF48314F104059F809AB312DB31DA11CBA5

Function 00A35000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A34C7D: RtlAllocateHeap.NTDLL(00000008,00A01129,00000000,?,00A32E29,00000001,00000364,?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?), ref: 00A34CBE

_free.LIBCMT ref: 00A3506C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction ID: b2c24828e38c2ed506c9e865214fb86f48b376f2cf44834c5af2dc373c3923db
Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
Instruction Fuzzy Hash: C80126726047046FE3258F69D881A5AFBE8FB8A370F25052DF18483280EA31A905C7B4

Function 00A929BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,?,?,00A914B5,?), ref: 00A92A01

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: b347a63c38894b95ae8efb0ace58234e509dd964bb8c28c78e72bb9c5ede795d
Instruction ID: 49db74100bc84ae13a1e49687f2ad1ef8d29b74b5e1003fa22ae2e8500a19d4a
Opcode Fuzzy Hash: b347a63c38894b95ae8efb0ace58234e509dd964bb8c28c78e72bb9c5ede795d
Instruction Fuzzy Hash: ED01B137340A41BFDB34CB2CC494B2637E2EB85354F698469C0478B651DB32EC42C7A0

Function 00A2E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction ID: 9c3f92c0cf512e1e242c298e024df341261f17db75382bc530039d325ca09794
Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
Instruction Fuzzy Hash: D4F0F432511A309AD6317B6DBE05B5A33A89F52331F100735F420921D2DB78E84186A5

Function 00A34C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,00A01129,00000000,?,00A32E29,00000001,00000364,?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?), ref: 00A34CBE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5b3aa29fae8fe67d7b2279643040e8ba6611307cb3af66efa0a6ca550fd9b0c6
Instruction ID: 7d8ede30a5df55f3ae94b2d896cce3c0afe41a6f439cba7269bd02396d5b5e7c
Opcode Fuzzy Hash: 5b3aa29fae8fe67d7b2279643040e8ba6611307cb3af66efa0a6ca550fd9b0c6
Instruction Fuzzy Hash: 53F0E93160773467DB215F66AD05B5A3798FF497B0F155122F815AA191CE70FC0246E0

Function 00A33820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cd0c2e17f553a931beaea1b13148318f31d99ff627ab20c1806e71635e7b3b5f
Instruction ID: d37f692ec18d1e0c89c1b403ea44a783e591a11daedd38ab7867de807c1cf630
Opcode Fuzzy Hash: cd0c2e17f553a931beaea1b13148318f31d99ff627ab20c1806e71635e7b3b5f
Instruction Fuzzy Hash: 2BE0E53310A234A6EE212BBBAD01B9A3758AF427B0F150131BC05964A0CB10DD0282E4

Function 00A04F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04F6D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: bcd698012414aab0a16743f9e20448beabcbf941588a844c61eaea7e708b78df
Instruction ID: 30e5c6b6026c9c4e361b247a51ccda9b7bdc998689cf44964cfe998392076551
Opcode Fuzzy Hash: bcd698012414aab0a16743f9e20448beabcbf941588a844c61eaea7e708b78df
Instruction Fuzzy Hash: 19F015B1505756CFDB349F64E590822BBF4BF187293208A7EE3EA82661CB319884DB10

Function 00A92A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A92A66

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 06af40955b21c9d79bca324f5748dcafc30626cffd1c51e867fa414b5640c1f1
Instruction ID: 5742a2ea5337e2ad3c3cfc3f8a09eb64738c83dcf9b9fcc8c00db6543f1cd32c
Opcode Fuzzy Hash: 06af40955b21c9d79bca324f5748dcafc30626cffd1c51e867fa414b5640c1f1
Instruction Fuzzy Hash: A7E04F77354116BACB14EB30DC809FA73ECEF643D57104536AC1AC2500DB30999687A0

Function 00A02DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A02DC4

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LongNamePath_wcslen
String ID:
API String ID: 541455249-0
Opcode ID: 5d703ea8bf90543facfa8116502e7f305ad687cd8a6f8e6587797f27bb9d3e21
Instruction ID: 6566185803e67556612a276c8b51820e0020f7912491c16ce22cd429194f0c0b
Opcode Fuzzy Hash: 5d703ea8bf90543facfa8116502e7f305ad687cd8a6f8e6587797f27bb9d3e21
Instruction Fuzzy Hash: 93E0CD76A001245BC710E7989C05FDA77DDDFC8794F040072FD09D7248DD60AD858550

Function 00A02B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A03837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A03908

Part of subcall function 00A0D730: GetInputState.USER32 ref: 00A0D807

SetCurrentDirectoryW.KERNEL32(?), ref: 00A02B6B

Part of subcall function 00A030F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A0314E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconNotifyShell_$CurrentDirectoryInputState
String ID:
API String ID: 3667716007-0
Opcode ID: e6de29814a80a531d1f640cb574ce5475fa3f5c602294856000478735141d5b2
Instruction ID: 281d8908d99a624cb637db702ff15ba656ad4474175c1c60e6a16643bf189cc0
Opcode Fuzzy Hash: e6de29814a80a531d1f640cb574ce5475fa3f5c602294856000478735141d5b2
Instruction Fuzzy Hash: 05E086A370425C17CA04FBB4BA5657EB75D9BD1351F40597FF143472E3CE24454A4352

Function 00A4039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00A40704,?,?,00000000,?,00A40704,00000000,0000000C), ref: 00A403B7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 0d4687b2d4b67b0e94d824b2ab355ba9286de293a4fb9186fba886160762f728
Instruction ID: 03c36797434889da4b155c260a1187f76be99695321f7e6a61d8c5ae7b4b0695
Opcode Fuzzy Hash: 0d4687b2d4b67b0e94d824b2ab355ba9286de293a4fb9186fba886160762f728
Instruction Fuzzy Hash: 78D06C3214010DBBDF028F84DD06EDA3BAAFB48714F114100BE1856020C732E822AB94

Function 00A01CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A01CBC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InfoParametersSystem
String ID:
API String ID: 3098949447-0
Opcode ID: 0de6675b339ad696392807a2094aefe15ab961f5d46b6328003357881d2308f0
Instruction ID: 59097b5840b3358e49b4d7c9daea18973e2846f5b55eaa61ad691f6ae073eab7
Opcode Fuzzy Hash: 0de6675b339ad696392807a2094aefe15ab961f5d46b6328003357881d2308f0
Instruction Fuzzy Hash: 2AC092363C1304AFF214CBC4BC4EF107764A358B14F448003F60AA95E3C7A22822EB50

Non-executed Functions

Function 00A99576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00A9961A
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A9965B
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00A9969F
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A996C9
SendMessageW.USER32 ref: 00A996F2
GetKeyState.USER32(00000011), ref: 00A9978B
GetKeyState.USER32(00000009), ref: 00A99798
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A997AE
GetKeyState.USER32(00000010), ref: 00A997B8
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A997E9
SendMessageW.USER32 ref: 00A99810
SendMessageW.USER32(?,00001030,?,00A97E95), ref: 00A99918
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00A9992E
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00A99941
SetCapture.USER32(?), ref: 00A9994A
ClientToScreen.USER32(?,?), ref: 00A999AF
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00A999BC
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A999D6
ReleaseCapture.USER32 ref: 00A999E1
GetCursorPos.USER32(?), ref: 00A99A19
ScreenToClient.USER32(?,?), ref: 00A99A26
SendMessageW.USER32(?,00001012,00000000,?), ref: 00A99A80
SendMessageW.USER32 ref: 00A99AAE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00A99AEB
SendMessageW.USER32 ref: 00A99B1A
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00A99B3B
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00A99B4A
GetCursorPos.USER32(?), ref: 00A99B68
ScreenToClient.USER32(?,?), ref: 00A99B75
GetParent.USER32(?), ref: 00A99B93
SendMessageW.USER32(?,00001012,00000000,?), ref: 00A99BFA
SendMessageW.USER32 ref: 00A99C2B
ClientToScreen.USER32(?,?), ref: 00A99C84
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A99CB4
SendMessageW.USER32(?,00001111,00000000,?), ref: 00A99CDE
SendMessageW.USER32 ref: 00A99D01
ClientToScreen.USER32(?,?), ref: 00A99D4E
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00A99D82

Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952

GetWindowLongW.USER32(?,000000F0), ref: 00A99E05

Strings

@GUI_DRAGID, xrefs: 00A9997D
F, xrefs: 00A99D07

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: e91c13b753cb77cdbd5f56554bdfaf4dcf149e3d6b7975a7be2e34d1a199da97
Instruction ID: 3796936e9d7cf018c011c0c15892c0b46a120e98897f48e4c6c46c06b9d3001e
Opcode Fuzzy Hash: e91c13b753cb77cdbd5f56554bdfaf4dcf149e3d6b7975a7be2e34d1a199da97
Instruction Fuzzy Hash: 91427C35304241BFDB24CF68CD94AABBBE5FF49720F14061EF699872A1DB31A891CB51

Function 00A94873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00A948F3
SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00A94908
SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00A94927
SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00A9494B
SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00A9495C
SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00A9497B
SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00A949AE
SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00A949D4
SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00A94A0F
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A94A56
SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A94A7E
IsMenu.USER32(?), ref: 00A94A97
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A94AF2
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A94B20
GetWindowLongW.USER32(?,000000F0), ref: 00A94B94
SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00A94BE3
SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00A94C82
wsprintfW.USER32 ref: 00A94CAE
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A94CC9
GetWindowTextW.USER32(?,00000000,00000001), ref: 00A94CF1
SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00A94D13
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A94D33
GetWindowTextW.USER32(?,00000000,00000001), ref: 00A94D5A

Strings

%d/%02d/%02d, xrefs: 00A94CA8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
String ID: %d/%02d/%02d
API String ID: 4054740463-328681919
Opcode ID: 3f07bf2aad28d92cde364a7477e73cfe0fe02f1854fe48fe579a6c4ecf8143e9
Instruction ID: bea6ee4040a9b7e767055bba1ea168c7e1979756aa8fd93c906e64e85412a857
Opcode Fuzzy Hash: 3f07bf2aad28d92cde364a7477e73cfe0fe02f1854fe48fe579a6c4ecf8143e9
Instruction Fuzzy Hash: 7E12CE71700255ABEF248F68CC49FAE7BF8AF49710F14412AF516EB2E1DB789942CB50

Function 00A1F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A1F998
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A5F474
IsIconic.USER32(00000000), ref: 00A5F47D
ShowWindow.USER32(00000000,00000009), ref: 00A5F48A
SetForegroundWindow.USER32(00000000), ref: 00A5F494
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A5F4AA
GetCurrentThreadId.KERNEL32 ref: 00A5F4B1
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A5F4BD
AttachThreadInput.USER32(?,00000000,00000001), ref: 00A5F4CE
AttachThreadInput.USER32(?,00000000,00000001), ref: 00A5F4D6
AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A5F4DE
SetForegroundWindow.USER32(00000000), ref: 00A5F4E1
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F4F6
keybd_event.USER32(00000012,00000000), ref: 00A5F501
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F50B
keybd_event.USER32(00000012,00000000), ref: 00A5F510
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F519
keybd_event.USER32(00000012,00000000), ref: 00A5F51E
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A5F528
keybd_event.USER32(00000012,00000000), ref: 00A5F52D
SetForegroundWindow.USER32(00000000), ref: 00A5F530
AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A5F557

Strings

Shell_TrayWnd, xrefs: 00A5F46F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 88e347983c4b528930669197f2242818e207fd99801dee1f0c662ba4c333fa09
Instruction ID: 68c9170181f9d94a10e578f751e1eb8cdd7ee14d2c9f42308a0e4ab92786274e
Opcode Fuzzy Hash: 88e347983c4b528930669197f2242818e207fd99801dee1f0c662ba4c333fa09
Instruction Fuzzy Hash: 7B315371B802187FEB20ABF55C49FBF7E7DEB44B61F110426FA04E61D1DAB15D01AA60

Function 00A61201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00A616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
Part of subcall function 00A616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
Part of subcall function 00A616C3: GetLastError.KERNEL32 ref: 00A6174A

LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A61286
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A612A8
CloseHandle.KERNEL32(?), ref: 00A612B9
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A612D1
GetProcessWindowStation.USER32 ref: 00A612EA
SetProcessWindowStation.USER32(00000000), ref: 00A612F4
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A61310

Part of subcall function 00A610BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A611FC), ref: 00A610D4
Part of subcall function 00A610BF: CloseHandle.KERNEL32(?,?,00A611FC), ref: 00A610E9

Strings

default, xrefs: 00A6130B
, xrefs: 00A6125A
winsta0, xrefs: 00A612CC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
String ID: $default$winsta0
API String ID: 22674027-1027155976
Opcode ID: 8ea3474db2de500dfc159bfd82d1a0fd10073e5d51228b1fe917195a19a09442
Instruction ID: 82802d046cc1d5d7bdc951cd94582154360f68a82fcd2e4928deba59f098a624
Opcode Fuzzy Hash: 8ea3474db2de500dfc159bfd82d1a0fd10073e5d51228b1fe917195a19a09442
Instruction Fuzzy Hash: 1081ACB1A00208AFDF21DFA4DD49FEE7FB9EF04704F18412AFA11A61A0DB718945CB21

Function 00A60B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
Part of subcall function 00A610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
Part of subcall function 00A610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
Part of subcall function 00A610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A60BCC
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A60C00
GetLengthSid.ADVAPI32(?), ref: 00A60C17
GetAce.ADVAPI32(?,00000000,?), ref: 00A60C51
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A60C6D
GetLengthSid.ADVAPI32(?), ref: 00A60C84
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A60C8C
HeapAlloc.KERNEL32(00000000), ref: 00A60C93
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A60CB4
CopySid.ADVAPI32(00000000), ref: 00A60CBB
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A60CEA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A60D0C
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A60D1E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D45
HeapFree.KERNEL32(00000000), ref: 00A60D4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D55
HeapFree.KERNEL32(00000000), ref: 00A60D5C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60D65
HeapFree.KERNEL32(00000000), ref: 00A60D6C
GetProcessHeap.KERNEL32(00000000,?), ref: 00A60D78
HeapFree.KERNEL32(00000000), ref: 00A60D7F

Part of subcall function 00A61193: GetProcessHeap.KERNEL32(00000008,00A60BB1,?,00000000,?,00A60BB1,?), ref: 00A611A1
Part of subcall function 00A61193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A60BB1,?), ref: 00A611A8
Part of subcall function 00A61193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A60BB1,?), ref: 00A611B7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: 41c5bf07fedcd47d9aa570c647570a40ef293943d742f5a40d21e3b4f0abfb57
Instruction ID: c8c94d140490d13fae205c7829b31506447b81d1d39aac262cddd7bb91d3851d
Opcode Fuzzy Hash: 41c5bf07fedcd47d9aa570c647570a40ef293943d742f5a40d21e3b4f0abfb57
Instruction Fuzzy Hash: 90715A72A0021AEFDF10DFE4DC44FAFBBB8BF05310F144616E915A6191DB71AA46CBA0

Function 00A7EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00A9CC08), ref: 00A7EB29
IsClipboardFormatAvailable.USER32(0000000D), ref: 00A7EB37
GetClipboardData.USER32(0000000D), ref: 00A7EB43
CloseClipboard.USER32 ref: 00A7EB4F
GlobalLock.KERNEL32(00000000), ref: 00A7EB87
CloseClipboard.USER32 ref: 00A7EB91
GlobalUnlock.KERNEL32(00000000), ref: 00A7EBBC
IsClipboardFormatAvailable.USER32(00000001), ref: 00A7EBC9
GetClipboardData.USER32(00000001), ref: 00A7EBD1
GlobalLock.KERNEL32(00000000), ref: 00A7EBE2
GlobalUnlock.KERNEL32(00000000), ref: 00A7EC22
IsClipboardFormatAvailable.USER32(0000000F), ref: 00A7EC38
GetClipboardData.USER32(0000000F), ref: 00A7EC44
GlobalLock.KERNEL32(00000000), ref: 00A7EC55
DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A7EC77
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A7EC94
DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A7ECD2
GlobalUnlock.KERNEL32(00000000), ref: 00A7ECF3
CountClipboardFormats.USER32 ref: 00A7ED14
CloseClipboard.USER32 ref: 00A7ED59

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
String ID:
API String ID: 420908878-0
Opcode ID: 2caa1c452baf6b7d276faa9b572c7bd459ce0945142848585f5c1e9e88e784a0
Instruction ID: f4b48c8c64bb1827f052ff54f614680822f35a4eb30b03fcbeafafe2aeef3b1f
Opcode Fuzzy Hash: 2caa1c452baf6b7d276faa9b572c7bd459ce0945142848585f5c1e9e88e784a0
Instruction Fuzzy Hash: BB61E2352042059FD310EF64DD84F6A7BE8AF88714F04C59AF55A872A2DF30DD06CBA2

Function 00A7698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A769BE
FindClose.KERNEL32(00000000), ref: 00A76A12
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A76A4E
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A76A75

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

FileTimeToSystemTime.KERNEL32(?,?), ref: 00A76AB2
FileTimeToSystemTime.KERNEL32(?,?), ref: 00A76ADF

Strings

%4d%02d%02d%02d%02d%02d%03d, xrefs: 00A76B32
%4d, xrefs: 00A76BB1
%4d%02d%02d%02d%02d%02d, xrefs: 00A76B6A
%03d, xrefs: 00A76DA2
%02d, xrefs: 00A76C00, 00A76C0A, 00A76C5A, 00A76CAA, 00A76CFA, 00A76D4A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
API String ID: 3830820486-3289030164
Opcode ID: 7f688fbaabb438be620e3c4c53b7c2813290f2e308a150396708ad5d30309272
Instruction ID: ab5b96af7c2bb8b89f1d8b5c09ce0fc754a8eee1510ad17d83a7a2e3c052e2fc
Opcode Fuzzy Hash: 7f688fbaabb438be620e3c4c53b7c2813290f2e308a150396708ad5d30309272
Instruction Fuzzy Hash: 46D14071508344AEC710EBA4DD81EABB7ECAF88704F44491DF589D6191EB74EA48CB62

Function 00A79642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A79663
GetFileAttributesW.KERNEL32(?), ref: 00A796A1
SetFileAttributesW.KERNEL32(?,?), ref: 00A796BB
FindNextFileW.KERNEL32(00000000,?), ref: 00A796D3
FindClose.KERNEL32(00000000), ref: 00A796DE
FindFirstFileW.KERNEL32(*.*,?), ref: 00A796FA
SetCurrentDirectoryW.KERNEL32(?), ref: 00A7974A
SetCurrentDirectoryW.KERNEL32(00AC6B7C), ref: 00A79768
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A79772
FindClose.KERNEL32(00000000), ref: 00A7977F
FindClose.KERNEL32(00000000), ref: 00A7978F

Strings

*.*, xrefs: 00A796F5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 9c85cb2f6af36f5be921f5fba0d05e5380121cd7e9793d05a9bc83e5e9f73d85
Instruction ID: 8782566e2d4e40dfffba7549a72c7fded9ed8d80de69308d6c5494541addf8e7
Opcode Fuzzy Hash: 9c85cb2f6af36f5be921f5fba0d05e5380121cd7e9793d05a9bc83e5e9f73d85
Instruction Fuzzy Hash: 7D319132641619BBDB14EFB4EC49EDF77ACAF09320F10C567E819E2190EB30DD458A24

Function 00A7979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00A797BE
FindNextFileW.KERNEL32(00000000,?), ref: 00A79819
FindClose.KERNEL32(00000000), ref: 00A79824
FindFirstFileW.KERNEL32(*.*,?), ref: 00A79840
SetCurrentDirectoryW.KERNEL32(?), ref: 00A79890
SetCurrentDirectoryW.KERNEL32(00AC6B7C), ref: 00A798AE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A798B8
FindClose.KERNEL32(00000000), ref: 00A798C5
FindClose.KERNEL32(00000000), ref: 00A798D5

Part of subcall function 00A6DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A6DB00

Strings

*.*, xrefs: 00A7983B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: de82891dde68eacba4051e9672878fa5605e46b5f0a0be35db3ca6eddff377a0
Instruction ID: 408d5e6d0a3d2db329299921105107be86ee06ea27ee109cd17b14c9b404e570
Opcode Fuzzy Hash: de82891dde68eacba4051e9672878fa5605e46b5f0a0be35db3ca6eddff377a0
Instruction Fuzzy Hash: 75319232641A19BADB10EFB4EC48ADF77ACAF06320F14C5A7E818A2190DB30DD458B65

Function 00A8BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8BF3E
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A8BFA9
RegCloseKey.ADVAPI32(00000000), ref: 00A8BFCD
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A8C02C
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A8C0E7
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A8C154
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A8C1E9
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A8C23A
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A8C2E3
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A8C382
RegCloseKey.ADVAPI32(00000000), ref: 00A8C38F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
String ID:
API String ID: 3102970594-0
Opcode ID: 260980ea4a9475da3d9502c4a1a7a3a497d64d9602fbce514a4892ef59e73953
Instruction ID: b10af756255bc04c681f09170a71799d8b674ec8f413cb4103f5a9d6475e3950
Opcode Fuzzy Hash: 260980ea4a9475da3d9502c4a1a7a3a497d64d9602fbce514a4892ef59e73953
Instruction Fuzzy Hash: 3A024C71604200AFD714DF24C995E2ABBE5EF49318F18859DF84ACB2A2DB31ED46CF61

Function 00A78195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A78257
SystemTimeToFileTime.KERNEL32(?,?), ref: 00A78267
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A78273
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A78310
SetCurrentDirectoryW.KERNEL32(?), ref: 00A78324
SetCurrentDirectoryW.KERNEL32(?), ref: 00A78356
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A7838C
SetCurrentDirectoryW.KERNEL32(?), ref: 00A78395

Strings

*.*, xrefs: 00A7839B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: f92adc2c33add46c576893caaa4250a9455c7a4b97dd1ceaf0e9fc59508ba842
Instruction ID: 9f9647d03d5cb6347370f647a1f15fa05edc008e296b7e9e93017e79f9f61b54
Opcode Fuzzy Hash: f92adc2c33add46c576893caaa4250a9455c7a4b97dd1ceaf0e9fc59508ba842
Instruction Fuzzy Hash: 6B617B726083059FC710EF64D9449AFB3E8FF89324F04892EF99987251DB35E945CB92

Function 00A6D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2

Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A

FindFirstFileW.KERNEL32(?,?), ref: 00A6D122
DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A6D1DD
MoveFileW.KERNEL32(?,?), ref: 00A6D1F0
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A6D20D
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6D237

Part of subcall function 00A6D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A6D21C,?,?), ref: 00A6D2B2

FindClose.KERNEL32(00000000,?,?,?), ref: 00A6D253
FindClose.KERNEL32(00000000), ref: 00A6D264

Strings

\*.*, xrefs: 00A6D0CD, 00A6D0D6, 00A6D0EB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 1946585618-1173974218
Opcode ID: 53c45586540e5dc3c8b9a729db3933a259dfb09b36ed2f62d75c3b1f4b7f9ad2
Instruction ID: cf15d13d552c6397f36c12c50bc8046a2165bd37a110cd98e86bd1a54fcbfebf
Opcode Fuzzy Hash: 53c45586540e5dc3c8b9a729db3933a259dfb09b36ed2f62d75c3b1f4b7f9ad2
Instruction Fuzzy Hash: ED616E31E0110DAFCF05EBE0DA929EEB7B9AF55340F208165E40277192EB316F09DB61

Function 00A7ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00A7ED91
EmptyClipboard.USER32 ref: 00A7ED97
GlobalAlloc.KERNEL32(00000002,?), ref: 00A7EDAC
CloseClipboard.USER32 ref: 00A7EEA3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: a040cf164879af114f4bd0ac4acaaa046e92f631c9d2fcbdae4e0c999429d129
Instruction ID: d3c94999622950d7402e0ff0a0b42703276a031d8f010414938b9865a329a6e7
Opcode Fuzzy Hash: a040cf164879af114f4bd0ac4acaaa046e92f631c9d2fcbdae4e0c999429d129
Instruction Fuzzy Hash: 3841A335604611AFD720DF55E848F5ABBE5FF48328F14C49AE4198F6A2CB35EC42CB90

Function 00A6E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00A616C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
Part of subcall function 00A616C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
Part of subcall function 00A616C3: GetLastError.KERNEL32 ref: 00A6174A

ExitWindowsEx.USER32(?,00000000), ref: 00A6E932

Strings

SeShutdownPrivilege, xrefs: 00A6E902
, xrefs: 00A6E95C
, xrefs: 00A6E920
@, xrefs: 00A6E925

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $ $@$SeShutdownPrivilege
API String ID: 2234035333-3163812486
Opcode ID: 4b9b211b5ab2929b5c1f032ae0103b807a6c36a445a9a7b6859badefda4782b1
Instruction ID: e81424ea23c5475c83394ae6ec424a7f55874f8d4ac7f179332625150f6712dd
Opcode Fuzzy Hash: 4b9b211b5ab2929b5c1f032ae0103b807a6c36a445a9a7b6859badefda4782b1
Instruction Fuzzy Hash: 3401D67B710211ABFB54E7B49C86FBBB37CAF14750F150822F912E21D1E9A15C4081A0

Function 00A81204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006), ref: 00A81276
WSAGetLastError.WSOCK32 ref: 00A81283
bind.WSOCK32(00000000,?,00000010), ref: 00A812BA
WSAGetLastError.WSOCK32 ref: 00A812C5
closesocket.WSOCK32(00000000), ref: 00A812F4
listen.WSOCK32(00000000,00000005), ref: 00A81303
WSAGetLastError.WSOCK32 ref: 00A8130D
closesocket.WSOCK32(00000000), ref: 00A8133C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$closesocket$bindlistensocket
String ID:
API String ID: 540024437-0
Opcode ID: 808bbcb5e3a172b1c11f6609cf6e70504726a9d6d636fe83f3c9a427e18501fa
Instruction ID: bba3b30be8bb6ad7fee0353ffeaba8c2a91a2e72e9bfd151660af15577c2aa18
Opcode Fuzzy Hash: 808bbcb5e3a172b1c11f6609cf6e70504726a9d6d636fe83f3c9a427e18501fa
Instruction Fuzzy Hash: 4141A4316002009FD710EF64D588B69BBE9FF46328F188199D8568F2D6D771ED82CBE1

Function 00A6D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2

Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A

FindFirstFileW.KERNEL32(?,?), ref: 00A6D420
DeleteFileW.KERNEL32(?,?,?,?), ref: 00A6D470
FindNextFileW.KERNEL32(00000000,00000010), ref: 00A6D481
FindClose.KERNEL32(00000000), ref: 00A6D498
FindClose.KERNEL32(00000000), ref: 00A6D4A1

Strings

\*.*, xrefs: 00A6D3F2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 8af70b5ad411c1fbdaaccf335ce3c9274d3bf61e955d533b3bb076b441721b32
Instruction ID: c761fe50585831eeb19383369acf1d5d62247898e106155e963818a8e1d8dfad
Opcode Fuzzy Hash: 8af70b5ad411c1fbdaaccf335ce3c9274d3bf61e955d533b3bb076b441721b32
Instruction Fuzzy Hash: 6A317E31508349ABC304EF64D9959AFB7B8AEA1354F444A1EF4D5931D1EF30AE09CB63

Function 00A3E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00A3E645

Strings

1#INF, xrefs: 00A3F852
1#SNAN, xrefs: 00A3F844
1#QNAN, xrefs: 00A3F84B
1#IND, xrefs: 00A3F83D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 05eea638af8c737b05cddd3958ab0c91e3e0b7198e137ee2e821e86d478a1139
Instruction ID: 72fe6640faeb1650dcb490c15d966699d615cb56d551334843da0872e9ff3513
Opcode Fuzzy Hash: 05eea638af8c737b05cddd3958ab0c91e3e0b7198e137ee2e821e86d478a1139
Instruction Fuzzy Hash: B8C23A71E186298FDB25CF28DD407EAB7B5EB49305F1441EAE84DE7281E774AE818F40

Function 00A7648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A764DC
CoInitialize.OLE32(00000000), ref: 00A76639
CoCreateInstance.OLE32(00A9FCF8,00000000,00000001,00A9FB68,?), ref: 00A76650
CoUninitialize.OLE32 ref: 00A768D4

Strings

.lnk, xrefs: 00A764BA, 00A76524, 00A765E0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_wcslen
String ID: .lnk
API String ID: 886957087-24824748
Opcode ID: 67f468ab27ba076d946293aaf95820a6f17c27749911ffbc99b5e2bf99e7769b
Instruction ID: c20675d3c7d2bb5341c0db9faae39a46688f4571bc4b751a136ae612757c4049
Opcode Fuzzy Hash: 67f468ab27ba076d946293aaf95820a6f17c27749911ffbc99b5e2bf99e7769b
Instruction Fuzzy Hash: B7D14971508705AFD304EF24D981A6BB7E8FF98704F00896DF5998B292DB70ED09CB92

Function 00A822DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,00000000), ref: 00A822E8

Part of subcall function 00A7E4EC: GetWindowRect.USER32(?,?), ref: 00A7E504

GetDesktopWindow.USER32 ref: 00A82312
GetWindowRect.USER32(00000000), ref: 00A82319
mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A82355
GetCursorPos.USER32(?), ref: 00A82381
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A823DF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForeground
String ID:
API String ID: 2387181109-0
Opcode ID: 06615c6784dd480777fbdc51f32a617cc44cdbcd014d5f29498abab5b3fe0271
Instruction ID: 203801514e02d8e13ac83caba65dd5d7319090402c0f9c62c08b763b9d3e984b
Opcode Fuzzy Hash: 06615c6784dd480777fbdc51f32a617cc44cdbcd014d5f29498abab5b3fe0271
Instruction Fuzzy Hash: A331E372604315AFC720EF54C845F6BB7E9FF84710F00091AF9859B181DB34E909CB92

Function 00A79B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A79B78
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A79C8B

Part of subcall function 00A73874: GetInputState.USER32 ref: 00A738CB
Part of subcall function 00A73874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A73966

Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A79BA8
FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A79C75

Strings

*.*, xrefs: 00A79B5D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
String ID: *.*
API String ID: 1972594611-438819550
Opcode ID: bd65ffd4c1822e3a9a6d5541a791ec5d36b58f3b12db4d6d84dc2a5efeb3cc77
Instruction ID: ce81f34bc8226e725baaf58b6617ed3107c54d36c69d32a26f3faafbb3e63233
Opcode Fuzzy Hash: bd65ffd4c1822e3a9a6d5541a791ec5d36b58f3b12db4d6d84dc2a5efeb3cc77
Instruction Fuzzy Hash: B2415E7190060AAFCF15DFA4DD95AEFBBB8EF05310F24C156E409A2191EB309E84CF61

Function 00A1997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

DefDlgProcW.USER32(?,?,?,?,?), ref: 00A19A4E
GetSysColor.USER32(0000000F), ref: 00A19B23
SetBkColor.GDI32(?,00000000), ref: 00A19B36

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Color$LongProcWindow
String ID:
API String ID: 3131106179-0
Opcode ID: cf28e923cfe8521f7856aa6d4cc752e5a525e17d1a84596a5250cabc659212a3
Instruction ID: a8a9e65be283d2df8af743040be4f942121dcbd2f323bd9aa55ea1a240e20ec4
Opcode Fuzzy Hash: cf28e923cfe8521f7856aa6d4cc752e5a525e17d1a84596a5250cabc659212a3
Instruction Fuzzy Hash: 94A13A70208414BEE725DB3CADB8DFF36EDEF46381B14010AF802D6591CA359D8AD272

Function 00A81806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8304E: inet_addr.WSOCK32(?), ref: 00A8307A
Part of subcall function 00A8304E: _wcslen.LIBCMT ref: 00A8309B

socket.WSOCK32(00000002,00000002,00000011), ref: 00A8185D
WSAGetLastError.WSOCK32 ref: 00A81884
bind.WSOCK32(00000000,?,00000010), ref: 00A818DB
WSAGetLastError.WSOCK32 ref: 00A818E6
closesocket.WSOCK32(00000000), ref: 00A81915

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
String ID:
API String ID: 1601658205-0
Opcode ID: dc1fde3901f8495dd6e46e88eb8c9ddd88af724c4410cdb08c4998d48d5d44d6
Instruction ID: 93c76d8c61df6a59e72af3c6e88f902f62194c04e0702dc9f6adc82254ac4ebb
Opcode Fuzzy Hash: dc1fde3901f8495dd6e46e88eb8c9ddd88af724c4410cdb08c4998d48d5d44d6
Instruction Fuzzy Hash: 0451C671A00204AFDB10EF64D986F6A77E5AB44718F048498F9065F3D3DB71AD82CBE1

Function 00A91C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00A91CC0
IsWindowEnabled.USER32 ref: 00A91CCE
GetForegroundWindow.USER32(?,?,00000001,?), ref: 00A91CDB
IsIconic.USER32 ref: 00A91CE9
IsZoomed.USER32 ref: 00A91CF7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: d44bb0f5e3121b5e6a82b87f7d4a72f626a019cf246f8f8bf38787dea202133e
Instruction ID: 5a070d1f0d2e04be60df7504d3adbc50dc200f0380ff4a81dfabaae95c19d07e
Opcode Fuzzy Hash: d44bb0f5e3121b5e6a82b87f7d4a72f626a019cf246f8f8bf38787dea202133e
Instruction Fuzzy Hash: 4121A4317806125FDB208F2AD884F6A7BE5EF95325F198069E846CB351DB71EC42CB90

Function 00A08060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON

Download Yara Rule

Strings

ERCP, xrefs: 00A0813C
VUUU, xrefs: 00A083FA
VUUU, xrefs: 00A083E8
VUUU, xrefs: 00A45DF0
VUUU, xrefs: 00A0843C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: edc4f238927e8856accc07e524383143250b972c5052221f58cd80aa3ba61a76
Instruction ID: de6f712b2687357583e77d70d9b9a218ddf61e512383a0c94a65706ce9e2bf47
Opcode Fuzzy Hash: edc4f238927e8856accc07e524383143250b972c5052221f58cd80aa3ba61a76
Instruction Fuzzy Hash: EAA2B074E0061ECBDF24CF58D8407AEB7B1BF84310F2481AAE855AB285EB759D81CF95

Function 00A6AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A6AAAC
SetKeyboardState.USER32(00000080), ref: 00A6AAC8
PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A6AB36
SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A6AB88

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 9a3baf302f12c1989412153bb6e36dd0a2bbf6bc06fca394b77cc8a24574a760
Instruction ID: 70b33c26155c41b25e59f7032e3c27d8a90bb76fca780f962c5419d4d4ff4da2
Opcode Fuzzy Hash: 9a3baf302f12c1989412153bb6e36dd0a2bbf6bc06fca394b77cc8a24574a760
Instruction Fuzzy Hash: 1D31F430A40648AEFB35CB658C05BFE7BBAEB65320F04421BF591A61D1D7758D81CB62

Function 00A3BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A3BB7F

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

GetTimeZoneInformation.KERNEL32 ref: 00A3BB91
WideCharToMultiByte.KERNEL32(00000000,?,00AD121C,000000FF,?,0000003F,?,?), ref: 00A3BC09
WideCharToMultiByte.KERNEL32(00000000,?,00AD1270,000000FF,?,0000003F,?,?,?,00AD121C,000000FF,?,0000003F,?,?), ref: 00A3BC36

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 806657224-0
Opcode ID: 7ef7c8bfcf21108d3a0adcec1a14d0e312fd87fa4c59ff482c4b3e46e31c92a2
Instruction ID: 47c8180837f0eebe1a119975d8a32689a6aadfdc3533dd969abfb7aa4b6e966b
Opcode Fuzzy Hash: 7ef7c8bfcf21108d3a0adcec1a14d0e312fd87fa4c59ff482c4b3e46e31c92a2
Instruction Fuzzy Hash: 3C31B070904205EFCB11DFA9DC819A9BBB9FF45720B1446ABF161DB2A1DB319E42CB60

Function 00A7CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00000400,?), ref: 00A7CE89
GetLastError.KERNEL32(?,00000000), ref: 00A7CEEA
SetEvent.KERNEL32(?,?,00000000), ref: 00A7CEFE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorEventFileInternetLastRead
String ID:
API String ID: 234945975-0
Opcode ID: 58ec462610557f04b89fdad6e36406f6898a850384882e3844fa6763b5850b03
Instruction ID: d72aceda207dcb840fe8e5db94f25cff25c327f7417f405239877efd97e1c41b
Opcode Fuzzy Hash: 58ec462610557f04b89fdad6e36406f6898a850384882e3844fa6763b5850b03
Instruction Fuzzy Hash: 3F219AB1600705ABEB20DFA5DD48BA7B7F8EB40364F10C42EE54A92151EB70EE458B64

Function 00A68298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00A682AA

Strings

(, xrefs: 00A682F0
|, xrefs: 00A682DA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 3ef58a79777225e8535d8fa202ac5757d0970c6dcc4aa2d8f2b61bde57241b90
Instruction ID: 16cfa3c30f9a02ef9e1ef5d5589739212289e2196a6812f0e7fa3049fbb41920
Opcode Fuzzy Hash: 3ef58a79777225e8535d8fa202ac5757d0970c6dcc4aa2d8f2b61bde57241b90
Instruction Fuzzy Hash: B7323574A00605DFCB28CF59C080AAAB7F4FF48710B15C56EE59ADB3A1EB74E981CB40

Function 00A75C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A75CC1
FindNextFileW.KERNEL32(00000000,?), ref: 00A75D17
FindClose.KERNEL32(?), ref: 00A75D5F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: f8a680d2b511c6bcc0d2ef5d6552ab7cfca9c4c0be6b71830f40abfa8d0dcaef
Instruction ID: 01ff93a2070f710ce1475974ccf74431c687a5b3e87ce893c82544b9367b2529
Opcode Fuzzy Hash: f8a680d2b511c6bcc0d2ef5d6552ab7cfca9c4c0be6b71830f40abfa8d0dcaef
Instruction Fuzzy Hash: C4519874A04A019FC714CF28D894A9AB7E4FF09324F14855EE95A8B3A2DB70FC04CB91

Function 00A32622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00A3271A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A32724
UnhandledExceptionFilter.KERNEL32(?), ref: 00A32731

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 7713b1f5f60894e0394c2c73d76a76ea6c011e84e9648a57828367c3ecbd8f6a
Instruction ID: 81758ca0a71427e773f9808ce0d6a4fe4e61bc68011f750a0e1def995949f012
Opcode Fuzzy Hash: 7713b1f5f60894e0394c2c73d76a76ea6c011e84e9648a57828367c3ecbd8f6a
Instruction Fuzzy Hash: 3931B774911228ABCB21DF68DD89BDDB7B8BF08310F5041EAE81CA7261E7309F818F45

Function 00A751CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A751DA
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00A75238
SetErrorMode.KERNEL32(00000000), ref: 00A752A1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 8cc925b51fd3d574ce22d5148f126bc43c532a361eec6935cec576088942bd8e
Instruction ID: 96ec4b32ac6f2f6e4b3d7101ff553530f550592a113f720787b3e165b273d8ec
Opcode Fuzzy Hash: 8cc925b51fd3d574ce22d5148f126bc43c532a361eec6935cec576088942bd8e
Instruction Fuzzy Hash: 7B313075A00518DFDB00DF94D884EEDBBB4FF49314F148099E909AB3A2DB71E856CB91

Function 00A616C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00A1FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A20668
Part of subcall function 00A1FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A20685

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A6170D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A6173A
GetLastError.KERNEL32 ref: 00A6174A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 577356006-0
Opcode ID: 5d617b0c372c5aa8db5f96cacb2a4100ac40809195a334df931e388b17bdaa11
Instruction ID: cafab7c012290eb4c5e0f622d441ddaf9217efa06ab582967898ffce393c76eb
Opcode Fuzzy Hash: 5d617b0c372c5aa8db5f96cacb2a4100ac40809195a334df931e388b17bdaa11
Instruction Fuzzy Hash: 9D1191B2504304AFD718DF54EC86DABBBB9EB44764B24852EE05657641EB70BC418B60

Function 00A6D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A6D608
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00A6D645
CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A6D650

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 5ea5cd7c6dce21e6b2a79d177525ca7337dbde20eacd7a1a11e0ee985318b88e
Instruction ID: ac9f3fe9b2170a0bc570e220fc66162fdef2d61850da9a04a7a1b0f2e1604a62
Opcode Fuzzy Hash: 5ea5cd7c6dce21e6b2a79d177525ca7337dbde20eacd7a1a11e0ee985318b88e
Instruction Fuzzy Hash: 92115E75E05228BFDB10CF99DC45FAFBBBCEB45B60F108116F904E7290D6704A058BA1

Function 00A61663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A6168C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00A616A1
FreeSid.ADVAPI32(?), ref: 00A616B1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 3f6f2c7a4ad22cd8067cb67ceff4b42224f498dbd45613d54a3d5d41ea9c1bea
Instruction ID: bef22bac277665b4ddaa0c2da8afc33ffd77a0cc0b805f2c048d5d5bd0361bb4
Opcode Fuzzy Hash: 3f6f2c7a4ad22cd8067cb67ceff4b42224f498dbd45613d54a3d5d41ea9c1bea
Instruction Fuzzy Hash: 82F0F475A50309FBDF00DFE4DD89AAEBBBCEB08614F504565E501E2191E774AA448A50

Function 00A24CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000,?,00A328E9), ref: 00A24D09
TerminateProcess.KERNEL32(00000000,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000,?,00A328E9), ref: 00A24D10
ExitProcess.KERNEL32 ref: 00A24D22

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 126e1dd148babfd75b9267349d2a82e3e74085b8b53b6f2afc1a612bcf5ce0b5
Instruction ID: e9d1ef9cc7db0d978f3f9defd79c9875ef7eac0cdb6d452a727b7428d7a368d2
Opcode Fuzzy Hash: 126e1dd148babfd75b9267349d2a82e3e74085b8b53b6f2afc1a612bcf5ce0b5
Instruction Fuzzy Hash: 4DE0B631104558AFCF11AF98EE0AA597B69EB45B91F104025FC098B122CB35DD42CA90

Function 00A5D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00A5D28C

Strings

X64, xrefs: 00A5D2A8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: NameUser
String ID: X64
API String ID: 2645101109-893830106
Opcode ID: 5ee545017074bcae45b77ad35fab3d917c6e5ee2944ef94992ee6d22a4ffddfb
Instruction ID: 347d2718970737e2d56fb52caff8ad8fd72409345c49f9bf3566ceb7775e59ac
Opcode Fuzzy Hash: 5ee545017074bcae45b77ad35fab3d917c6e5ee2944ef94992ee6d22a4ffddfb
Instruction Fuzzy Hash: 7FD0CAB480112DEECBA0CBA0EC88DDEB3BCBB08306F100292F506A2000DB7096898F20

Function 00A2CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction ID: ae1d8de887f9af6c63cc42d0b1aff3a5a8ea30e897983a1cfacfe6d47d98466f
Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
Instruction Fuzzy Hash: A4021E71E002299FDF14CFADD9806ADFBF1EF48324F254169D919E7344D731AA418B94

Function 00A768EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A76918
FindClose.KERNEL32(00000000), ref: 00A76961

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: ad94bd443d98613fdbd439cc15a8a376ecb9a1feebfcd0dbe0a1df5f590e3edb
Instruction ID: 7d8dd749b2cdee99030c06fa98fed89ee74d4d463beaf497ee4df6d4f3b5ac28
Opcode Fuzzy Hash: ad94bd443d98613fdbd439cc15a8a376ecb9a1feebfcd0dbe0a1df5f590e3edb
Instruction Fuzzy Hash: 501190716046019FC710DF69D884B16BBE5FF85328F14C6A9E5698F6A2CB30EC45CB91

Function 00A737B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A84891,?,?,00000035,?), ref: 00A737E4
FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A84891,?,?,00000035,?), ref: 00A737F4

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: a229ebea0a2e28f66e1274f9c52aef577151e578953068837c79c5dfc3f0c763
Instruction ID: c991a245bfd32c89a9b6ecf0b11cf528df9a5edbeedf6910bde9d09a0c3a6431
Opcode Fuzzy Hash: a229ebea0a2e28f66e1274f9c52aef577151e578953068837c79c5dfc3f0c763
Instruction Fuzzy Hash: 19F0E5B17042282AEB20A7A69D4DFEB7BAEEFC4771F004166F509D2281D9609945C6B0

Function 00A6B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A6B25D
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00A6B270

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 4f62fcc3e55e0973ec466033a65d74dc1ffa8723120befb3c5fa830a138cbb78
Instruction ID: 22a3c702433179d98331e9469d7fedb767e5eb2e33b6bfba126c508635076559
Opcode Fuzzy Hash: 4f62fcc3e55e0973ec466033a65d74dc1ffa8723120befb3c5fa830a138cbb78
Instruction Fuzzy Hash: F3F06D7090428DABDB05CFA0C805BEE7BB0FF04315F00800AF951A5192C77982019FA4

Function 00A610BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A611FC), ref: 00A610D4
CloseHandle.KERNEL32(?,?,00A611FC), ref: 00A610E9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: a53edcc775a3bde76a00c837f4f324c2fc3e1c8caba59a88e9754a74c9bb2afe
Instruction ID: 2503733a2e14bf1a104174b96e85aeaf9168eee7867e27c2abc26fd1fc2867b7
Opcode Fuzzy Hash: a53edcc775a3bde76a00c837f4f324c2fc3e1c8caba59a88e9754a74c9bb2afe
Instruction Fuzzy Hash: 0FE04F32008640AEEB252B51FD05EB77BA9EB04320F14882EF5A5804B1DF626CE0DB10

Function 00A0CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON

Download Yara Rule

Strings

Variable is not of type 'Object'., xrefs: 00A50C40

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: Variable is not of type 'Object'.
API String ID: 0-1840281001
Opcode ID: c9a4e2276ab88f60a8ee8c6db108e6f31deb2202e3dcaada41a0d190fec4992c
Instruction ID: f9ad4a61b45dac28938f3ec9d4ba142203652b07f4180ddefe91cf6ba7e3a797
Opcode Fuzzy Hash: c9a4e2276ab88f60a8ee8c6db108e6f31deb2202e3dcaada41a0d190fec4992c
Instruction Fuzzy Hash: E932AA7090021CDBDF14DF90E991EEDB7B5BF05314F208259E806AB2D2DB35AE4ACB61

Function 00A3676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A36766,?,?,00000008,?,?,00A3FEFE,00000000), ref: 00A36998

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 892d1cc29c31286d0412567438c41c851415fdcccff6685a6562a879bdc5989f
Instruction ID: 72197074161b3fda627a2718e9ee361849ab5f6b6f50a4c121101b44659bb75b
Opcode Fuzzy Hash: 892d1cc29c31286d0412567438c41c851415fdcccff6685a6562a879bdc5989f
Instruction Fuzzy Hash: 94B11771610609AFD719CF28C48AB657BB0FF49364F29C658F899CF2A2C735E991CB40

Function 00A1B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON

Download Yara Rule

Strings

, xrefs: 00A5851F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4bafa4c74f206d1001e9561f3f0a18dcbd3bb02d6ca7d0503a873e4fb53d82d7
Instruction ID: 709b777902c7062dfc75fc9365ed15f57095e3d2271b5b80eec599a5cdf6d0ac
Opcode Fuzzy Hash: 4bafa4c74f206d1001e9561f3f0a18dcbd3bb02d6ca7d0503a873e4fb53d82d7
Instruction Fuzzy Hash: C3127E75A10229DFDB14CF58C9806EEB7F5FF48310F14819AE849EB255EB349A85CBA0

Function 00A7EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00A7EABD

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: d590014e92ea3ce0cbf839b378c9a304ef6d77101119feb1347cb1527037c55a
Instruction ID: 3fffc177f0480c529af6dc68129b7a1ebb333f94d5d98d0f013e0820e37bc7f9
Opcode Fuzzy Hash: d590014e92ea3ce0cbf839b378c9a304ef6d77101119feb1347cb1527037c55a
Instruction Fuzzy Hash: 43E01A312102049FC710EF59E904E9AB7E9AF987B0F00C456FD4AC7291DA70A8418BA1

Function 00A209D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00A203EE), ref: 00A209DA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 03c5ebeebb505a73403c4755c212c92274d716d063093cb84834dcaf5533da5b
Instruction ID: b25d9550704e17ee3b78264013852b7410dcbc45927524f751f9c67a0e4a7471
Opcode Fuzzy Hash: 03c5ebeebb505a73403c4755c212c92274d716d063093cb84834dcaf5533da5b
Instruction Fuzzy Hash:

Function 00A2781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 00A2798B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction ID: 7e0900dcf94dfc432b0c39211e04a348e422927046d3c8accb176417e24a691d
Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
Instruction Fuzzy Hash: 2051657160D7355BDB38877CBA5ABBE23E99B02340F180539E982D7282CA15EFC1D352

Function 00A36DD9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867c22394bd36280889705be10a4cf30a4d1107b52c0c5b9263e2e6b3f5fc1f4
Instruction ID: cf134811c8c2222e6372aceafef5df2de945b4b97fea2301750fbfe21172324f
Opcode Fuzzy Hash: 867c22394bd36280889705be10a4cf30a4d1107b52c0c5b9263e2e6b3f5fc1f4
Instruction Fuzzy Hash: D0321361D29F024DD7379638C82233AA649AFB73C5F15D727F81AB5DA6EB29C4C34200

Function 00A1CC39 Relevance: .6, Instructions: 635COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fc195d1a1998d543aaff46c728361404ddae1b71b161f8cdba876c4e32a19b
Instruction ID: 407976d5d7f55fb1a2abea5409aa0057d8ff30271969e026d35de61db8e245dd
Opcode Fuzzy Hash: 83fc195d1a1998d543aaff46c728361404ddae1b71b161f8cdba876c4e32a19b
Instruction Fuzzy Hash: E1322732A003158FDF28CB69C4906BD7BB1FB45372F298166DC49DB699E234DD89DB80

Function 00A07920 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5978c5a17b31092f639cb2eda0560344ac5753918eb0d599603736deed09d65
Instruction ID: 593bad9e3c634257f4afefd47939a7fa6ebe28779bc0c3d9c3d8a997b9063c61
Opcode Fuzzy Hash: f5978c5a17b31092f639cb2eda0560344ac5753918eb0d599603736deed09d65
Instruction Fuzzy Hash: BF22BF74E04609DFDF14CFA4D981AAEB3F6FF44300F244629E816AB292EB35AD55CB50

Function 00A091C0 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dcf52368e6ab63fda0ecfcfb0606b9fa69f368bca5f0b75011d028b9f3a301
Instruction ID: 3a333357dc28fc112ee46b2bdf72d9da77d10267e0f3ac6e344d81fb358570a2
Opcode Fuzzy Hash: 49dcf52368e6ab63fda0ecfcfb0606b9fa69f368bca5f0b75011d028b9f3a301
Instruction Fuzzy Hash: B502C5B5E00209EFDF04DF54D981AAEB7B5FF44340F118169E8169B2D1EB31AE61CB91

Function 00A39EEE Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4a5b5b0f33fcf2d458431d9d07772f011d0cbef9fcd8c5d437b35a51533afd0
Instruction ID: 5a5da4b337ced77232686a5e9b0691c50b80514c685e859b36787f6ac9bc2c99
Opcode Fuzzy Hash: b4a5b5b0f33fcf2d458431d9d07772f011d0cbef9fcd8c5d437b35a51533afd0
Instruction Fuzzy Hash: D1B12321D2AF514DCB2396798831336F64CAFBB6D5F91D31BFC2678D62EB2286834140

Function 00A21C77 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: 9f63f09eed24a604170686eff54e0a245e1433b68c9a9ae7aff67c06088004f9
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: F59146725080B34ADB2D473EA57447EFFE15AA23A131A07BED4F2CA1C5FE24D954D620

Function 00A21F32 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 7e1e520df0ed3c38a0d789de0a25d670fdecc85d2b3dd7c26da806b825fed946
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 2B9153722090B359DB2D433D957453EFEE15A923A131A07BEE4F2CA1D5EE24C964E720

Function 00A219B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: c19ef142046ce809b5d94ee4eeb7d54e64f11c46b4b0399e15ef66394d47e176
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: A59121722090B34ADB2D477EA57443EFFF15AA23A231A07BED4F2CA1C5FE2485549620

Function 00A27A4A Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52144c55a5c3735529d48f3c121678d91d88ecf96de2cfe8a8ff28c48ca960ac
Instruction ID: 89cfa1fe507ba53a974280a90fd7f55e02b6e3b63650b5826a02fb4bf3129c6a
Opcode Fuzzy Hash: 52144c55a5c3735529d48f3c121678d91d88ecf96de2cfe8a8ff28c48ca960ac
Instruction Fuzzy Hash: C661457120873996DF389B2CBAA6BBE23A5DF41750F20093AF843DB281DA15DF428355

Function 00A27CA7 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a3a0efe44d6d0ef0058cb215590d0cf3b383e254752051cd67706d68f81a83
Instruction ID: a8902d56ba2f3431143b4edeb6dd37adbcc52c4febd15d30e67f48633c04372a
Opcode Fuzzy Hash: 39a3a0efe44d6d0ef0058cb215590d0cf3b383e254752051cd67706d68f81a83
Instruction Fuzzy Hash: 5A617A7560873957DE388B2C7951BBF2394EF42700F100979F843DB681DA16EF428B66

Function 00A21706 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: e3a08d14102ee5b3585d34d173e957329c33639147aa5ffaf699d363cdb04fbc
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: F48174726090B349DB6D473E957443EFFE15AA23A131A07BDD4F2CB1C1EE24CA54E660

Function 00A72046 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a67bcc82d19ef5a1b258104fd8971417df9c54bda69be35bcc7ab96f72d81f4
Instruction ID: df0c11b0af2253074080a84eb35774a917fc20208708876ddf2140d9bd33b1c0
Opcode Fuzzy Hash: 2a67bcc82d19ef5a1b258104fd8971417df9c54bda69be35bcc7ab96f72d81f4
Instruction Fuzzy Hash: B22193326216118BDB28CF79C82277A73E5A764310F19CA2EE4A7C37D0DE35A905CB90

Function 00A82ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A82B30
DeleteObject.GDI32(00000000), ref: 00A82B43
DestroyWindow.USER32 ref: 00A82B52
GetDesktopWindow.USER32 ref: 00A82B6D
GetWindowRect.USER32(00000000), ref: 00A82B74
SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A82CA3
AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A82CB1
CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82CF8
GetClientRect.USER32(00000000,?), ref: 00A82D04
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A82D40
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D62
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D75
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D80
GlobalLock.KERNEL32(00000000), ref: 00A82D89
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82D98
GlobalUnlock.KERNEL32(00000000), ref: 00A82DA1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82DA8
GlobalFree.KERNEL32(00000000), ref: 00A82DB3
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82DC5
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A9FC38,00000000), ref: 00A82DDB
GlobalFree.KERNEL32(00000000), ref: 00A82DEB
CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A82E11
SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A82E30
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A82E52
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A8303F

Strings

AutoIt v3, xrefs: 00A82CF2
, xrefs: 00A82FC5
static, xrefs: 00A82D3A, 00A82E91
DISPLAY, xrefs: 00A82EA2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: cc5dbec8f350ca4eb34878ee44529f1d8f58a04ca86a090964757f59875af7e2
Instruction ID: 5fcbaf6f130b5423063d975f4884514cba3f98dfac21368e2df761ca957571b3
Opcode Fuzzy Hash: cc5dbec8f350ca4eb34878ee44529f1d8f58a04ca86a090964757f59875af7e2
Instruction Fuzzy Hash: 6B028075600208AFDB14DFA4DD89EAE7BB9FF48724F108159F915AB2A1DB70ED01CB60

Function 00A970D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00A9712F
GetSysColorBrush.USER32(0000000F), ref: 00A97160
GetSysColor.USER32(0000000F), ref: 00A9716C
SetBkColor.GDI32(?,000000FF), ref: 00A97186
SelectObject.GDI32(?,?), ref: 00A97195
InflateRect.USER32(?,000000FF,000000FF), ref: 00A971C0
GetSysColor.USER32(00000010), ref: 00A971C8
CreateSolidBrush.GDI32(00000000), ref: 00A971CF
FrameRect.USER32(?,?,00000000), ref: 00A971DE
DeleteObject.GDI32(00000000), ref: 00A971E5
InflateRect.USER32(?,000000FE,000000FE), ref: 00A97230
FillRect.USER32(?,?,?), ref: 00A97262
GetWindowLongW.USER32(?,000000F0), ref: 00A97284

Part of subcall function 00A973E8: GetSysColor.USER32(00000012), ref: 00A97421
Part of subcall function 00A973E8: SetTextColor.GDI32(?,?), ref: 00A97425
Part of subcall function 00A973E8: GetSysColorBrush.USER32(0000000F), ref: 00A9743B
Part of subcall function 00A973E8: GetSysColor.USER32(0000000F), ref: 00A97446
Part of subcall function 00A973E8: GetSysColor.USER32(00000011), ref: 00A97463
Part of subcall function 00A973E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A97471
Part of subcall function 00A973E8: SelectObject.GDI32(?,00000000), ref: 00A97482
Part of subcall function 00A973E8: SetBkColor.GDI32(?,00000000), ref: 00A9748B
Part of subcall function 00A973E8: SelectObject.GDI32(?,?), ref: 00A97498
Part of subcall function 00A973E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00A974B7
Part of subcall function 00A973E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A974CE
Part of subcall function 00A973E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00A974DB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: cfb213aac9cf4868d75b01439927fe36946c71f43613f2e35415fcf899c2667b
Instruction ID: 3f7f9339e4ef0f72ea0a67091e4994bf1b300b26e58dc3609c5159341ff447f3
Opcode Fuzzy Hash: cfb213aac9cf4868d75b01439927fe36946c71f43613f2e35415fcf899c2667b
Instruction Fuzzy Hash: F1A17E72218701AFDB01DFA4DC48A6F7BE9FB49330F100B1AF962961E1DB71E9458B61

Function 00A18D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?), ref: 00A18E14
SendMessageW.USER32(?,00001308,?,00000000), ref: 00A56AC5
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A56AFE
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A56F43

Part of subcall function 00A18F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A18BE8,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18FC5

SendMessageW.USER32(?,00001053), ref: 00A56F7F
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A56F96
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A56FAC
ImageList_Destroy.COMCTL32(00000000,?), ref: 00A56FB7

Strings

0, xrefs: 00A56DCF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
String ID: 0
API String ID: 2760611726-4108050209
Opcode ID: 2c79c71cbd7805ceceb42c04419673251181fae06c8f3c2f89c13b6bdaeb1617
Instruction ID: fc790788acd74d2b997266692333efe736b260d53be0b484b331011eae99bec2
Opcode Fuzzy Hash: 2c79c71cbd7805ceceb42c04419673251181fae06c8f3c2f89c13b6bdaeb1617
Instruction Fuzzy Hash: 2912BE30601601EFDB25CF24C954BAAB7F1FB45312F94446AF885CB2A2CB35EC9ACB51

Function 00A82711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00A8273E
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A8286A
SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A828A9
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A828B9
CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A82900
GetClientRect.USER32(00000000,?), ref: 00A8290C
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A82955
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A82964
GetStockObject.GDI32(00000011), ref: 00A82974
SelectObject.GDI32(00000000,00000000), ref: 00A82978
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A82988
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A82991
DeleteDC.GDI32(00000000), ref: 00A8299A
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A829C6
SendMessageW.USER32(00000030,00000000,00000001), ref: 00A829DD
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A82A1D
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A82A31
SendMessageW.USER32(00000404,00000001,00000000), ref: 00A82A42
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A82A77
GetStockObject.GDI32(00000011), ref: 00A82A82
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A82A8D
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A82A97

Strings

AutoIt v3, xrefs: 00A828F8
msctls_progress32, xrefs: 00A82A13
static, xrefs: 00A8294F, 00A82A71
DISPLAY, xrefs: 00A8295A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 93a7229a2e27c095e7cd8b8c09781008f352a8b2599986d85837fef097d82c8b
Instruction ID: 32f13957a632c7586e92548d0f8182c8c3cfd5bbeed83986cef9c83de6f2f6f6
Opcode Fuzzy Hash: 93a7229a2e27c095e7cd8b8c09781008f352a8b2599986d85837fef097d82c8b
Instruction Fuzzy Hash: 7FB16D71A00619BFEB14DFA8DD49FAE7BA9EB08710F004115FA15EB2D0DB70AD41CBA4

Function 00A74ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A74AED
GetDriveTypeW.KERNEL32(?,00A9CB68,?,\\.\,00A9CC08), ref: 00A74BCA
SetErrorMode.KERNEL32(00000000,00A9CB68,?,\\.\,00A9CC08), ref: 00A74D36

Strings

CDROM, xrefs: 00A74BFB
Network, xrefs: 00A74C02
1394, xrefs: 00A74C9F
SATA, xrefs: 00A74CD0
ATA, xrefs: 00A74C98
RAID, xrefs: 00A74CBB
SSA, xrefs: 00A74CA6
Fibre, xrefs: 00A74CAD
MMC, xrefs: 00A74CDE
Fixed, xrefs: 00A74C09
PhysicalDrive, xrefs: 00A74B76
Virtual, xrefs: 00A74CE5
USB, xrefs: 00A74CB4
SSD, xrefs: 00A74C4A
ATAPI, xrefs: 00A74C91
Removable, xrefs: 00A74C10, 00A74C15
SCSI, xrefs: 00A74C8A
RAMDisk, xrefs: 00A74BF4
iSCSI, xrefs: 00A74CC2
\\.\, xrefs: 00A74B3F
Unknown, xrefs: 00A74BED, 00A74C83
SAS, xrefs: 00A74CC9
FileBackedVirtual, xrefs: 00A74CEC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 143a5421841af1a43853704a53bfe8cbd179b9e88d11e495a05d94a87eacdf74
Instruction ID: 640e08b8a936a4e0a1e89b603b7c5eb8bc3ac1867f1fc095471360616e17db5c
Opcode Fuzzy Hash: 143a5421841af1a43853704a53bfe8cbd179b9e88d11e495a05d94a87eacdf74
Instruction Fuzzy Hash: 80618F31705509ABCB16DF28CE82E6977B0BF4C344B25C419F80AAB692DB35ED41DB51

Function 00A973E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00A97421
SetTextColor.GDI32(?,?), ref: 00A97425
GetSysColorBrush.USER32(0000000F), ref: 00A9743B
GetSysColor.USER32(0000000F), ref: 00A97446
CreateSolidBrush.GDI32(?), ref: 00A9744B
GetSysColor.USER32(00000011), ref: 00A97463
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A97471
SelectObject.GDI32(?,00000000), ref: 00A97482
SetBkColor.GDI32(?,00000000), ref: 00A9748B
SelectObject.GDI32(?,?), ref: 00A97498
InflateRect.USER32(?,000000FF,000000FF), ref: 00A974B7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A974CE
GetWindowLongW.USER32(00000000,000000F0), ref: 00A974DB
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A9752A
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00A97554
InflateRect.USER32(?,000000FD,000000FD), ref: 00A97572
DrawFocusRect.USER32(?,?), ref: 00A9757D
GetSysColor.USER32(00000011), ref: 00A9758E
SetTextColor.GDI32(?,00000000), ref: 00A97596
DrawTextW.USER32(?,00A970F5,000000FF,?,00000000), ref: 00A975A8
SelectObject.GDI32(?,?), ref: 00A975BF
DeleteObject.GDI32(?), ref: 00A975CA
SelectObject.GDI32(?,?), ref: 00A975D0
DeleteObject.GDI32(?), ref: 00A975D5
SetTextColor.GDI32(?,?), ref: 00A975DB
SetBkColor.GDI32(?,?), ref: 00A975E5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 54111066f82e0bb848184ea41c4ab211dbcf9fd1c8d7772c19c63d25bbb9b43c
Instruction ID: af83de6b4bdddf7b1da171778d7ef182b1d95fc76f0caf9a5cfdf70d2c48096d
Opcode Fuzzy Hash: 54111066f82e0bb848184ea41c4ab211dbcf9fd1c8d7772c19c63d25bbb9b43c
Instruction Fuzzy Hash: 9F615F76A00618AFDF01DFA4DC49EEE7FB9EB08330F114116F915AB2A1DB749941CBA0

Function 00A90FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A91128
GetDesktopWindow.USER32 ref: 00A9113D
GetWindowRect.USER32(00000000), ref: 00A91144
GetWindowLongW.USER32(?,000000F0), ref: 00A91199
DestroyWindow.USER32(?), ref: 00A911B9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A911ED
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A9120B
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A9121D
SendMessageW.USER32(00000000,00000421,?,?), ref: 00A91232
SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A91245
IsWindowVisible.USER32(00000000), ref: 00A912A1
SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A912BC
SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A912D0
GetWindowRect.USER32(00000000,?), ref: 00A912E8
MonitorFromPoint.USER32(?,?,00000002), ref: 00A9130E
GetMonitorInfoW.USER32(00000000,?), ref: 00A91328
CopyRect.USER32(?,?), ref: 00A9133F
SendMessageW.USER32(00000000,00000412,00000000), ref: 00A913AA

Strings

tooltips_class32, xrefs: 00A911E6
(, xrefs: 00A9131B
0, xrefs: 00A910D3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 0950119a250d4d1198f87dfcddfcfb42bf703d167cfcc5964123995ba6a1d8f0
Instruction ID: 3ec1c52be4f062f1a1a76b95e4f386659a67a63c15eb61983e9c1d324747ea47
Opcode Fuzzy Hash: 0950119a250d4d1198f87dfcddfcfb42bf703d167cfcc5964123995ba6a1d8f0
Instruction Fuzzy Hash: 4CB16B71604341AFDB00DF64D984B6BBBE4FF88354F00891DF99A9B2A1CB31E845CBA1

Function 00A18891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A18968
GetSystemMetrics.USER32(00000007), ref: 00A18970
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A1899B
GetSystemMetrics.USER32(00000008), ref: 00A189A3
GetSystemMetrics.USER32(00000004), ref: 00A189C8
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A189E5
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A189F5
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A18A28
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A18A3C
GetClientRect.USER32(00000000,000000FF), ref: 00A18A5A
GetStockObject.GDI32(00000011), ref: 00A18A76
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A18A81

Part of subcall function 00A1912D: GetCursorPos.USER32(?), ref: 00A19141
Part of subcall function 00A1912D: ScreenToClient.USER32(00000000,?), ref: 00A1915E
Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000001), ref: 00A19183
Part of subcall function 00A1912D: GetAsyncKeyState.USER32(00000002), ref: 00A1919D

SetTimer.USER32(00000000,00000000,00000028,00A190FC), ref: 00A18AA8

Strings

AutoIt v3 GUI, xrefs: 00A18A20

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 97db2f8ca0241402b78d5e44572eb841ae0a05ad0f853642abc0378bddb37e78
Instruction ID: 14241c0700f324783717bc43bacba3358e1944b3ced2026a4b50ea4f7ae18c76
Opcode Fuzzy Hash: 97db2f8ca0241402b78d5e44572eb841ae0a05ad0f853642abc0378bddb37e78
Instruction Fuzzy Hash: 60B17F71A40209AFDF14DFA8DD55BEE3BB5FB48315F11421AFA16A7290DB34E841CB50

Function 00A60D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
Part of subcall function 00A610F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
Part of subcall function 00A610F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
Part of subcall function 00A610F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
Part of subcall function 00A610F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A60DF5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A60E29
GetLengthSid.ADVAPI32(?), ref: 00A60E40
GetAce.ADVAPI32(?,00000000,?), ref: 00A60E7A
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A60E96
GetLengthSid.ADVAPI32(?), ref: 00A60EAD
GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A60EB5
HeapAlloc.KERNEL32(00000000), ref: 00A60EBC
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A60EDD
CopySid.ADVAPI32(00000000), ref: 00A60EE4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A60F13
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A60F35
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A60F47
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F6E
HeapFree.KERNEL32(00000000), ref: 00A60F75
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F7E
HeapFree.KERNEL32(00000000), ref: 00A60F85
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A60F8E
HeapFree.KERNEL32(00000000), ref: 00A60F95
GetProcessHeap.KERNEL32(00000000,?), ref: 00A60FA1
HeapFree.KERNEL32(00000000), ref: 00A60FA8

Part of subcall function 00A61193: GetProcessHeap.KERNEL32(00000008,00A60BB1,?,00000000,?,00A60BB1,?), ref: 00A611A1
Part of subcall function 00A61193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A60BB1,?), ref: 00A611A8
Part of subcall function 00A61193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A60BB1,?), ref: 00A611B7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 4175595110-0
Opcode ID: b6d637ee7c28f7cf2c801c81a0aca944e319e56542a9be87c6827d48ce69233f
Instruction ID: 6f4b3f874f666e640ae1eb9ca54952497292983d18c029a1e9bc186b401210e0
Opcode Fuzzy Hash: b6d637ee7c28f7cf2c801c81a0aca944e319e56542a9be87c6827d48ce69233f
Instruction Fuzzy Hash: 87716B72A0021AABDF21DFA4DD44FAFBBB8FF05311F144215FA19E6191DB319945CB60

Function 00A8C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8C4BD
RegCreateKeyExW.ADVAPI32(?,?,00000000,00A9CC08,00000000,?,00000000,?,?), ref: 00A8C544
RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A8C5A4
_wcslen.LIBCMT ref: 00A8C5F4
_wcslen.LIBCMT ref: 00A8C66F
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A8C6B2
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A8C7C1
RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A8C84D
RegCloseKey.ADVAPI32(?), ref: 00A8C881
RegCloseKey.ADVAPI32(00000000), ref: 00A8C88E
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A8C960

Strings

REG_QWORD, xrefs: 00A8C8C3
REG_BINARY, xrefs: 00A8C913
REG_DWORD, xrefs: 00A8C804
REG_SZ, xrefs: 00A8C644
REG_EXPAND_SZ, xrefs: 00A8C5CD
REG_MULTI_SZ, xrefs: 00A8C6F5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Value$Close$_wcslen$ConnectCreateRegistry
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 9721498-966354055
Opcode ID: 5e66a8e670352fdaed1c9648dc55bb1eb889225dd9068afa1e71ba9409d31dea
Instruction ID: 41156fcd1c0639a7d5594eebe839888cfa596c031367d82f338b76d1d798b20a
Opcode Fuzzy Hash: 5e66a8e670352fdaed1c9648dc55bb1eb889225dd9068afa1e71ba9409d31dea
Instruction Fuzzy Hash: 841258356042019FDB14EF14D991A2AB7E5EF88724F04889DF89A9B3A2DB31FD41CF91

Function 00A9091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A909C6
_wcslen.LIBCMT ref: 00A90A01
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A90A54
_wcslen.LIBCMT ref: 00A90A8A
_wcslen.LIBCMT ref: 00A90B06
_wcslen.LIBCMT ref: 00A90B81

Part of subcall function 00A1F9F2: _wcslen.LIBCMT ref: 00A1F9FD

Part of subcall function 00A62BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A62BFA

Strings

GETITEMCOUNT, xrefs: 00A90C1E
EXPAND, xrefs: 00A90BF8
SELECT, xrefs: 00A90D11
CHECK, xrefs: 00A90A85, 00A90AA0
ISCHECKED, xrefs: 00A90CE1
GETSELECTED, xrefs: 00A90C4E
EXISTS, xrefs: 00A90B7C, 00A90B97
GETTOTALCOUNT, xrefs: 00A909F2, 00A90A17
UNCHECK, xrefs: 00A90D3E
GETTEXT, xrefs: 00A90C97
COLLAPSE, xrefs: 00A90B01, 00A90B1C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$MessageSend$BuffCharUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 1103490817-4258414348
Opcode ID: 495c734ac68a67ccb732c9940e650a3dca067721cab286c8969361329734b6a3
Instruction ID: a3e3c5f6c445bc474ac77678cbd46397184c5ed9e8e7725c3757bb51b55aebfb
Opcode Fuzzy Hash: 495c734ac68a67ccb732c9940e650a3dca067721cab286c8969361329734b6a3
Instruction Fuzzy Hash: 5EE189362087019FCB14EF28C550D6EB7E1BF98394B15895CF8969B3A2DB30ED85CB81

Function 00A8C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
_wcslen.LIBCMT ref: 00A8C9F1
_wcslen.LIBCMT ref: 00A8CA68
_wcslen.LIBCMT ref: 00A8CA9E
_wcslen.LIBCMT ref: 00A8CAF9
_wcslen.LIBCMT ref: 00A8CB2F
_wcslen.LIBCMT ref: 00A8CB7F

Strings

HKCC, xrefs: 00A8CBAC
HKEY_CLASSES_ROOT, xrefs: 00A8CAF3, 00A8CAF8
HKLM, xrefs: 00A8CA98, 00A8CA9D
HKCU, xrefs: 00A8CBCE
HKEY_USERS, xrefs: 00A8CBDF
HKEY_CURRENT_USER, xrefs: 00A8CBBD
HKEY_LOCAL_MACHINE, xrefs: 00A8CA62, 00A8CA67
HKCR, xrefs: 00A8CB29, 00A8CB2E
HKU, xrefs: 00A8CBF0
HKEY_CURRENT_CONFIG, xrefs: 00A8CB79, 00A8CB7E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 1256254125-909552448
Opcode ID: c5a1aebcd1fa55c18546e0cb63693d86c83a855054dbf8dbd96f5fcab39ebe75
Instruction ID: 08b00c51d10d24fa96da096fbd39108c10e79e8722bbe412eeb690e236a19bc4
Opcode Fuzzy Hash: c5a1aebcd1fa55c18546e0cb63693d86c83a855054dbf8dbd96f5fcab39ebe75
Instruction Fuzzy Hash: 7B71093260056A8BCB10FF7CDD41ABF73A2AB607B4B110529F8669B284E631CD45CBB0

Function 00A9833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A9835A
_wcslen.LIBCMT ref: 00A9836E
_wcslen.LIBCMT ref: 00A98391
_wcslen.LIBCMT ref: 00A983B4
LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A983F2
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00A9361A,?), ref: 00A9844E
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A98487
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A984CA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A98501
FreeLibrary.KERNEL32(?), ref: 00A9850D
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A9851D
DestroyIcon.USER32(?), ref: 00A9852C
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A98549
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A98555

Strings

.dll, xrefs: 00A983AB
.icl, xrefs: 00A98368
.exe, xrefs: 00A98388

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 799131459-1154884017
Opcode ID: 30159a86830badc8db5311817f1c1524bfb2d8eb06617a4bec3b82cad6dac102
Instruction ID: f11b7503d270f6273388500681dff064d031e796407b5ada5c90b0034aa75695
Opcode Fuzzy Hash: 30159a86830badc8db5311817f1c1524bfb2d8eb06617a4bec3b82cad6dac102
Instruction Fuzzy Hash: 1F61DF71640619BBEF14DF64DC81BBE77A8BF09B21F10461AF815D60D1DF78A980CBA0

Function 00A07778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON

Download Yara Rule

Strings

Bad directive syntax error, xrefs: 00A4519A
#comments-end, xrefs: 00A078D9
#ce, xrefs: 00A078ED
', xrefs: 00A45169
#requireadmin, xrefs: 00A077FF
#OnAutoItStartRegister, xrefs: 00A07817
#pragma compile, xrefs: 00A077D3
#comments-start, xrefs: 00A0785F, 00A078B1
#include-once, xrefs: 00A0782F
#cs, xrefs: 00A07873, 00A078C5
#notrayicon, xrefs: 00A077E7
Cannot parse #include, xrefs: 00A45279
#include, xrefs: 00A07847
", xrefs: 00A45153
Unterminated group of comments, xrefs: 00A4528C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 0-1645009161
Opcode ID: cbe9333f3e4042083eefbbfcd2838257e5b2c48b6a141951d2fecfd667b80f50
Instruction ID: 62cfdfa419cf513a3e83cec80ab21a4ec8e4418b9ace0cdeee3524dbdb54f84a
Opcode Fuzzy Hash: cbe9333f3e4042083eefbbfcd2838257e5b2c48b6a141951d2fecfd667b80f50
Instruction Fuzzy Hash: 3081D171F04609BFDB20AF64ED42FAE37A8AF95340F044425F905AA1D2EB74EA51C7A1

Function 00A73E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00A73EF8
_wcslen.LIBCMT ref: 00A73F03
_wcslen.LIBCMT ref: 00A73F5A
_wcslen.LIBCMT ref: 00A73F98
GetDriveTypeW.KERNEL32(?), ref: 00A73FD6
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A7401E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A74059
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A74087

Strings

open , xrefs: 00A73FE5
closed, xrefs: 00A73F08, 00A73F2D, 00A73F46, 00A73F7E, 00A73F97
open, xrefs: 00A73F54, 00A73F59
close cd wait, xrefs: 00A74072
wait, xrefs: 00A74044
set cd door , xrefs: 00A74028
close, xrefs: 00A73EFE, 00A73F18
type cdaudio alias cd wait, xrefs: 00A74001

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: SendString_wcslen$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1839972693-4113822522
Opcode ID: e6513775b331b722197d6e6987e2c60cfdd461d21ec163baaff292772aa8cabb
Instruction ID: 97b13fba0d6a6173e603dfc3648fa080196b8c54a74b8fae1a82bdd932055075
Opcode Fuzzy Hash: e6513775b331b722197d6e6987e2c60cfdd461d21ec163baaff292772aa8cabb
Instruction Fuzzy Hash: 1E71D072A042159FC710EF24CD8096AB7F4EF98758F01C92DF59A97291EB30ED46CB92

Function 00A65A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00A65A2E
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A65A40
SetWindowTextW.USER32(?,?), ref: 00A65A57
GetDlgItem.USER32(?,000003EA), ref: 00A65A6C
SetWindowTextW.USER32(00000000,?), ref: 00A65A72
GetDlgItem.USER32(?,000003E9), ref: 00A65A82
SetWindowTextW.USER32(00000000,?), ref: 00A65A88
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A65AA9
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A65AC3
GetWindowRect.USER32(?,?), ref: 00A65ACC
_wcslen.LIBCMT ref: 00A65B33
SetWindowTextW.USER32(?,?), ref: 00A65B6F
GetDesktopWindow.USER32 ref: 00A65B75
GetWindowRect.USER32(00000000), ref: 00A65B7C
MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A65BD3
GetClientRect.USER32(?,?), ref: 00A65BE0
PostMessageW.USER32(?,00000005,00000000,?), ref: 00A65C05
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A65C2F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
String ID:
API String ID: 895679908-0
Opcode ID: 82023945c0ae4914d8d108f72dc0a6b7733dacf0a84234d6a5f7772c3d2f7748
Instruction ID: 126737e26e0ee25a87fbae65e8606e568a7b8d32559452c43db8f17bb7508738
Opcode Fuzzy Hash: 82023945c0ae4914d8d108f72dc0a6b7733dacf0a84234d6a5f7772c3d2f7748
Instruction Fuzzy Hash: 10716E31A00B09AFDB20DFB8CE85A6EBBF5FF48714F104519E542A25A0DB75E945CB50

Function 00A7FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00A7FE27
LoadCursorW.USER32(00000000,00007F8A), ref: 00A7FE32
LoadCursorW.USER32(00000000,00007F00), ref: 00A7FE3D
LoadCursorW.USER32(00000000,00007F03), ref: 00A7FE48
LoadCursorW.USER32(00000000,00007F8B), ref: 00A7FE53
LoadCursorW.USER32(00000000,00007F01), ref: 00A7FE5E
LoadCursorW.USER32(00000000,00007F81), ref: 00A7FE69
LoadCursorW.USER32(00000000,00007F88), ref: 00A7FE74
LoadCursorW.USER32(00000000,00007F80), ref: 00A7FE7F
LoadCursorW.USER32(00000000,00007F86), ref: 00A7FE8A
LoadCursorW.USER32(00000000,00007F83), ref: 00A7FE95
LoadCursorW.USER32(00000000,00007F85), ref: 00A7FEA0
LoadCursorW.USER32(00000000,00007F82), ref: 00A7FEAB
LoadCursorW.USER32(00000000,00007F84), ref: 00A7FEB6
LoadCursorW.USER32(00000000,00007F04), ref: 00A7FEC1
LoadCursorW.USER32(00000000,00007F02), ref: 00A7FECC
GetCursorInfo.USER32(?), ref: 00A7FEDC
GetLastError.KERNEL32 ref: 00A7FF1E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 7b8df50588ca4bf4782ede70feddfa8a643122fcbfa93210ae04f05a25e508ab
Instruction ID: f90d3a034d5d60ae6d5320b225ffb9207412475e8e80548609d30f3ff8c70a0c
Opcode Fuzzy Hash: 7b8df50588ca4bf4782ede70feddfa8a643122fcbfa93210ae04f05a25e508ab
Instruction Fuzzy Hash: FF4124B0D083196EDB10DFBA9C8585EBFE8FF04764B50852AE11DEB281DB789901CE91

Function 00A200C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON

Download Yara Rule

APIs

__scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A200C6

Part of subcall function 00A200ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00AD070C,00000FA0,25F8FF48,?,?,?,?,00A423B3,000000FF), ref: 00A2011C
Part of subcall function 00A200ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A423B3,000000FF), ref: 00A20127
Part of subcall function 00A200ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A423B3,000000FF), ref: 00A20138
Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A2014E
Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A2015C
Part of subcall function 00A200ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A2016A
Part of subcall function 00A200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A20195
Part of subcall function 00A200ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A201A0

___scrt_fastfail.LIBCMT ref: 00A200E7

Part of subcall function 00A200A3: __onexit.LIBCMT ref: 00A200A9

Strings

WakeAllConditionVariable, xrefs: 00A20162
InitializeConditionVariable, xrefs: 00A20148
kernel32.dll, xrefs: 00A20133
SleepConditionVariableCS, xrefs: 00A20154
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A20122

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 66158676-1714406822
Opcode ID: 923c2c500a0c7b819d98ac7c0be7ca923c08a3e7b8ac87259aa9922c5f7b655c
Instruction ID: e21eabcb038a89163e7badacffc25e8e5eadc6cbe580f83b608d845f873de5ab
Opcode Fuzzy Hash: 923c2c500a0c7b819d98ac7c0be7ca923c08a3e7b8ac87259aa9922c5f7b655c
Instruction Fuzzy Hash: 0121D732745B207FEB109BB8BC06F6A73E4FB05B61F100637F806E6692DE6498008A94

Function 00A630F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A6318D
_wcslen.LIBCMT ref: 00A631F8

Strings

TEXT, xrefs: 00A6347C
CLASS, xrefs: 00A63188, 00A631A5
INSTANCE, xrefs: 00A63453
NAME, xrefs: 00A63335, 00A63346
REGEXPCLASS, xrefs: 00A63255, 00A63266
CLASSNN, xrefs: 00A631F3, 00A63204

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 176396367-1603158881
Opcode ID: f18b4c264a1cf30d81a4741b2ff32e8c0e6698344042676f956faa01453d45fc
Instruction ID: fb5b08b1d7123f28d83cd4c7a27cdd863cde679669d52d4ae61b0b02df083d24
Opcode Fuzzy Hash: f18b4c264a1cf30d81a4741b2ff32e8c0e6698344042676f956faa01453d45fc
Instruction Fuzzy Hash: C8E1A333E00526ABCF149F78C851BEEFBB4BF54710F558129E556A7240EF30AE868790

Function 00A744C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00000000,00000000,00A9CC08), ref: 00A74527
_wcslen.LIBCMT ref: 00A7453B
_wcslen.LIBCMT ref: 00A74599
_wcslen.LIBCMT ref: 00A745F4
_wcslen.LIBCMT ref: 00A7463F
_wcslen.LIBCMT ref: 00A746A7

Part of subcall function 00A1F9F2: _wcslen.LIBCMT ref: 00A1F9FD

GetDriveTypeW.KERNEL32(?,00AC6BF0,00000061), ref: 00A74743

Strings

cdrom, xrefs: 00A7458F, 00A74594
removable, xrefs: 00A745EA, 00A745EF
unknown, xrefs: 00A74708
all, xrefs: 00A74531, 00A74536
fixed, xrefs: 00A74635, 00A7463A
network, xrefs: 00A7469D, 00A746A2
ramdisk, xrefs: 00A746F1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2055661098-1000479233
Opcode ID: afae2be100ce06ef749d12a3fa56a0ee32bc0bd21e3ff478945663a8bd1223e7
Instruction ID: 7e7e60bb8e244bc2eaf9e351a07a2bb1f9274323bce96b2ef6dd5a8ad661738b
Opcode Fuzzy Hash: afae2be100ce06ef749d12a3fa56a0ee32bc0bd21e3ff478945663a8bd1223e7
Instruction Fuzzy Hash: A0B1D0716083029FC714DF28DD90A6AB7E5AFA9760F50CA2DF49AC7291D730DD44CB92

Function 00A83FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00A9CC08), ref: 00A840BB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00A840CD
GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00A9CC08), ref: 00A840F2
FreeLibrary.KERNEL32(00000000,?,00A9CC08), ref: 00A8413E
StringFromGUID2.OLE32(?,?,00000028,?,00A9CC08), ref: 00A841A8
SysFreeString.OLEAUT32(00000009), ref: 00A84262
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00A842C8
SysFreeString.OLEAUT32(?), ref: 00A842F2

Strings

kernel32.dll, xrefs: 00A840B6
GetModuleHandleExW, xrefs: 00A840C7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 354098117-199464113
Opcode ID: 479e983445c09ad7b7bfc60ea5138397593898fe656fa687be676386eadca6ea
Instruction ID: b9097bcb2430dce99e594a6c22394b266ba3576be19434e8c17e13275d7ac6ce
Opcode Fuzzy Hash: 479e983445c09ad7b7bfc60ea5138397593898fe656fa687be676386eadca6ea
Instruction Fuzzy Hash: F1123D75A0021AEFDB14EF94C884EAEBBB5FF49314F248099F9059B251D731ED46CBA0

Function 00A0326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00AD1990), ref: 00A42F8D
GetMenuItemCount.USER32(00AD1990), ref: 00A4303D
GetCursorPos.USER32(?), ref: 00A43081
SetForegroundWindow.USER32(00000000), ref: 00A4308A
TrackPopupMenuEx.USER32(00AD1990,00000000,?,00000000,00000000,00000000), ref: 00A4309D
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A430A9

Strings

0, xrefs: 00A0327D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID: 0
API String ID: 36266755-4108050209
Opcode ID: ad72dab62ecfce21a962fb3d5633d53ee416f9236571ac1030fa619ba521aa0c
Instruction ID: cf8555d2fb521d243bb54a87ede5f810da84b5be15942a00a5dda8fe178d8bb5
Opcode Fuzzy Hash: ad72dab62ecfce21a962fb3d5633d53ee416f9236571ac1030fa619ba521aa0c
Instruction Fuzzy Hash: 6171F535640209BEEB21CF64DC49FAABF78FF45364F204216F625AA1E0C7B1A964CB50

Function 00A96CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00A96DEB

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A96E5F
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A96E81
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A96E94
DestroyWindow.USER32(?), ref: 00A96EB5
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A00000,00000000), ref: 00A96EE4
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A96EFD
GetDesktopWindow.USER32 ref: 00A96F16
GetWindowRect.USER32(00000000), ref: 00A96F1D
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A96F35
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A96F4D

Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952

Strings

0, xrefs: 00A96D98
tooltips_class32, xrefs: 00A96E58, 00A96EDD

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
String ID: 0$tooltips_class32
API String ID: 2429346358-3619404913
Opcode ID: b379330980105531c7f2a19cbb5b88ff9535ba5982cf393b432f8a3b3bd0c76c
Instruction ID: 02cf44a45186eb80375c038aa394c3f3e3cfb80463f5222ab1936a24359f8964
Opcode Fuzzy Hash: b379330980105531c7f2a19cbb5b88ff9535ba5982cf393b432f8a3b3bd0c76c
Instruction Fuzzy Hash: 72715674604244AFDB21CF68D954FBABBE9FF89314F44081EF989872A1DB74A906CB11

Function 00A9911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

DragQueryPoint.SHELL32(?,?), ref: 00A99147

Part of subcall function 00A97674: ClientToScreen.USER32(?,?), ref: 00A9769A
Part of subcall function 00A97674: GetWindowRect.USER32(?,?), ref: 00A97710
Part of subcall function 00A97674: PtInRect.USER32(?,?,00A98B89), ref: 00A97720

SendMessageW.USER32(?,000000B0,?,?), ref: 00A991B0
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A991BB
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A991DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A99225
SendMessageW.USER32(?,000000B0,?,?), ref: 00A9923E
SendMessageW.USER32(?,000000B1,?,?), ref: 00A99255
SendMessageW.USER32(?,000000B1,?,?), ref: 00A99277
DragFinish.SHELL32(?), ref: 00A9927E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00A99371

Strings

@GUI_DROPID, xrefs: 00A9929E
@GUI_DRAGID, xrefs: 00A992E9
@GUI_DRAGFILE, xrefs: 00A99320

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 1d863bb03d76f1811a4a10e9ba69f8b739f2faf70a1783aa8ec867cea29bbc05
Instruction ID: b7871a032a43a9a6b6968603f4d6094c2b930c4e65cfa36d91ce228d6774549e
Opcode Fuzzy Hash: 1d863bb03d76f1811a4a10e9ba69f8b739f2faf70a1783aa8ec867cea29bbc05
Instruction Fuzzy Hash: 12618A71208305AFD701DFA4DD85DAFBBE8FF89750F00091EF596961A1DB309A49CB62

Function 00A7C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A7C4B0
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A7C4C3
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A7C4D7
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A7C4F0
InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A7C533
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A7C549
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A7C554
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A7C584
GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A7C5DC
SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A7C5F0
InternetCloseHandle.WININET(00000000), ref: 00A7C5FB

Strings

, xrefs: 00A7C575

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
String ID:
API String ID: 3800310941-3916222277
Opcode ID: 0964fcd4c30bbe7588568707c60ef0f2394b300e1a8c18ca06f4884e5fe938bc
Instruction ID: 7c3cb4c23895b77348e46a12daf9f7dea79ed77f717e69f1bb325edab3feb819
Opcode Fuzzy Hash: 0964fcd4c30bbe7588568707c60ef0f2394b300e1a8c18ca06f4884e5fe938bc
Instruction Fuzzy Hash: E5512BB1640604BFDB21DFA4CD88AAB7BBCFB08764F00C51EF94A96250DB35E9459B60

Function 00A9856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00A98592
GetFileSize.KERNEL32(00000000,00000000), ref: 00A985A2
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00A985AD
CloseHandle.KERNEL32(00000000), ref: 00A985BA
GlobalLock.KERNEL32(00000000), ref: 00A985C8
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00A985D7
GlobalUnlock.KERNEL32(00000000), ref: 00A985E0
CloseHandle.KERNEL32(00000000), ref: 00A985E7
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00A985F8
OleLoadPicture.OLEAUT32(?,00000000,00000000,00A9FC38,?), ref: 00A98611
GlobalFree.KERNEL32(00000000), ref: 00A98621
GetObjectW.GDI32(?,00000018,000000FF), ref: 00A98641
CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00A98671
DeleteObject.GDI32(00000000), ref: 00A98699
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A986AF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: eb0616e9812d361f23b378f35f575a1469561248b0e99421bd28eae44dcf0e7f
Instruction ID: a4119cd520b732fc07e49e8cc16e0213d8ac4b1230fa4ff903c0e6efad490c43
Opcode Fuzzy Hash: eb0616e9812d361f23b378f35f575a1469561248b0e99421bd28eae44dcf0e7f
Instruction Fuzzy Hash: 6E411975700604AFDB11DFA5DD48EAA7BBCFF89721F108159F905EB260DB349902CB60

Function 00A714BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00A71502
VariantCopy.OLEAUT32(?,?), ref: 00A7150B
VariantClear.OLEAUT32(?), ref: 00A71517
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00A715FB
VarR8FromDec.OLEAUT32(?,?), ref: 00A71657
VariantInit.OLEAUT32(?), ref: 00A71708
SysFreeString.OLEAUT32(?), ref: 00A7178C
VariantClear.OLEAUT32(?), ref: 00A717D8
VariantClear.OLEAUT32(?), ref: 00A717E7
VariantInit.OLEAUT32(00000000), ref: 00A71823

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00A71625
Default, xrefs: 00A716AF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: 60bbc8524e4c2bca5f2c91904436a1dd756c8ac05aebdf55e3f875ad6ce2dfd5
Instruction ID: 0351fb896dd781fb6d3e1f2a76c3d057fb773244402461cea81e1b7d3f892b0e
Opcode Fuzzy Hash: 60bbc8524e4c2bca5f2c91904436a1dd756c8ac05aebdf55e3f875ad6ce2dfd5
Instruction Fuzzy Hash: C0D1DD72A00615EBDF189F69E985BB9B7F9BF44704F14C05AE40AAB180DB30EC45DB62

Function 00A8B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8B6F4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8B772
RegDeleteValueW.ADVAPI32(?,?), ref: 00A8B80A
RegCloseKey.ADVAPI32(?), ref: 00A8B87E
RegCloseKey.ADVAPI32(?), ref: 00A8B89C
LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A8B8F2
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A8B904
RegDeleteKeyW.ADVAPI32(?,?), ref: 00A8B922
FreeLibrary.KERNEL32(00000000), ref: 00A8B983
RegCloseKey.ADVAPI32(00000000), ref: 00A8B994

Strings

advapi32.dll, xrefs: 00A8B8ED
RegDeleteKeyExW, xrefs: 00A8B8FE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 146587525-4033151799
Opcode ID: 1955b49472e2d0fd8d9a2e439f7d8d7258c7d1844d87506d096144436a33db96
Instruction ID: d63a972558fed6909e8bf41c9fba7855d8b9dd7b04c1121be5a5b8f8e0c47097
Opcode Fuzzy Hash: 1955b49472e2d0fd8d9a2e439f7d8d7258c7d1844d87506d096144436a33db96
Instruction Fuzzy Hash: 4CC17E30214201AFD714EF24C495F2ABBE5BF84318F14855CF59A4B2A2CB75ED46CBA2

Function 00A8255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A825D8
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A825E8
CreateCompatibleDC.GDI32(?), ref: 00A825F4
SelectObject.GDI32(00000000,?), ref: 00A82601
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A8266D
GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A826AC
GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A826D0
SelectObject.GDI32(?,?), ref: 00A826D8
DeleteObject.GDI32(?), ref: 00A826E1
DeleteDC.GDI32(?), ref: 00A826E8
ReleaseDC.USER32(00000000,?), ref: 00A826F3

Strings

(, xrefs: 00A8268D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 76f830b44d84b0a92c376c324af6fd9485055842aff631b1cf7d5ffab1a48440
Instruction ID: 1e1306cfc9693be822b026aa17600b9b0bd9b3bd5a82e55462cf30454a1187db
Opcode Fuzzy Hash: 76f830b44d84b0a92c376c324af6fd9485055842aff631b1cf7d5ffab1a48440
Instruction Fuzzy Hash: AD61F375E00219EFCF14DFE8D984AAEBBB5FF48310F20852AE955A7250E770A941CF64

Function 00A3DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00A3DAA1

Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D659
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D66B
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D67D
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D68F
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6A1
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6B3
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6C5
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6D7
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6E9
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D6FB
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D70D
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D71F
Part of subcall function 00A3D63C: _free.LIBCMT ref: 00A3D731

_free.LIBCMT ref: 00A3DA96

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

_free.LIBCMT ref: 00A3DAB8
_free.LIBCMT ref: 00A3DACD
_free.LIBCMT ref: 00A3DAD8
_free.LIBCMT ref: 00A3DAFA
_free.LIBCMT ref: 00A3DB0D
_free.LIBCMT ref: 00A3DB1B
_free.LIBCMT ref: 00A3DB26
_free.LIBCMT ref: 00A3DB5E
_free.LIBCMT ref: 00A3DB65
_free.LIBCMT ref: 00A3DB82
_free.LIBCMT ref: 00A3DB9A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: b93d9865debfbc1a363ab733d278cc2a6938834d255316bd56fe93c788bb87db
Instruction ID: 5a6f6b3f117df63b7113a7ead8bf854b9a67a749510ccf9038109eb62c73cb87
Opcode Fuzzy Hash: b93d9865debfbc1a363ab733d278cc2a6938834d255316bd56fe93c788bb87db
Instruction Fuzzy Hash: DF312732A04705DFEB22AF39FA45B5AB7E9FF40360F154469F459DB191DB31AC808B20

Function 00A6365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00A6369C
_wcslen.LIBCMT ref: 00A636A7
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00A63797
GetClassNameW.USER32(?,?,00000400), ref: 00A6380C
GetDlgCtrlID.USER32(?), ref: 00A6385D
GetWindowRect.USER32(?,?), ref: 00A63882
GetParent.USER32(?), ref: 00A638A0
ScreenToClient.USER32(00000000), ref: 00A638A7
GetClassNameW.USER32(?,?,00000100), ref: 00A63921
GetWindowTextW.USER32(?,?,00000400), ref: 00A6395D

Strings

%s%u, xrefs: 00A63734

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
String ID: %s%u
API String ID: 4010501982-679674701
Opcode ID: 0dbe0b79d7e4196d8ab553bb497eac9d7c3fd4e1e68ce7fe8b333a4f092f1efc
Instruction ID: be1fe28d35fc2dbdb7ff8ec8423c5fdd3129afdfe577a07ce30eed5c424c204e
Opcode Fuzzy Hash: 0dbe0b79d7e4196d8ab553bb497eac9d7c3fd4e1e68ce7fe8b333a4f092f1efc
Instruction Fuzzy Hash: 0991B172204706AFDB19DF64C895BEAB7B8FF44350F008529F99AC6190DB30EA46CB91

Function 00A64954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000400), ref: 00A64994
GetWindowTextW.USER32(?,?,00000400), ref: 00A649DA
_wcslen.LIBCMT ref: 00A649EB
CharUpperBuffW.USER32(?,00000000), ref: 00A649F7
_wcsstr.LIBVCRUNTIME ref: 00A64A2C
GetClassNameW.USER32(00000018,?,00000400), ref: 00A64A64
GetWindowTextW.USER32(?,?,00000400), ref: 00A64A9D
GetClassNameW.USER32(00000018,?,00000400), ref: 00A64AE6
GetClassNameW.USER32(?,?,00000400), ref: 00A64B20
GetWindowRect.USER32(?,?), ref: 00A64B8B

Strings

ThumbnailClass, xrefs: 00A64A6F, 00A64AF1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
String ID: ThumbnailClass
API String ID: 1311036022-1241985126
Opcode ID: 13d6cfa761ad8c73ee10433c2f0dd37cb9ca7a18a532e21160e6907900f57342
Instruction ID: c75509d0ea4448aaa1a4badbe9d65717f99de2f5434cb4c5b7da586de3b3ea3b
Opcode Fuzzy Hash: 13d6cfa761ad8c73ee10433c2f0dd37cb9ca7a18a532e21160e6907900f57342
Instruction Fuzzy Hash: 1991EE72104205AFDB04CF54C981BAA7BF8FF88354F04846AFE859A196DB30ED45CBA1

Function 00A6BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00AD1990,000000FF,00000000,00000030), ref: 00A6BFAC
SetMenuItemInfoW.USER32(00AD1990,00000004,00000000,00000030), ref: 00A6BFE1
Sleep.KERNEL32(000001F4), ref: 00A6BFF3
GetMenuItemCount.USER32(?), ref: 00A6C039
GetMenuItemID.USER32(?,00000000), ref: 00A6C056
GetMenuItemID.USER32(?,-00000001), ref: 00A6C082
GetMenuItemID.USER32(?,?), ref: 00A6C0C9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A6C10F
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A6C124
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A6C145

Strings

0, xrefs: 00A6BF3D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID: 0
API String ID: 1460738036-4108050209
Opcode ID: f889f8fe3d99fe9ca1a1c0686f1e6625e2c6bebf0c9244bbc1f3a43afe17c537
Instruction ID: 9241830487508c5fca01d6abf06457892343842d8c6015e4f33941adb9abfd29
Opcode Fuzzy Hash: f889f8fe3d99fe9ca1a1c0686f1e6625e2c6bebf0c9244bbc1f3a43afe17c537
Instruction Fuzzy Hash: 0D61B3B0A0024AAFDF11CFA4CD88AFE7BB8EB05364F404116F991A3291CB35AD45CB60

Function 00A8CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A8CC64
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A8CC8D
FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A8CD48

Part of subcall function 00A8CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A8CCAA
Part of subcall function 00A8CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A8CCBD
Part of subcall function 00A8CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A8CCCF
Part of subcall function 00A8CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A8CD05
Part of subcall function 00A8CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A8CD28

RegDeleteKeyW.ADVAPI32(?,?), ref: 00A8CCF3

Strings

advapi32.dll, xrefs: 00A8CCB8
RegDeleteKeyExW, xrefs: 00A8CCC9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2734957052-4033151799
Opcode ID: f6d44055cbfeb60f145bedddc85cb6c0b3c4bf68e901ad86c2b36d7669bebdd8
Instruction ID: 99bd824d0e0e7e3a3be4223593a06c78f13877c76b2c76a82845e65774a46ab7
Opcode Fuzzy Hash: f6d44055cbfeb60f145bedddc85cb6c0b3c4bf68e901ad86c2b36d7669bebdd8
Instruction Fuzzy Hash: 803160B1A01129BBDB20EB95DC88EFFBB7CEF45760F000166A905E3150DA749A46DFB0

Function 00A73D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A73D40
_wcslen.LIBCMT ref: 00A73D6D
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A73D9D
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A73DBE
RemoveDirectoryW.KERNEL32(?), ref: 00A73DCE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A73E55
CloseHandle.KERNEL32(00000000), ref: 00A73E60
CloseHandle.KERNEL32(00000000), ref: 00A73E6B

Strings

\??\%s, xrefs: 00A73D5B
\, xrefs: 00A73D77
:, xrefs: 00A73D82

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
String ID: :$\$\??\%s
API String ID: 1149970189-3457252023
Opcode ID: bce8975ea4260902d3188bfe979235800b84acabe54a4a0990263e245e0602fb
Instruction ID: 495915dd1e2d4a695d0d59a57a969e6c9c5ebaacde8238dabd5bfbf1b90a9d08
Opcode Fuzzy Hash: bce8975ea4260902d3188bfe979235800b84acabe54a4a0990263e245e0602fb
Instruction Fuzzy Hash: E031AF72A00219ABDF20DBA4DC49FEB37BCEF88710F1181B6F509D6061EB7097858B24

Function 00A6E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A6E6B4

Part of subcall function 00A1E551: timeGetTime.WINMM(?,?,00A6E6D4), ref: 00A1E555

Sleep.KERNEL32(0000000A), ref: 00A6E6E1
EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00A6E705
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A6E727
SetActiveWindow.USER32 ref: 00A6E746
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A6E754
SendMessageW.USER32(00000010,00000000,00000000), ref: 00A6E773
Sleep.KERNEL32(000000FA), ref: 00A6E77E
IsWindow.USER32 ref: 00A6E78A
EndDialog.USER32(00000000), ref: 00A6E79B

Strings

BUTTON, xrefs: 00A6E719

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: dd08c2d9353f4eff710039280fccdbd739ed13aa31aed9a2f58e4ada50cda6e3
Instruction ID: d20f40dbfbbb0a2f99c876a8c98ad2a722e1a7828491fcf6d97b1ae7d8384ef2
Opcode Fuzzy Hash: dd08c2d9353f4eff710039280fccdbd739ed13aa31aed9a2f58e4ada50cda6e3
Instruction Fuzzy Hash: 19218CB9341704BFEB01DFE4EC89B263B79FB64758B101826F912821A1DF71AC16DB24

Function 00A6E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A6EA5D
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A6EA73
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A6EA84
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A6EA96
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A6EAA7

Strings

close PlayMe, xrefs: 00A6EA6E, 00A6EA9B
open , xrefs: 00A6EA0C
alias PlayMe, xrefs: 00A6EA36
play PlayMe wait, xrefs: 00A6EA91
status PlayMe mode, xrefs: 00A6EA58
play PlayMe, xrefs: 00A6EAA2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: SendString$_wcslen
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2420728520-1007645807
Opcode ID: ca4e316e5b6b387a5ea8eac4a8cfbc89dca79f526ea69fe4f390042879f13c83
Instruction ID: 25407dd89247ddf614e14d7fc89b06a086a35bf1e85877def5e1890f89f75c2b
Opcode Fuzzy Hash: ca4e316e5b6b387a5ea8eac4a8cfbc89dca79f526ea69fe4f390042879f13c83
Instruction Fuzzy Hash: C111A335A5021D79D720E7A5ED4AEFF6A7CFFD1B40F0008297401A20D1EE700905C6B1

Function 00A69F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A6A012
SetKeyboardState.USER32(?), ref: 00A6A07D
GetAsyncKeyState.USER32(000000A0), ref: 00A6A09D
GetKeyState.USER32(000000A0), ref: 00A6A0B4
GetAsyncKeyState.USER32(000000A1), ref: 00A6A0E3
GetKeyState.USER32(000000A1), ref: 00A6A0F4
GetAsyncKeyState.USER32(00000011), ref: 00A6A120
GetKeyState.USER32(00000011), ref: 00A6A12E
GetAsyncKeyState.USER32(00000012), ref: 00A6A157
GetKeyState.USER32(00000012), ref: 00A6A165
GetAsyncKeyState.USER32(0000005B), ref: 00A6A18E
GetKeyState.USER32(0000005B), ref: 00A6A19C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 979e907bfcccb5838d2250b9a657059496c3ebae7a48baf91b57433c3f292b0a
Instruction ID: 327eb2e5d6bfa330604bb4215fac8a5d141c4cc6875a1cca5e91d27313d0acf7
Opcode Fuzzy Hash: 979e907bfcccb5838d2250b9a657059496c3ebae7a48baf91b57433c3f292b0a
Instruction Fuzzy Hash: 6C51BB7060478429FB35DBB085117EBBFF59F23340F098599D5C2671C2DA64AE8CCB62

Function 00A65CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00A65CE2
GetWindowRect.USER32(00000000,?), ref: 00A65CFB
MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A65D59
GetDlgItem.USER32(?,00000002), ref: 00A65D69
GetWindowRect.USER32(00000000,?), ref: 00A65D7B
MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A65DCF
GetDlgItem.USER32(?,000003E9), ref: 00A65DDD
GetWindowRect.USER32(00000000,?), ref: 00A65DEF
MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A65E31
GetDlgItem.USER32(?,000003EA), ref: 00A65E44
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A65E5A
InvalidateRect.USER32(?,00000000,00000001), ref: 00A65E67

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 0749e6f1993c3854a61fcd2787f9f0610b7bd971a7f57f5ae1d19ce74510eca1
Instruction ID: e77a8d21533aeec2de8947995a9c67e67c40b4ee5919fc598e588f8595ba1ae8
Opcode Fuzzy Hash: 0749e6f1993c3854a61fcd2787f9f0610b7bd971a7f57f5ae1d19ce74510eca1
Instruction Fuzzy Hash: 08510C71F00605AFDF18CFA8DD89AAEBBB5EF48310F548129F515E6290DB709E01CB60

Function 00A18BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00A18F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A18BE8,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18FC5

DestroyWindow.USER32(?), ref: 00A18C81
KillTimer.USER32(00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A18D1B
DestroyAcceleratorTable.USER32(00000000), ref: 00A56973
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A569A1
ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000,?), ref: 00A569B8
ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A18BBA,00000000), ref: 00A569D4
DeleteObject.GDI32(00000000), ref: 00A569E6

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: beff6a349063291c40701f39ec336db2bd4fe24c9535d05a87ef873d6e0f3348
Instruction ID: 67317e849d28b787b8689e03df10be71bfbc3dc56eb7ec4c982b93d51d3d015a
Opcode Fuzzy Hash: beff6a349063291c40701f39ec336db2bd4fe24c9535d05a87ef873d6e0f3348
Instruction Fuzzy Hash: AC618D30602700EFCB25DFA8DA58BA977F1FB40352F54451AE4439B960CB39A9C6DF90

Function 00A19838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00A19944: GetWindowLongW.USER32(?,000000EB), ref: 00A19952

GetSysColor.USER32(0000000F), ref: 00A19862

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: d6f9e3b6141c59f187250bfa8ca5a38e24116c97dcf6f6082334416978f2bd4d
Instruction ID: 850d859686d8e40cbd3b9645b0e65c3963c4a677ca90d8e61e6dc730346bf2ce
Opcode Fuzzy Hash: d6f9e3b6141c59f187250bfa8ca5a38e24116c97dcf6f6082334416978f2bd4d
Instruction Fuzzy Hash: 4641A531204640AFDB209F7C9C94BFA3BA5FB06771F244616F9A29B1E1DB319C82DB11

Function 00A696E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A4F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00A69717
LoadStringW.USER32(00000000,?,00A4F7F8,00000001), ref: 00A69720

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A4F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00A69742
LoadStringW.USER32(00000000,?,00A4F7F8,00000001), ref: 00A69745
MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00A69866

Strings

Line %d (File "%s"):, xrefs: 00A6978F
^ ERROR, xrefs: 00A697FB
Error: , xrefs: 00A6981D
%s (%d) : ==> %s: %s %s, xrefs: 00A6984A
Line %d:, xrefs: 00A697A0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wcslen
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 747408836-2268648507
Opcode ID: 95c1d222f4ee9a03f381642362a387d2e6fc42cf469f3c0f62b9a3ab4226425d
Instruction ID: 3124b6f19e0d8515ea06305f75044e108b9e8372e9e5992102084a9ee42e51a2
Opcode Fuzzy Hash: 95c1d222f4ee9a03f381642362a387d2e6fc42cf469f3c0f62b9a3ab4226425d
Instruction Fuzzy Hash: 2A41197290020DAADF04EBE0EF86EEFB77CAF55340F500465B60576092EA356F49CB61

Function 00A606DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A607A2
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A607BE
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A607DA
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A60804
CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A6082C
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A60837
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A6083C

Strings

\CLSID, xrefs: 00A60724
\IPC$, xrefs: 00A60784
SOFTWARE\Classes\, xrefs: 00A6070E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 323675364-22481851
Opcode ID: 99fbf9da71c8e6ed3806090343cf95a065c21acea194702269401187f89b06c4
Instruction ID: 811b1a488e7ed0f62704bd9ba3890ace53dc28bb2074ae88df3eacbaa83c98af
Opcode Fuzzy Hash: 99fbf9da71c8e6ed3806090343cf95a065c21acea194702269401187f89b06c4
Instruction Fuzzy Hash: B9410672D1062DABDF15EBA4ED85DEEB778BF14350F044169E901A71A1EB30AE44CBA0

Function 00A93F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00A9403B
CreateCompatibleDC.GDI32(00000000), ref: 00A94042
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00A94055
SelectObject.GDI32(00000000,00000000), ref: 00A9405D
GetPixel.GDI32(00000000,00000000,00000000), ref: 00A94068
DeleteDC.GDI32(00000000), ref: 00A94072
GetWindowLongW.USER32(?,000000EC), ref: 00A9407C
SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00A94092
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00A9409E

Strings

static, xrefs: 00A93FD3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 7726ee6d19fe92c01378bd6d034661addb78c95f5fef35385053d14da79f7af8
Instruction ID: 56b83cba19b4391d0b2feaffb50152d0f1132b8494b3c63cee493f3473982515
Opcode Fuzzy Hash: 7726ee6d19fe92c01378bd6d034661addb78c95f5fef35385053d14da79f7af8
Instruction Fuzzy Hash: 28315C32601615BBDF219FA8DC49FDA3BA8EF0D324F110211FA15E61A0DB75D812DB64

Function 00A83C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A83C5C
CoInitialize.OLE32(00000000), ref: 00A83C8A
CoUninitialize.OLE32 ref: 00A83C94
_wcslen.LIBCMT ref: 00A83D2D
GetRunningObjectTable.OLE32(00000000,?), ref: 00A83DB1
SetErrorMode.KERNEL32(00000001,00000029), ref: 00A83ED5
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A83F0E
CoGetObject.OLE32(?,00000000,00A9FB98,?), ref: 00A83F2D
SetErrorMode.KERNEL32(00000000), ref: 00A83F40
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A83FC4
VariantClear.OLEAUT32(?), ref: 00A83FD8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
String ID:
API String ID: 429561992-0
Opcode ID: 9a07e4523d647cbb45eaeb62e562e6444de4bbeb2c390a6d2583e74a114f7fbf
Instruction ID: 1835ba6173d00249f1d459a11758abf3483f15a850ac1d9b2cbfdc222cbc3878
Opcode Fuzzy Hash: 9a07e4523d647cbb45eaeb62e562e6444de4bbeb2c390a6d2583e74a114f7fbf
Instruction Fuzzy Hash: 1CC147726083059FDB00EF68C98492BBBE9FF89B44F10491DF98A9B251DB31ED45CB52

Function 00A77A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A77AF3
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A77B8F
SHGetDesktopFolder.SHELL32(?), ref: 00A77BA3
CoCreateInstance.OLE32(00A9FD08,00000000,00000001,00AC6E6C,?), ref: 00A77BEF
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A77C74
CoTaskMemFree.OLE32(?,?), ref: 00A77CCC
SHBrowseForFolderW.SHELL32(?), ref: 00A77D57
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A77D7A
CoTaskMemFree.OLE32(00000000), ref: 00A77D81
CoTaskMemFree.OLE32(00000000), ref: 00A77DD6
CoUninitialize.OLE32 ref: 00A77DDC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: efc9c0b69d79b269841ad2903dff312b6c7cdf1b5e23d6f0d3a544cdea3696f9
Instruction ID: 894ec5bd963e2006e661599cfd2ef875c3c6aaba0f20ef16d8d267d55d5470b3
Opcode Fuzzy Hash: efc9c0b69d79b269841ad2903dff312b6c7cdf1b5e23d6f0d3a544cdea3696f9
Instruction Fuzzy Hash: F6C10C75A04109AFDB14DFA4C984DAEBBF5FF48314B14C499E81ADB262DB30ED45CB90

Function 00A9541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00A95504
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A95515
CharNextW.USER32(00000158), ref: 00A95544
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00A95585
SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00A9559B
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A955AC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$CharNext
String ID:
API String ID: 1350042424-0
Opcode ID: 16a2833d7da388fa96afa19aceef522cb7bad57706c92816d4270e23f9771490
Instruction ID: 13024a49b1d710a05ca93e6470a98a841fdbd9ef793dd114968be1fbc144b51f
Opcode Fuzzy Hash: 16a2833d7da388fa96afa19aceef522cb7bad57706c92816d4270e23f9771490
Instruction Fuzzy Hash: 0C618E35F00608AFDF12DFA4CC869FE7BF9EB45720F108145FA25AA291D7749A81DB60

Function 00A5FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A5FAAF
SafeArrayAllocData.OLEAUT32(?), ref: 00A5FB08
VariantInit.OLEAUT32(?), ref: 00A5FB1A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00A5FB3A
VariantCopy.OLEAUT32(?,?), ref: 00A5FB8D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00A5FBA1
VariantClear.OLEAUT32(?), ref: 00A5FBB6
SafeArrayDestroyData.OLEAUT32(?), ref: 00A5FBC3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A5FBCC
VariantClear.OLEAUT32(?), ref: 00A5FBDE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A5FBE9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 3d30bb489e4356c9ec71b1b6f2c2ec60dfe5d25ad16721dc4664acc3632f1fd0
Instruction ID: 9fa0e0447b65d0e0604220a28da64d9201241e4b89c6b2e71b7c3989707069cb
Opcode Fuzzy Hash: 3d30bb489e4356c9ec71b1b6f2c2ec60dfe5d25ad16721dc4664acc3632f1fd0
Instruction Fuzzy Hash: 04416375B00219DFCF00DFA8D8589ADBBB9FF48355F018065F916A7261CB30A946CFA1

Function 00A69C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00A69CA1
GetAsyncKeyState.USER32(000000A0), ref: 00A69D22
GetKeyState.USER32(000000A0), ref: 00A69D3D
GetAsyncKeyState.USER32(000000A1), ref: 00A69D57
GetKeyState.USER32(000000A1), ref: 00A69D6C
GetAsyncKeyState.USER32(00000011), ref: 00A69D84
GetKeyState.USER32(00000011), ref: 00A69D96
GetAsyncKeyState.USER32(00000012), ref: 00A69DAE
GetKeyState.USER32(00000012), ref: 00A69DC0
GetAsyncKeyState.USER32(0000005B), ref: 00A69DD8
GetKeyState.USER32(0000005B), ref: 00A69DEA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: d426351b89d01621c914e70d93ee634328ca4b3a0a43dd4116e9494aab579a7b
Instruction ID: f415de64eed881740db0a5a63f478825241c78c3ca4b22613fd14c1608f184be
Opcode Fuzzy Hash: d426351b89d01621c914e70d93ee634328ca4b3a0a43dd4116e9494aab579a7b
Instruction Fuzzy Hash: 3141C834604BC9ADFF31D7A4C8043B7BEB8AF11354F04806ADAC6565C2DBB599D8C7A2

Function 00A8055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00A805BC
inet_addr.WSOCK32(?), ref: 00A8061C
gethostbyname.WSOCK32(?), ref: 00A80628
IcmpCreateFile.IPHLPAPI ref: 00A80636
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A806C6
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A806E5
IcmpCloseHandle.IPHLPAPI(?), ref: 00A807B9
WSACleanup.WSOCK32 ref: 00A807BF

Strings

Ping, xrefs: 00A80676

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: d21e6397908f6d8b77151cad15eec4f3861c3290a8d2ecdf46e4647631d700f7
Instruction ID: 41c4c9b1f84c5c4a3fce10f238f762e4566622e4b5619a7183ab682c66540f60
Opcode Fuzzy Hash: d21e6397908f6d8b77151cad15eec4f3861c3290a8d2ecdf46e4647631d700f7
Instruction Fuzzy Hash: A891BF356086419FD360EF15D988F1ABBE0AF44318F1485A9F46A8B7A2CB70FC49CF91

Function 00A88CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00000000,?), ref: 00A88CF3

Part of subcall function 00A68E54: _wcslen.LIBCMT ref: 00A68E77

_wcslen.LIBCMT ref: 00A88D4E
_wcslen.LIBCMT ref: 00A88D9C
_wcslen.LIBCMT ref: 00A88DDC
_wcslen.LIBCMT ref: 00A88E6E

Strings

stdcall, xrefs: 00A88DD6, 00A88DDB
winapi, xrefs: 00A88D96, 00A88D9B
cdecl, xrefs: 00A88D48, 00A88D4D
none, xrefs: 00A88E65, 00A88E6A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 707087890-567219261
Opcode ID: 2e6fe6d7cb1372a8dbe3237206260439b163979259b6cc8077d75b3927f6b230
Instruction ID: 8510f4c99b729652ffacc28e17cf02f91dbb279b30653a8426d81866853d99b3
Opcode Fuzzy Hash: 2e6fe6d7cb1372a8dbe3237206260439b163979259b6cc8077d75b3927f6b230
Instruction Fuzzy Hash: 50519231A001169BCF14EF6CC9409BEB7B5BF64724BA14229E966E72C5DF39DD40C790

Function 00A8372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00A83774
CoUninitialize.OLE32 ref: 00A8377F
CoCreateInstance.OLE32(?,00000000,00000017,00A9FB78,?), ref: 00A837D9
IIDFromString.OLE32(?,?), ref: 00A8384C
VariantInit.OLEAUT32(?), ref: 00A838E4
VariantClear.OLEAUT32(?), ref: 00A83936

Strings

Failed to create object, xrefs: 00A837E4, 00A8389A
Invalid parameter, xrefs: 00A83865
NULL Pointer assignment, xrefs: 00A8381E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: be470792528afb3b85f47f0c089c44e6e3ef362a9b0ed989328f7026b2f26cac
Instruction ID: 7018fba300ab099831841fb79cd911c315c1f21d257f51268292860661f42b08
Opcode Fuzzy Hash: be470792528afb3b85f47f0c089c44e6e3ef362a9b0ed989328f7026b2f26cac
Instruction Fuzzy Hash: 7E61A072608701AFDB10EF54C948F6ABBE8EF49B10F004849F9859B291D770EE49CB92

Function 00A73388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00A733CF

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00A733F0

Strings

"%s" (%d) : ==> %s:, xrefs: 00A73522
Incorrect parameters to object property !, xrefs: 00A734AB
^ ERROR , xrefs: 00A7349E
Line %d (File "%s"):, xrefs: 00A73443, 00A7345C
Error: , xrefs: 00A734D1
"%s" (%d) : ==> %s:%s%s, xrefs: 00A73504

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-3080491070
Opcode ID: d3a555d84bdfda191e0f22ca62a5bb0525467f47ddda9f3756b81be761e47707
Instruction ID: 5731148694e8311748f712b4fcca57f84ee17e47eb6bde5e0a4cfdefcfd9d6c6
Opcode Fuzzy Hash: d3a555d84bdfda191e0f22ca62a5bb0525467f47ddda9f3756b81be761e47707
Instruction Fuzzy Hash: 77518C72900209BADF18EBE0DE46EEEB778AF04340F108465F509760A2EB312F58DB61

Function 00A6B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00A6B5FC
_wcslen.LIBCMT ref: 00A6B608
_wcslen.LIBCMT ref: 00A6B64D
_wcslen.LIBCMT ref: 00A6B68C
_wcslen.LIBCMT ref: 00A6B6C7

Strings

EXISTS, xrefs: 00A6B686, 00A6B68B
APPEND, xrefs: 00A6B6C1, 00A6B6C6
KEYS, xrefs: 00A6B647, 00A6B64C
REMOVE, xrefs: 00A6B602, 00A6B607

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 1256254125-769500911
Opcode ID: cdef311ad10b5a6c310a5bc23fa9c239705c074d4ea1192f9ed0ec42aad4462f
Instruction ID: a71f2486e9e38d11412c806ba035eb6320c4098aff64fb071baad5e7121924a7
Opcode Fuzzy Hash: cdef311ad10b5a6c310a5bc23fa9c239705c074d4ea1192f9ed0ec42aad4462f
Instruction Fuzzy Hash: BD41C636A211269BCB209F7DCD905BE77B5AFA0B54B254529E421DB284F731CDC1C7B0

Function 00A75393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A753A0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00A75416
GetLastError.KERNEL32 ref: 00A75420
SetErrorMode.KERNEL32(00000000,READY), ref: 00A754A7

Strings

INVALID, xrefs: 00A75459
READONLY, xrefs: 00A75452
READY, xrefs: 00A75460, 00A75468
NOTREADY, xrefs: 00A7544B
UNKNOWN, xrefs: 00A75444

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 8900d626af7eb4251f435f6c750ff67749e40fe954d1214448b51bde478315c9
Instruction ID: 30eb69f793a96c811293dd9b85b2dd492b0ffca5a6d45a01ede4981d58ea851e
Opcode Fuzzy Hash: 8900d626af7eb4251f435f6c750ff67749e40fe954d1214448b51bde478315c9
Instruction Fuzzy Hash: 40319F35E005049FDB10DF68C984BAABBB5EF05315F14C06AE40ACB292DBB1ED86CB91

Function 00A93C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00A93C79
SetMenu.USER32(?,00000000), ref: 00A93C88
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A93D10
IsMenu.USER32(?), ref: 00A93D24
CreatePopupMenu.USER32 ref: 00A93D2E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A93D5B
DrawMenuBar.USER32 ref: 00A93D63

Strings

0, xrefs: 00A93C54
F, xrefs: 00A93D4E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: dbc055591fef9f119be17fdda8e753b9cbfae927905568833c362fb66211ef6d
Instruction ID: 8e6ef96ca79e3842608761a78aba21ca8a193d88ba3ead7a37fbd9a54b7c8c19
Opcode Fuzzy Hash: dbc055591fef9f119be17fdda8e753b9cbfae927905568833c362fb66211ef6d
Instruction Fuzzy Hash: 784157BAB01609AFDF14CFA4D894AAA7BF5FF49350F140429F946A7360D730AA11CF94

Function 00A61EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A61F64
GetDlgCtrlID.USER32 ref: 00A61F6F
GetParent.USER32 ref: 00A61F8B
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A61F8E
GetDlgCtrlID.USER32(?), ref: 00A61F97
GetParent.USER32(?), ref: 00A61FAB
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A61FAE

Strings

ComboBox, xrefs: 00A61EEC
ListBox, xrefs: 00A61F21

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 4b545d0f90520f81de74a6a89400bbfb9736e0e40f81b54ea6032a203395e508
Instruction ID: c799f24c6a0a48f73369ba95be8ba411515dfb2cf352a2c2910b6e7953ee27e6
Opcode Fuzzy Hash: 4b545d0f90520f81de74a6a89400bbfb9736e0e40f81b54ea6032a203395e508
Instruction Fuzzy Hash: C121BE71E00218BBCF04EFA0DC85EEEBBB8EF15310F004116FA61A72E1DB3959199B60

Function 00A61FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A62043
GetDlgCtrlID.USER32 ref: 00A6204E
GetParent.USER32 ref: 00A6206A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A6206D
GetDlgCtrlID.USER32(?), ref: 00A62076
GetParent.USER32(?), ref: 00A6208A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00A6208D

Strings

ComboBox, xrefs: 00A61FCD
ListBox, xrefs: 00A62002

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_wcslen
String ID: ComboBox$ListBox
API String ID: 711023334-1403004172
Opcode ID: 6a3aee4facf86f4e7fe013eabfcfc73f9e55e4cee2a91fccaf8b6834e511e4cb
Instruction ID: cdeebe7874f5c7d86295539de7485a82b42d65c30a39bfd11317d497060f6034
Opcode Fuzzy Hash: 6a3aee4facf86f4e7fe013eabfcfc73f9e55e4cee2a91fccaf8b6834e511e4cb
Instruction Fuzzy Hash: 3321D1B5E00618BFDF10EFA0DC85EEEBBB8EF05310F005406FA51A72A1DA795919DB60

Function 00A93A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A93A9D
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A93AA0
GetWindowLongW.USER32(?,000000F0), ref: 00A93AC7
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A93AEA
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A93B62
SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A93BAC
SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A93BC7
SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A93BE2
SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A93BF6
SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A93C13

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 2c3c78b7730eab7670622f73fcec4648d7e5a302a7da77240c95bc67b2ed3c6d
Instruction ID: ec772df00d336966dfdffb8a9349d81477c677343382ad101442030fc49babe4
Opcode Fuzzy Hash: 2c3c78b7730eab7670622f73fcec4648d7e5a302a7da77240c95bc67b2ed3c6d
Instruction Fuzzy Hash: 12615B75A00248AFDF10DFA8CD81EEE77F8EB09710F10419AFA15A7292D774AE46DB50

Function 00A6B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A6B151
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B165
GetWindowThreadProcessId.USER32(00000000), ref: 00A6B16C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B17B
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A6B18D
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1A6
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1B8
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B1FD
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B212
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A6A1E1,?,00000001), ref: 00A6B21D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 584c7c38d9045d09eb397d571fb2a6b650f94d257638a6be37016840eb11a6f8
Instruction ID: d7c230950e2df76e89bcfe3f8f7ce4f546d3ec479de56a481b75a7c79687226d
Opcode Fuzzy Hash: 584c7c38d9045d09eb397d571fb2a6b650f94d257638a6be37016840eb11a6f8
Instruction Fuzzy Hash: D3319172610604BFDF10DFA4DC58BAE7BB9BB51321F108116FA06D61A0DBB49A828F71

Function 00A32C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A32C94

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

_free.LIBCMT ref: 00A32CA0
_free.LIBCMT ref: 00A32CAB
_free.LIBCMT ref: 00A32CB6
_free.LIBCMT ref: 00A32CC1
_free.LIBCMT ref: 00A32CCC
_free.LIBCMT ref: 00A32CD7
_free.LIBCMT ref: 00A32CE2
_free.LIBCMT ref: 00A32CED
_free.LIBCMT ref: 00A32CFB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: b0d061ed36a3355f28b214eeb8cb20772df4c788da4a7a1d2fc446e1d8cfb4ba
Instruction ID: f63dc1290b42930180499a3976290828c5e2d28d2da11c0e834d9bcfe3430fbf
Opcode Fuzzy Hash: b0d061ed36a3355f28b214eeb8cb20772df4c788da4a7a1d2fc446e1d8cfb4ba
Instruction Fuzzy Hash: E511C876100118BFCB02EF54EA82EDD7BA5FF45350F4144A5FA489F232DA31EE509B90

Function 00A01410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A01459
OleUninitialize.OLE32(?,00000000), ref: 00A014F8
UnregisterHotKey.USER32(?), ref: 00A016DD
DestroyWindow.USER32(?), ref: 00A424B9
FreeLibrary.KERNEL32(?), ref: 00A4251E
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A4254B

Strings

close all, xrefs: 00A01454

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 5119dcaf75d7f99618b3c7f5b443d6eba3c478d29bb09f7d92f8840e482a4210
Instruction ID: b828d68ff5682bff27a73075514f4e06f8ca88394151b018a780492faf5370f8
Opcode Fuzzy Hash: 5119dcaf75d7f99618b3c7f5b443d6eba3c478d29bb09f7d92f8840e482a4210
Instruction Fuzzy Hash: 04D1AD35701212CFCB19EF14D995BA9F7A0BF44310F5582ADF44A6B2A2DB31AC12CF91

Function 00A77DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A77FAD
SetCurrentDirectoryW.KERNEL32(?), ref: 00A77FC1
GetFileAttributesW.KERNEL32(?), ref: 00A77FEB
SetFileAttributesW.KERNEL32(?,00000000), ref: 00A78005
SetCurrentDirectoryW.KERNEL32(?), ref: 00A78017
SetCurrentDirectoryW.KERNEL32(?), ref: 00A78060
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A780B0

Strings

*.*, xrefs: 00A78066

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 9be1dc4fc16b6834a89ac52d925e4977cf09fe5f113db30e09872127ac8666b7
Instruction ID: f031a54469ca3901bacdffb5334705ea7accf4969f27e5d4ea3528d952291511
Opcode Fuzzy Hash: 9be1dc4fc16b6834a89ac52d925e4977cf09fe5f113db30e09872127ac8666b7
Instruction Fuzzy Hash: E5818E725082059BDB20EF14CD449AEB3E8BF88714F54CC6EF889D7250EB75ED498B92

Function 00A05BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00A05C7A

Part of subcall function 00A05D0A: GetClientRect.USER32(?,?), ref: 00A05D30
Part of subcall function 00A05D0A: GetWindowRect.USER32(?,?), ref: 00A05D71
Part of subcall function 00A05D0A: ScreenToClient.USER32(?,?), ref: 00A05D99

GetDC.USER32 ref: 00A446F5
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A44708
SelectObject.GDI32(00000000,00000000), ref: 00A44716
SelectObject.GDI32(00000000,00000000), ref: 00A4472B
ReleaseDC.USER32(?,00000000), ref: 00A44733
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A447C4

Strings

U, xrefs: 00A44693

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 624c3f43575704ddf606d20ffb04043f398a703dfb3eedfa7bd9cdaf72957d41
Instruction ID: ce9e6a25329dfd95562b047e3a94f66e4d293d400e93ba0d6dc75c3ff4390a94
Opcode Fuzzy Hash: 624c3f43575704ddf606d20ffb04043f398a703dfb3eedfa7bd9cdaf72957d41
Instruction Fuzzy Hash: 6D71F239900209EFDF21CF64C984BBA7BB5FF8A361F14426AED565A1A6C7309C42DF50

Function 00A7359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00A735E4

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

LoadStringW.USER32(00AD2390,?,00000FFF,?), ref: 00A7360A

Strings

"%s" (%d) : ==> %s:, xrefs: 00A73742
Line %d (File "%s"):, xrefs: 00A7366B
^ ERROR, xrefs: 00A736C9
Error: , xrefs: 00A736EF
"%s" (%d) : ==> %s:%s%s, xrefs: 00A73724

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LoadString$_wcslen
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 4099089115-2391861430
Opcode ID: 98779ed92ec2622d1902668ae16f9c9b81535d234d403c46ab90dc3df2959df0
Instruction ID: 00b9c13f7fb023a03847540edde7c6266948f02ceecb947ddcaff204aee5b1e7
Opcode Fuzzy Hash: 98779ed92ec2622d1902668ae16f9c9b81535d234d403c46ab90dc3df2959df0
Instruction Fuzzy Hash: 1A516F72D00209BADF14EBE0DE42EEEBB78AF14340F148125F105761A2DB311B99DF61

Function 00A7C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A7C272
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A7C29A
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A7C2CA
GetLastError.KERNEL32 ref: 00A7C322
SetEvent.KERNEL32(?), ref: 00A7C336
InternetCloseHandle.WININET(00000000), ref: 00A7C341

Strings

, xrefs: 00A7C2BB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 4efc83bc1c382d9558279fff40394961be4762cb7ddba3cae2d9c587f92dcf2d
Instruction ID: 85c445c5130e58e5eed64a80c1e922d3d60c776f7bc82826926fbb07859fb2e6
Opcode Fuzzy Hash: 4efc83bc1c382d9558279fff40394961be4762cb7ddba3cae2d9c587f92dcf2d
Instruction Fuzzy Hash: E2317CB1600708AFD721DFA48D88AABBBFCEB49764F10C51EF44A97201DB34DD059B60

Function 00A6989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A43AAF,?,?,Bad directive syntax error,00A9CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00A698BC
LoadStringW.USER32(00000000,?,00A43AAF,?), ref: 00A698C3

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A69987

Strings

., xrefs: 00A6996D
Error: , xrefs: 00A69955
%s (%d) : ==> %s.: %s %s, xrefs: 00A698F1
Line %d (File "%s"):, xrefs: 00A6992D
Line %d:, xrefs: 00A69912

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HandleLoadMessageModuleString_wcslen
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 858772685-4153970271
Opcode ID: d55071eb29c262fedb23cb059c732db44e8c78664b6f08667ec86865b0c9275b
Instruction ID: e9f130f58cf4b7144eb115845bfbc489f03dd62c2fb8fed6cd082cbf5391a036
Opcode Fuzzy Hash: d55071eb29c262fedb23cb059c732db44e8c78664b6f08667ec86865b0c9275b
Instruction Fuzzy Hash: A2217A3290021EBBCF15EF90DE46EEE7779BF18300F04486AF515660A2EB31AA58DB11

Function 00A6209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00A620AB
GetClassNameW.USER32(00000000,?,00000100), ref: 00A620C0
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A6214D

Strings

list, xrefs: 00A6212F
details, xrefs: 00A620FB
largeicons, xrefs: 00A620E1
smallicons, xrefs: 00A62115
SHELLDLL_DefView, xrefs: 00A620CC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: 4c073ca017b2b316b0b641177e972f275c1316d3298877a72835fa080a9ec534
Instruction ID: 917c8d32b2ce013f17daa9ad6c27f2523eda794005726e48854c267f4a548332
Opcode Fuzzy Hash: 4c073ca017b2b316b0b641177e972f275c1316d3298877a72835fa080a9ec534
Instruction Fuzzy Hash: 74110A7668CB16B9F601A334EC06FE677BCDB16764B21022AFB04A90D1FE616C425714

Function 00A38D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32ee3d99bd697cdcb4881789862ee2055c8d8b4312bd64be51555061ae2b79b
Instruction ID: 460cc1d7360a4cddbea7e3bbe87664c50a6ceb60a2708565a4c5bd7a25c43d02
Opcode Fuzzy Hash: f32ee3d99bd697cdcb4881789862ee2055c8d8b4312bd64be51555061ae2b79b
Instruction Fuzzy Hash: 0AC1D174A04349AFDF15DFECD841BAEBBB0AF0A310F1441A9F455A7392CB749942CB61

Function 00A3CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00A3CEB7
_free.LIBCMT ref: 00A3CF22
_free.LIBCMT ref: 00A3CF48
_free.LIBCMT ref: 00A3CF71
_free.LIBCMT ref: 00A3CFA9
_free.LIBCMT ref: 00A3CFDA
_free.LIBCMT ref: 00A3D01B
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 00A3D09C
_free.LIBCMT ref: 00A3D0B5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$EnvironmentVariable___from_strstr_to_strchr
String ID:
API String ID: 1282221369-0
Opcode ID: b848943c96ae5c08b512923163016531c1ca011d3679ed8e6619ea6049bf8015
Instruction ID: 32ea380b144df05b93af683a140d50f37fba02456bf7eff2906e518cc65e07d7
Opcode Fuzzy Hash: b848943c96ae5c08b512923163016531c1ca011d3679ed8e6619ea6049bf8015
Instruction Fuzzy Hash: E1612871905310AFDB25AFB4AD81BAE7BA6EF06330F14416EF945B7281E7329D01C790

Function 00A950D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00A95186
ShowWindow.USER32(?,00000000), ref: 00A951C7
ShowWindow.USER32(?,00000005,?,00000000), ref: 00A951CD
SetFocus.USER32(?,?,00000005,?,00000000), ref: 00A951D1

Part of subcall function 00A96FBA: DeleteObject.GDI32(00000000), ref: 00A96FE6

GetWindowLongW.USER32(?,000000F0), ref: 00A9520D
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A9521A
InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00A9524D
SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00A95287
SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00A95296

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
String ID:
API String ID: 3210457359-0
Opcode ID: 179bd0ac850ef5fd047429b463b85ad2b6043579b706ddb0bcdc9180cd190a21
Instruction ID: 5434ca3c22c8594f17a5b87d614c1c94c42b4b67a96a01d72c8149e061e674fd
Opcode Fuzzy Hash: 179bd0ac850ef5fd047429b463b85ad2b6043579b706ddb0bcdc9180cd190a21
Instruction Fuzzy Hash: 11518C34F51A08BEEF26AF74CC4BBD93BE5AB05321F244212F6159A2E0C775A981DB41

Function 00A18B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A56890
ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A568A9
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A568B9
ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A568D1
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A568F2
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A18874,00000000,00000000,00000000,000000FF,00000000), ref: 00A56901
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A5691E
DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A18874,00000000,00000000,00000000,000000FF,00000000), ref: 00A5692D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 02ac7af4242c4a5a5ee5aea4c87f3a038786386a2e65df8340db10bb8a8f6a3b
Instruction ID: 2bdee21cfd805c39d9f2373f934481f260ce4dae787eec7b21d2e409fb1ac0fb
Opcode Fuzzy Hash: 02ac7af4242c4a5a5ee5aea4c87f3a038786386a2e65df8340db10bb8a8f6a3b
Instruction Fuzzy Hash: 9D51B6B0A04209EFDB20CF64CC95FAA3BB6FF58760F104529F906972A0DB74E991DB50

Function 00A7C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A7C182
GetLastError.KERNEL32 ref: 00A7C195
SetEvent.KERNEL32(?), ref: 00A7C1A9

Part of subcall function 00A7C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A7C272
Part of subcall function 00A7C253: GetLastError.KERNEL32 ref: 00A7C322
Part of subcall function 00A7C253: SetEvent.KERNEL32(?), ref: 00A7C336
Part of subcall function 00A7C253: InternetCloseHandle.WININET(00000000), ref: 00A7C341

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
String ID:
API String ID: 337547030-0
Opcode ID: ea6c592f4b7d4d9c4ce365c95d84392c3f805e551d7a7106a96a8d859d6973bf
Instruction ID: 26ca5a32475109051999b190a084497b50dda11ed329cc31bef1f0ba47f53888
Opcode Fuzzy Hash: ea6c592f4b7d4d9c4ce365c95d84392c3f805e551d7a7106a96a8d859d6973bf
Instruction Fuzzy Hash: C6318371200B01AFDB21AFE5DD44AA7BBF8FF14320B50C52EF55A86611DB30E9159BA0

Function 00A625A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65

MapVirtualKeyW.USER32(00000025,00000000), ref: 00A625BD
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A625DB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A625DF
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A625E9
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A62601
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A62605
MapVirtualKeyW.USER32(00000025,00000000), ref: 00A6260F
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A62623
Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A62627

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 88b4c7b79d334dad63573e2a9b1019cd57655eb5faa928f16e3b065dcdd19be6
Instruction ID: 22c968a20c34abd9f8b7063c80094a6d13e8831179a5e4205f09c022ab16f744
Opcode Fuzzy Hash: 88b4c7b79d334dad63573e2a9b1019cd57655eb5faa928f16e3b065dcdd19be6
Instruction Fuzzy Hash: 4801D831390A20BBFB10A7A9DC8AF593F69DF5EB61F100012F314AE0D1CDE21445DA69

Function 00A61803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A61449,?,?,00000000), ref: 00A6180C
HeapAlloc.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A61813
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A61449,?,?,00000000), ref: 00A61828
GetCurrentProcess.KERNEL32(?,00000000,?,00A61449,?,?,00000000), ref: 00A61830
DuplicateHandle.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A61833
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A61449,?,?,00000000), ref: 00A61843
GetCurrentProcess.KERNEL32(00A61449,00000000,?,00A61449,?,?,00000000), ref: 00A6184B
DuplicateHandle.KERNEL32(00000000,?,00A61449,?,?,00000000), ref: 00A6184E
CreateThread.KERNEL32(00000000,00000000,00A61874,00000000,00000000,00000000), ref: 00A61868

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: c0b5cd1073dcb150cdf839df938633ee648268659bd6208016f96b559d461ad8
Instruction ID: 0f9539326aa416451551572a91ad027f5d12c64b39597cb6b12ff317fa1de331
Opcode Fuzzy Hash: c0b5cd1073dcb150cdf839df938633ee648268659bd6208016f96b559d461ad8
Instruction Fuzzy Hash: 4601A8B5340708BFEA10EBA5DD4AF6B7BACEB89B11F504512FA05DB1A1CA7098018B34

Function 00A8A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

Part of subcall function 00A6D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00A6D501
Part of subcall function 00A6D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00A6D50F
Part of subcall function 00A6D4DC: CloseHandle.KERNEL32(00000000), ref: 00A6D5DC

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A8A16D
GetLastError.KERNEL32 ref: 00A8A180
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A8A1B3
TerminateProcess.KERNEL32(00000000,00000000), ref: 00A8A268
GetLastError.KERNEL32(00000000), ref: 00A8A273
CloseHandle.KERNEL32(00000000), ref: 00A8A2C4

Strings

SeDebugPrivilege, xrefs: 00A8A18F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 07e5c7fa176009fcc793eb6160fb95393b1ed36e07d10b040167cc4ff3813c39
Instruction ID: 3fda9390ebbb5054ee12bd9a3c6751b9113b9df887736ef60681faac84fca099
Opcode Fuzzy Hash: 07e5c7fa176009fcc793eb6160fb95393b1ed36e07d10b040167cc4ff3813c39
Instruction Fuzzy Hash: DF61C3702046429FE720EF18C494F56BBE1AF54318F18858DE4664F7A3DB76EC45CB92

Function 00A93886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A93925
SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A9393A
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A93954
_wcslen.LIBCMT ref: 00A93999
SendMessageW.USER32(?,00001057,00000000,?), ref: 00A939C6
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A939F4

Strings

SysListView32, xrefs: 00A938F7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$Window_wcslen
String ID: SysListView32
API String ID: 2147712094-78025650
Opcode ID: a0550c0735e3b0daf6030af93a1700800689b7114b7973fc35e5f6644207bd0e
Instruction ID: 9787f35fb649b06185798f6fdaf07f34df19b13052bce25c5313b8f2765374ed
Opcode Fuzzy Hash: a0550c0735e3b0daf6030af93a1700800689b7114b7973fc35e5f6644207bd0e
Instruction Fuzzy Hash: 52418372A00219ABEF21DFA4CC45BEE7BF9EF08354F100526F959E7281D7759980CB90

Function 00A6BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A6BCFD
IsMenu.USER32(00000000), ref: 00A6BD1D
CreatePopupMenu.USER32 ref: 00A6BD53
GetMenuItemCount.USER32(00F95568), ref: 00A6BDA4
InsertMenuItemW.USER32(00F95568,?,00000001,00000030), ref: 00A6BDCC

Strings

0, xrefs: 00A6BCA8
2, xrefs: 00A6BD37

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID: 0$2
API String ID: 93392585-3793063076
Opcode ID: 2ad97aa582ba17e054992a6ef28f26e582d188cb80f8aba213eda444b86293cb
Instruction ID: baaef7fb8a66a89a68a344589a70706ed3dc73afd86f2ca643db4e5fd87ec82c
Opcode Fuzzy Hash: 2ad97aa582ba17e054992a6ef28f26e582d188cb80f8aba213eda444b86293cb
Instruction Fuzzy Hash: 5751AF70A10205EBDF21DFA8D984BAEBBF8BF45324F14426AE851DB291D7709981CB71

Function 00A6C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00A6C913

Strings

stop, xrefs: 00A6C8E4
info, xrefs: 00A6C8B4
question, xrefs: 00A6C8CC
blank, xrefs: 00A6C895
warning, xrefs: 00A6C8FC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: b7c24f64875999f9b16a3ba3960936f1e5e5c18c125eac7c7156952d096b03ad
Instruction ID: 06da8e4084aedd268a0921de97156fcc1025e23335fc8b809f7504a8f9a42658
Opcode Fuzzy Hash: b7c24f64875999f9b16a3ba3960936f1e5e5c18c125eac7c7156952d096b03ad
Instruction Fuzzy Hash: 4511B733689706BAE715DB54AC82DBA67BCDF19774B60043FF544A7282E7B05E005264

Function 00A6DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00A6DE42
gethostname.WSOCK32(?,00000100), ref: 00A6DE5C
gethostbyname.WSOCK32(?), ref: 00A6DE69
inet_ntoa.WSOCK32(?), ref: 00A6DEAB
_strcat.LIBCMT ref: 00A6DEB9
WSACleanup.WSOCK32 ref: 00A6DEDE

Strings

0.0.0.0, xrefs: 00A6DE87

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 642191829-3771769585
Opcode ID: 0fcacb37ad61756fc486df6b2cc8d841cc9eba4ea989905722348c160d4015bb
Instruction ID: 971a7e5abc011dc7ba39e423440b05414e094c37137c2bbe25a3c90eaed40b68
Opcode Fuzzy Hash: 0fcacb37ad61756fc486df6b2cc8d841cc9eba4ea989905722348c160d4015bb
Instruction Fuzzy Hash: E611EC71A04114BFCB20EB64DD4AEDE77BCDF15761F01017AF545EA091EFB18A818A90

Function 00A99F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

GetSystemMetrics.USER32(0000000F), ref: 00A99FC7
GetSystemMetrics.USER32(0000000F), ref: 00A99FE7
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00A9A224
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00A9A242
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00A9A263
ShowWindow.USER32(00000003,00000000), ref: 00A9A282
InvalidateRect.USER32(?,00000000,00000001), ref: 00A9A2A7
DefDlgProcW.USER32(?,00000005,?,?), ref: 00A9A2CA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 5145326515d142f4760cfc23eb5856d0e87aef73132a300abf72a367a495aec6
Instruction ID: 86367eb627fa2c222d937f4489209a0aa8343cce1f4ae110e805f794fda200e7
Opcode Fuzzy Hash: 5145326515d142f4760cfc23eb5856d0e87aef73132a300abf72a367a495aec6
Instruction Fuzzy Hash: F9B18831600215ABDF14CF68C9857EE7BF2BF54711F18816AEC499F2A5DB31A940CBA1

Function 00A6ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00A6ED2A
_wcslen.LIBCMT ref: 00A6ED3B
_wcslen.LIBCMT ref: 00A6ED79
_wcslen.LIBCMT ref: 00A6EDAF
_wcslen.LIBCMT ref: 00A6EDDF
_wcslen.LIBCMT ref: 00A6EDEF
_wcslen.LIBCMT ref: 00A6EE2B
_wcslen.LIBCMT ref: 00A6EE5A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$LocalTime
String ID:
API String ID: 952045576-0
Opcode ID: 4e31d4b62ddb6b6773933e03fab089386edf7938c3bb29773dc879824e70820c
Instruction ID: 84eddd4972638356ba3da74961b31db1ec33c1ca38a0a7b2ba573692e1e93838
Opcode Fuzzy Hash: 4e31d4b62ddb6b6773933e03fab089386edf7938c3bb29773dc879824e70820c
Instruction Fuzzy Hash: 22419375C10228B5DB11EBF8988A9CFB7BCAF49710F508472E528E3122FB34E255C3A5

Function 00A1F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A1F953
ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A5F3D1
ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A5F454

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 7cfbf87594aebe2d03dba47be73a99596757e19ab945d96f9b7c193a41e2639f
Instruction ID: e6e4e121fb8258a03ac338f77976bb4e8cb36372f7fdb498ef0bd268193d6d05
Opcode Fuzzy Hash: 7cfbf87594aebe2d03dba47be73a99596757e19ab945d96f9b7c193a41e2639f
Instruction Fuzzy Hash: 78414B312086C0BFD738EB79CD887AA7BA1BB46331F58443DE49756560D631A8C6CB10

Function 00A92D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00A92D1B
GetDC.USER32(00000000), ref: 00A92D23
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A92D2E
ReleaseDC.USER32(00000000,00000000), ref: 00A92D3A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A92D76
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A92D87
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A95A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00A92DC2
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A92DE1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: ac64b8987e6ad8d1c20f0cae51fec2cd3eccdf4599526111dded7472a65804a9
Instruction ID: edd99ada9995e53179ef94e937606816a25cf7a950baea29c25415e54404ae02
Opcode Fuzzy Hash: ac64b8987e6ad8d1c20f0cae51fec2cd3eccdf4599526111dded7472a65804a9
Instruction Fuzzy Hash: BB317C72201614BFEF118F90CC8AFEB3BA9EF09725F044056FE089A291CA759C51CBB4

Function 00A65622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00A65637
_memcmp.LIBVCRUNTIME ref: 00A65659
_memcmp.LIBVCRUNTIME ref: 00A65671
_memcmp.LIBVCRUNTIME ref: 00A65684
_memcmp.LIBVCRUNTIME ref: 00A6569E
_memcmp.LIBVCRUNTIME ref: 00A656B1
_memcmp.LIBVCRUNTIME ref: 00A656C9
_memcmp.LIBVCRUNTIME ref: 00A656E4

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: db6051be97278971d2af9887a241519484ed1748319bf4d6ff3f14053a3d9226
Instruction ID: 4ade12e7f47ab12d75ef01133c44fd905f6deaa22368273b871fadf82fbda4c2
Opcode Fuzzy Hash: db6051be97278971d2af9887a241519484ed1748319bf4d6ff3f14053a3d9226
Instruction Fuzzy Hash: 2A219275F40A197BD6149635EF82FBA33BDAE20394F484430FD04AE681F720ED20C5A5

Function 00A84FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON

Download Yara Rule

Strings

NULL Pointer assignment, xrefs: 00A8502E, 00A85383
Not an Object type, xrefs: 00A85007

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: a34a155ad4ce3180bf1c7a1e0b1bf5909374706e63137f38efe2168950ea5190
Instruction ID: a98c2c0ef161a9bd65158b6fecdd284f28ef5b5cb17912b940d9f50cda3abbae
Opcode Fuzzy Hash: a34a155ad4ce3180bf1c7a1e0b1bf5909374706e63137f38efe2168950ea5190
Instruction Fuzzy Hash: E2D1BD75E0060AAFDF10EFA8C894BAEB7B5FF48354F148569E915AB280E770DD41CB90

Function 00A41522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00A415CE
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A41651
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A416E4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00A416FB

Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852

MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A41777
__freea.LIBCMT ref: 00A417A2
__freea.LIBCMT ref: 00A417AE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
String ID:
API String ID: 2829977744-0
Opcode ID: 324af7965aadba3d07f58f04248c28a3435649c7fc511b4c66c326f3640a2242
Instruction ID: 56f286b85454d15c56efd9267201aca7d60efa01ddd36b00d69c89fd09a36f3d
Opcode Fuzzy Hash: 324af7965aadba3d07f58f04248c28a3435649c7fc511b4c66c326f3640a2242
Instruction Fuzzy Hash: F391B27AE002169EDF208FA4C981AEEBBB5AFC9350F184659F805E7141EB35DD81CB61

Function 00A84523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A84648
VariantInit.OLEAUT32(?), ref: 00A84749
VariantClear.OLEAUT32(?), ref: 00A84753
VariantClear.OLEAUT32(?), ref: 00A847B0

Strings

Null Object assignment in FOR..IN loop, xrefs: 00A845D8, 00A84706, 00A847BE
Incorrect Object type in FOR..IN loop, xrefs: 00A8472C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: 4a21077d0c547c14af9b6a975fe915e0c9f3a2813163bc676b6bef48cf45f7e9
Instruction ID: bbe24ec0a9bb558ff49101f9469e3b6c2cf229161988cbead4b3a9efb0af268d
Opcode Fuzzy Hash: 4a21077d0c547c14af9b6a975fe915e0c9f3a2813163bc676b6bef48cf45f7e9
Instruction Fuzzy Hash: 3B917271A0021AAFDF24DFA5C844FAEBBB8EF4A714F108569F515AB280D7749941CFA0

Function 00A71187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00A7125C
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A71284
SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00A712A8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A712D8
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A7135F
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A713C4
SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A71430

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ArraySafe$Data$Access$UnaccessVartype
String ID:
API String ID: 2550207440-0
Opcode ID: 37bc00da856cca482e42e7c354bd0a981b254096afa1c064a88e539754126ada
Instruction ID: 8b99ec0e8ee5cf9a43073f09f3927062846b0be19d616ca37d318e1c4c542a85
Opcode Fuzzy Hash: 37bc00da856cca482e42e7c354bd0a981b254096afa1c064a88e539754126ada
Instruction Fuzzy Hash: F491AE75A00219AFDB00DFA8D884BBEB7F5FF45325F14C029E958EB292D774A941CB90

Function 00A1948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: f987467818002fba8f9c7cb93d18c56012f0f29d658929f6dd4dd4c56a4eac74
Instruction ID: 6156616d4041a3cb2eaa542d907c0222be5da6fff59dae446244282a81a8e96a
Opcode Fuzzy Hash: f987467818002fba8f9c7cb93d18c56012f0f29d658929f6dd4dd4c56a4eac74
Instruction Fuzzy Hash: 5B913871D40219EFCB10CFA9CC84AEEBBB9FF49320F148155E915B7251D774AA86CB60

Function 00A83947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A8396B
CharUpperBuffW.USER32(?,?), ref: 00A83A7A
_wcslen.LIBCMT ref: 00A83A8A
VariantClear.OLEAUT32(?), ref: 00A83C1F

Part of subcall function 00A70CDF: VariantInit.OLEAUT32(00000000), ref: 00A70D1F
Part of subcall function 00A70CDF: VariantCopy.OLEAUT32(?,?), ref: 00A70D28
Part of subcall function 00A70CDF: VariantClear.OLEAUT32(?), ref: 00A70D34

Strings

Incorrect Parameter format, xrefs: 00A839A6, 00A83BA1
AUTOIT.ERROR, xrefs: 00A83A80, 00A83A85

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4137639002-1221869570
Opcode ID: 036d1e2e9627abee2c17cb6039ded8e4b7b46eed1d260406f46a08eb067a7616
Instruction ID: e51aa12b5e6165b8df376e4dea182d164ec84b76dfb788267dd6220ec88bd356
Opcode Fuzzy Hash: 036d1e2e9627abee2c17cb6039ded8e4b7b46eed1d260406f46a08eb067a7616
Instruction Fuzzy Hash: 8B917A756083059FCB04EF24C58496AB7E4FF88714F14882DF88A9B351DB31EE45CB92

Function 00A84BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 00A6000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?,?,00A6035E), ref: 00A6002B
Part of subcall function 00A6000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60046
Part of subcall function 00A6000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60054
Part of subcall function 00A6000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?), ref: 00A60064

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A84C51
_wcslen.LIBCMT ref: 00A84D59
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A84DCF
CoTaskMemFree.OLE32(?), ref: 00A84DDA

Strings

NULL Pointer assignment, xrefs: 00A84E23, 00A84E52

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
String ID: NULL Pointer assignment
API String ID: 614568839-2785691316
Opcode ID: 2d71f9b6c9df78f6cecaf1fbb946e7453229db4f1bc3f6ec0e59a23a07da0cc5
Instruction ID: 75db48bb9f3113934378397d9fd1dd77965e87cf24d312e4bdeb255a95d91de5
Opcode Fuzzy Hash: 2d71f9b6c9df78f6cecaf1fbb946e7453229db4f1bc3f6ec0e59a23a07da0cc5
Instruction Fuzzy Hash: 0C912871D0021DAFDF14EFA4D891EEEB7B8BF08314F10816AE915A7291EB309A45CF60

Function 00A920FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00A92183
GetMenuItemCount.USER32(00000000), ref: 00A921B5
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A921DD
_wcslen.LIBCMT ref: 00A92213
GetMenuItemID.USER32(?,?), ref: 00A9224D
GetSubMenu.USER32(?,?), ref: 00A9225B

Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A922E3

Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
String ID:
API String ID: 4196846111-0
Opcode ID: 9c409901ca4db422ee00e1ca87181f4aa2a02b14f370daedea338ce677067aa6
Instruction ID: 110bff2a614c5263ff00f18c30f58a32718f75f61bdd6adaeaf9225aa05c50e6
Opcode Fuzzy Hash: 9c409901ca4db422ee00e1ca87181f4aa2a02b14f370daedea338ce677067aa6
Instruction Fuzzy Hash: B1717D75B00215AFCF10EFA8D945BAEB7F5EF88320F148469E816EB341DB34AD418B90

Function 00A97E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00F955B8), ref: 00A97F37
IsWindowEnabled.USER32(00F955B8), ref: 00A97F43
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00A9801E
SendMessageW.USER32(00F955B8,000000B0,?,?), ref: 00A98051
IsDlgButtonChecked.USER32(?,?), ref: 00A98089
GetWindowLongW.USER32(00F955B8,000000EC), ref: 00A980AB
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00A980C3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: dd6ee786c760f9efeb65a9dd17a13eb8d2d6e691846276e760597f4cb5c73bc0
Instruction ID: d365b3ed7a5157fe1bd7be03ccca02eec7841e24f32b7d26e8621db2f3a79ed5
Opcode Fuzzy Hash: dd6ee786c760f9efeb65a9dd17a13eb8d2d6e691846276e760597f4cb5c73bc0
Instruction Fuzzy Hash: 71717C34709214AFEF21DF64C994FAEBBF5EF0A310F14445AE946A7261CB35AC45DB20

Function 00A6AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00A6AEF9
GetKeyboardState.USER32(?), ref: 00A6AF0E
SetKeyboardState.USER32(?), ref: 00A6AF6F
PostMessageW.USER32(?,00000101,00000010,?), ref: 00A6AF9D
PostMessageW.USER32(?,00000101,00000011,?), ref: 00A6AFBC
PostMessageW.USER32(?,00000101,00000012,?), ref: 00A6AFFD
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A6B020

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 5aa19537f470fe5d49792175e12064dabe97964daa7c89937c68f925d02c64da
Instruction ID: 9d19545eed4c4ac27363df73d8c2b33f7e2670241321a85517ecdebae143cf38
Opcode Fuzzy Hash: 5aa19537f470fe5d49792175e12064dabe97964daa7c89937c68f925d02c64da
Instruction Fuzzy Hash: 3751C2A0A147D53DFB3683348C45BBABEF95B06304F088489E1D9958C3C7A9ACC4DB62

Function 00A6ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00A6AD19
GetKeyboardState.USER32(?), ref: 00A6AD2E
SetKeyboardState.USER32(?), ref: 00A6AD8F
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A6ADBB
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A6ADD8
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A6AE17
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A6AE38

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 3b894f7995741a31c0833ee3b0bf2b5f3db2e2dce00c6b8024a598fa92927f5a
Instruction ID: 0a85e7a775ef423527265aa8e781541281b3e697c43c6c5c4b7c8ffc040b61a9
Opcode Fuzzy Hash: 3b894f7995741a31c0833ee3b0bf2b5f3db2e2dce00c6b8024a598fa92927f5a
Instruction Fuzzy Hash: 0A5108A16047E57DFB3383348C95BBA7EF85B55300F088489E1D5668C3D7A5EC84DB62

Function 00A3542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00A43CD6,?,?,?,?,?,?,?,?,00A35BA3,?,?,00A43CD6,?,?), ref: 00A35470
__fassign.LIBCMT ref: 00A354EB
__fassign.LIBCMT ref: 00A35506
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A43CD6,00000005,00000000,00000000), ref: 00A3552C
WriteFile.KERNEL32(?,00A43CD6,00000000,00A35BA3,00000000,?,?,?,?,?,?,?,?,?,00A35BA3,?), ref: 00A3554B
WriteFile.KERNEL32(?,?,00000001,00A35BA3,00000000,?,?,?,?,?,?,?,?,?,00A35BA3,?), ref: 00A35584

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 4ac015ef570ed81df96a002731da5d936c399a96a680cf76ebce2b5020b89567
Instruction ID: ef8afdda1fe4aaf7938fd958ad3d9e37c760b5a5d76fe0d6538fa80213b65e42
Opcode Fuzzy Hash: 4ac015ef570ed81df96a002731da5d936c399a96a680cf76ebce2b5020b89567
Instruction Fuzzy Hash: A2519071E00649AFDB10CFA8D845AEEBBF9EF09310F14456AF956E7291D730AA41CB60

Function 00A22D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00A22D4B
___except_validate_context_record.LIBVCRUNTIME ref: 00A22D53
_ValidateLocalCookies.LIBCMT ref: 00A22DE1
__IsNonwritableInCurrentImage.LIBCMT ref: 00A22E0C
_ValidateLocalCookies.LIBCMT ref: 00A22E61

Strings

csm, xrefs: 00A22DF6

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: f6177b5dad0ad0ceca91dd9618c2631c49202fcad35706c938b5183eaeffa7f8
Instruction ID: feee4d2df80f0fd5f1e062d9b922675b8e7cea834ed4872612ed2839dfa94694
Opcode Fuzzy Hash: f6177b5dad0ad0ceca91dd9618c2631c49202fcad35706c938b5183eaeffa7f8
Instruction Fuzzy Hash: 4E419D35E00229BBCF10DF6CE845BAEBBB5BF45324F148165E815AB392D735AA05CB90

Function 00A810B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8304E: inet_addr.WSOCK32(?), ref: 00A8307A
Part of subcall function 00A8304E: _wcslen.LIBCMT ref: 00A8309B

socket.WSOCK32(00000002,00000001,00000006), ref: 00A81112
WSAGetLastError.WSOCK32 ref: 00A81121
WSAGetLastError.WSOCK32 ref: 00A811C9
closesocket.WSOCK32(00000000), ref: 00A811F9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
String ID:
API String ID: 2675159561-0
Opcode ID: 16f08654171c90c2fd2adfe024563eb684677807c8e37185be3bd04fa890d91a
Instruction ID: fd42c740b001dad7fa498e57a22e2a22a187b1be48b8e1acb4322ab9140ea617
Opcode Fuzzy Hash: 16f08654171c90c2fd2adfe024563eb684677807c8e37185be3bd04fa890d91a
Instruction Fuzzy Hash: BE41F431600604AFDB10EF54D888BA9B7E9FF45764F148259F9059B291DB70AD82CBE1

Function 00A6CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A6CF22,?), ref: 00A6DDFD

Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A6CF22,?), ref: 00A6DE16

lstrcmpiW.KERNEL32(?,?), ref: 00A6CF45
MoveFileW.KERNEL32(?,?), ref: 00A6CF7F
_wcslen.LIBCMT ref: 00A6D005
_wcslen.LIBCMT ref: 00A6D01B
SHFileOperationW.SHELL32(?), ref: 00A6D061

Strings

\*.*, xrefs: 00A6CFF3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 3164238972-1173974218
Opcode ID: 692c56f8eab060b1f12e1d969fe8516766c858289d58de7f98056c64d121e2b5
Instruction ID: 8a7b5fef1d3e89a7b80b69048d6b051f375ea8e0b943336b3bd432efdca7a891
Opcode Fuzzy Hash: 692c56f8eab060b1f12e1d969fe8516766c858289d58de7f98056c64d121e2b5
Instruction Fuzzy Hash: 59416971D452189FDF12EFA4DA81AEEB7B8AF08780F0000E6E545EB142EF34A785CB50

Function 00A92DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A92E1C
GetWindowLongW.USER32(?,000000F0), ref: 00A92E4F
GetWindowLongW.USER32(?,000000F0), ref: 00A92E84
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A92EB6
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A92EE0
GetWindowLongW.USER32(?,000000F0), ref: 00A92EF1
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A92F0B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 4316235a1fe43541631db931063aeaf8b3c8d67b6e31d2d853d8d12cdf781501
Instruction ID: d2b8a6463b02a633c54837e8c4b61c04ac5c1e38076472ce5de4b938fcd15124
Opcode Fuzzy Hash: 4316235a1fe43541631db931063aeaf8b3c8d67b6e31d2d853d8d12cdf781501
Instruction Fuzzy Hash: B4310E35745240AFEF21CF98DCD4FA53BE0FB8A720F1501A6FA018B2B2CB61A8419B50

Function 00A67726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67769
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A6778F
SysAllocString.OLEAUT32(00000000), ref: 00A67792
SysAllocString.OLEAUT32(?), ref: 00A677B0
SysFreeString.OLEAUT32(?), ref: 00A677B9
StringFromGUID2.OLE32(?,?,00000028), ref: 00A677DE
SysAllocString.OLEAUT32(?), ref: 00A677EC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 56e240e15f73cb13948ea500648a28684049be7732a80217fea7cb8c2cb6a833
Instruction ID: cc141da66d3234c5ae35470a26c1cf0146d928bed6a3e020b5e3d031d883954e
Opcode Fuzzy Hash: 56e240e15f73cb13948ea500648a28684049be7732a80217fea7cb8c2cb6a833
Instruction Fuzzy Hash: 87218E76718219AFDF10DFA8CD88CBF77BCEB09768B048126BA15DB190DA74DC428764

Function 00A677FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67842
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A67868
SysAllocString.OLEAUT32(00000000), ref: 00A6786B
SysAllocString.OLEAUT32 ref: 00A6788C
SysFreeString.OLEAUT32 ref: 00A67895
StringFromGUID2.OLE32(?,?,00000028), ref: 00A678AF
SysAllocString.OLEAUT32(?), ref: 00A678BD

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 117bf27f73654714d0ca1cc300b135c71e1a16f10a89fab0592ed3819b59fc43
Instruction ID: 53406930a27d483acfbecf581bf90ad2e65322bafce783038712e36c30559047
Opcode Fuzzy Hash: 117bf27f73654714d0ca1cc300b135c71e1a16f10a89fab0592ed3819b59fc43
Instruction Fuzzy Hash: D7215C36718204AFDF10AFE8DC8CDAE77BCEB097647108126B915CB2A1DA74DC81CB64

Function 00A704D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00A704F2
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A7052E

Strings

nul, xrefs: 00A70567

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 008b9c51011e3fe6c2623f75d613473fc0703907541bba6e03b8bb7b0efdd213
Instruction ID: 60847a61f8a852b82bd2604bc6b99800376817ad71d4a4fd76ebcf8043a56c68
Opcode Fuzzy Hash: 008b9c51011e3fe6c2623f75d613473fc0703907541bba6e03b8bb7b0efdd213
Instruction Fuzzy Hash: 80216D75600305EBDF209F69DC44E9A7BB4AF54724F20CA19F8A9D62E0D7709941CF20

Function 00A705A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00A705C6
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A70601

Strings

nul, xrefs: 00A70639

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateHandlePipe
String ID: nul
API String ID: 1424370930-2873401336
Opcode ID: 1b3261fdf13aa573d48bedc43109a30a0388b47fcf7b55495df601c76cc3e328
Instruction ID: a255ff784e31f17bc10a3b1fa04c99ea06296c0229f040fabaa7288f08d2dbca
Opcode Fuzzy Hash: 1b3261fdf13aa573d48bedc43109a30a0388b47fcf7b55495df601c76cc3e328
Instruction Fuzzy Hash: 12218375600305DBDB209F698C54E9A77E4BF95734F20CB1AF8A5E72D0DBB09961CB20

Function 00A940AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A0600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
Part of subcall function 00A0600E: GetStockObject.GDI32(00000011), ref: 00A06060
Part of subcall function 00A0600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A94112
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A9411F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A9412A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A94139
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A94145

Strings

Msctls_Progress32, xrefs: 00A940E3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 7d7190d1938a8caa42394ebe47959df6c1476d3b819036bec3cb9b6e8f629444
Instruction ID: 638a25ddf0199bf460be004d3b3ed89835d0505450d5bc2be6d431a3ac20e382
Opcode Fuzzy Hash: 7d7190d1938a8caa42394ebe47959df6c1476d3b819036bec3cb9b6e8f629444
Instruction Fuzzy Hash: 0711B6B224011D7EEF118F64CC85EE77F9DEF08798F114111B718A2050C7769C22DBA4

Function 00A3D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A3D7A3: _free.LIBCMT ref: 00A3D7CC

_free.LIBCMT ref: 00A3D82D

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

_free.LIBCMT ref: 00A3D838
_free.LIBCMT ref: 00A3D843
_free.LIBCMT ref: 00A3D897
_free.LIBCMT ref: 00A3D8A2
_free.LIBCMT ref: 00A3D8AD
_free.LIBCMT ref: 00A3D8B8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction ID: ae7fcd789960766625c394a40f1b6d8a2e79cbfab2602943b83fb950f3c6d686
Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
Instruction Fuzzy Hash: D0118F71940B14FADA31BFF0EE47FCBBBDCAF40700F400825B699AA292DA75B5058760

Function 00A6DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A6DA74
LoadStringW.USER32(00000000), ref: 00A6DA7B
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A6DA91
LoadStringW.USER32(00000000), ref: 00A6DA98
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A6DADC

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00A6DAB9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 280d23dfdd23c887e7c0a0a5948b772387ac19fc81258e7ce78eeb2cc9baa853
Instruction ID: 96556582262b0f30cbc2cfc998c96f4947e821687d9779def181c48699196f56
Opcode Fuzzy Hash: 280d23dfdd23c887e7c0a0a5948b772387ac19fc81258e7ce78eeb2cc9baa853
Instruction Fuzzy Hash: BD0162F2A042087FEB10DBE09D89EE7367CE708351F400596B706E2041EA749E854F74

Function 00A7096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00F8E328,00F8E328), ref: 00A7097B
EnterCriticalSection.KERNEL32(00F8E308,00000000), ref: 00A7098D
TerminateThread.KERNEL32(?,000001F6), ref: 00A7099B
WaitForSingleObject.KERNEL32(?,000003E8), ref: 00A709A9
CloseHandle.KERNEL32(?), ref: 00A709B8
InterlockedExchange.KERNEL32(00F8E328,000001F6), ref: 00A709C8
LeaveCriticalSection.KERNEL32(00F8E308), ref: 00A709CF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 90cbfde32a7bb48d895f9e4fcf94794d0b814aa0f48fb4b0e623bf5e7bd5cc5b
Instruction ID: 4d6b81e7a50dde10044fca618554b4a4cee21c510e0fdc892dc45daffb4e957d
Opcode Fuzzy Hash: 90cbfde32a7bb48d895f9e4fcf94794d0b814aa0f48fb4b0e623bf5e7bd5cc5b
Instruction Fuzzy Hash: 62F01D32542912EBDB41ABA4EE89AD6BA25BF01712F805016F201508A0CB75A466CFA0

Function 00A05D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00A05D30
GetWindowRect.USER32(?,?), ref: 00A05D71
ScreenToClient.USER32(?,?), ref: 00A05D99
GetClientRect.USER32(?,?), ref: 00A05ED7
GetWindowRect.USER32(?,?), ref: 00A05EF8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 0c82094de5cf531e5d917b027ec5a994508159b16a4e8f74f1d06017188bd9a8
Instruction ID: c95a61e64e0beb05e95ef7491fac186f6ce54a92d6e33f9a08d1e1fef1570246
Opcode Fuzzy Hash: 0c82094de5cf531e5d917b027ec5a994508159b16a4e8f74f1d06017188bd9a8
Instruction Fuzzy Hash: C1B15739A00A4ADBDB14CFB9C4807EAB7F1FF58310F14941AE8A9D7290DB34AA51DF54

Function 00A301B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00A300BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A300D6
__allrem.LIBCMT ref: 00A300ED
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A3010B
__allrem.LIBCMT ref: 00A30122
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A30140

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction ID: f0c2f542ce8eb99528898409866193df5ef832fe3798f7ebf89b1a0de83daa13
Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
Instruction Fuzzy Hash: 1A812476A00B169FE7249F2CDD52F6BB3F9AF41760F24423AF551D6681E770D9008B90

Function 00A81D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A83149: select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00A83195

__WSAFDIsSet.WSOCK32(00000000,?), ref: 00A81DC0
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A81DE1
WSAGetLastError.WSOCK32 ref: 00A81DF2
inet_ntoa.WSOCK32(?), ref: 00A81E8C
htons.WSOCK32(?), ref: 00A81EDB
_strlen.LIBCMT ref: 00A81F35

Part of subcall function 00A639E8: _strlen.LIBCMT ref: 00A639F2

Part of subcall function 00A06D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00A1CF58,?,?,?), ref: 00A06DBA
Part of subcall function 00A06D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00A1CF58,?,?,?), ref: 00A06DED

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
String ID:
API String ID: 1923757996-0
Opcode ID: 6be5464d9fd5ddd2676c09cdf17fad12639763bd138e02a093c648fadf6b0ba5
Instruction ID: a4bb6acc4dc4ad937b59e12fb53d716da202bdfbd42b7c7876bdabfabe04856a
Opcode Fuzzy Hash: 6be5464d9fd5ddd2676c09cdf17fad12639763bd138e02a093c648fadf6b0ba5
Instruction Fuzzy Hash: 93A10231604340AFC324EF24D885F6A7BE9AF84318F54894DF5565B2E2DB31ED86CB92

Function 00A361FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A282D9,00A282D9,?,?,?,00A3644F,00000001,00000001,8BE85006), ref: 00A36258
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A3644F,00000001,00000001,8BE85006,?,?,?), ref: 00A362DE
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A363D8
__freea.LIBCMT ref: 00A363E5

Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852

__freea.LIBCMT ref: 00A363EE
__freea.LIBCMT ref: 00A36413

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 7a098e0cd0179c91da055f1dba73df16701c505e488116c8673fe5efc26944a8
Instruction ID: 5abebf7b378d8d53bcfa6e9eb1004a8adc2efc93523d10bf95d12dd8e950b292
Opcode Fuzzy Hash: 7a098e0cd0179c91da055f1dba73df16701c505e488116c8673fe5efc26944a8
Instruction Fuzzy Hash: 2151AF73A00216BBEF258FA4DD81EBF7BA9EB44750F258629FC05DA141EB34DC44C6A0

Function 00A8BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8BCCA
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8BD25
RegCloseKey.ADVAPI32(00000000), ref: 00A8BD6A
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A8BD99
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A8BDF3
RegCloseKey.ADVAPI32(?), ref: 00A8BDFF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 1120388591-0
Opcode ID: 7327f6e2979ee5699aad66353630984195511a841e4910d0ac61889991b1df0c
Instruction ID: 511f4b8cc296ec4e4d069add1d635fe6d48fa449b66d649c6e714e0cba0f7672
Opcode Fuzzy Hash: 7327f6e2979ee5699aad66353630984195511a841e4910d0ac61889991b1df0c
Instruction Fuzzy Hash: 2B81AF70218241EFD714EF24C991E2ABBE5FF84308F14895CF4598B2A2DB31ED45CBA2

Function 00A5F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000035), ref: 00A5F7B9
SysAllocString.OLEAUT32(00000001), ref: 00A5F860
VariantCopy.OLEAUT32(00A5FA64,00000000), ref: 00A5F889
VariantClear.OLEAUT32(00A5FA64), ref: 00A5F8AD
VariantCopy.OLEAUT32(00A5FA64,00000000), ref: 00A5F8B1
VariantClear.OLEAUT32(?), ref: 00A5F8BB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearCopy$AllocInitString
String ID:
API String ID: 3859894641-0
Opcode ID: c7fd81e2e976bb476905c13bb52a53dfef2f6afacc4f788f6b64692c9c890ff7
Instruction ID: 7c4b8ac8a3667d3063d572f44ee9d99f331ad5eabe913366b3447ae397a09590
Opcode Fuzzy Hash: c7fd81e2e976bb476905c13bb52a53dfef2f6afacc4f788f6b64692c9c890ff7
Instruction Fuzzy Hash: 6E51C331600710FECF20AB65D995B29B3A8FF45312F248467ED06DF296DB709C84C796

Function 00A7910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON

Download Yara Rule

APIs

Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

GetOpenFileNameW.COMDLG32(00000058), ref: 00A794E5
_wcslen.LIBCMT ref: 00A79506
_wcslen.LIBCMT ref: 00A7952D
GetSaveFileNameW.COMDLG32(00000058), ref: 00A79585

Strings

X, xrefs: 00A79412

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$FileName$OpenSave
String ID: X
API String ID: 83654149-3081909835
Opcode ID: 1db1f37c3247cc97494c3d1ff51ade7d29dc5b14e06b7965b4f4be77fdee8072
Instruction ID: a8755faad98f0ca7bedeabae7d2d62ad9079b7c26c9e3b559ed6df09c556a75a
Opcode Fuzzy Hash: 1db1f37c3247cc97494c3d1ff51ade7d29dc5b14e06b7965b4f4be77fdee8072
Instruction Fuzzy Hash: AFE1C1316083508FD724EF24D981A6BB7E4BF85314F04C96DF8999B2A2DB30ED05CB92

Function 00A1920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

BeginPaint.USER32(?,?,?), ref: 00A19241
GetWindowRect.USER32(?,?), ref: 00A192A5
ScreenToClient.USER32(?,?), ref: 00A192C2
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A192D3
EndPaint.USER32(?,?,?,?,?), ref: 00A19321
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A571EA

Part of subcall function 00A19339: BeginPath.GDI32(00000000), ref: 00A19357

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
String ID:
API String ID: 3050599898-0
Opcode ID: d51bb2693cd85eeba925282b22235e4649f7198587f71ce47f9dcaa71d52c83b
Instruction ID: e4b374a5aee486f51ff5e243cec6e708fb0a858d6cd9a253fe2872630047e13d
Opcode Fuzzy Hash: d51bb2693cd85eeba925282b22235e4649f7198587f71ce47f9dcaa71d52c83b
Instruction Fuzzy Hash: 46419F30205600AFD711DFA4DCA4FAB7BB8FB45721F14022AF9659B2B2C7319886DB61

Function 00A707EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00A7080C
ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A70847
EnterCriticalSection.KERNEL32(?), ref: 00A70863
LeaveCriticalSection.KERNEL32(?), ref: 00A708DC
ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A708F3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00A70921

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 01b82cf7bf78f65c2eda825e07da7aef894f3a0aaf53208ef8fbe701d1ecb0e7
Instruction ID: c220fcf0bdea55aea871ea97c5b261053893a1238374e3ff5b237cf34ddd84ea
Opcode Fuzzy Hash: 01b82cf7bf78f65c2eda825e07da7aef894f3a0aaf53208ef8fbe701d1ecb0e7
Instruction Fuzzy Hash: DA415A71A00205EFDF14EF94DD85AAA77B8FF44310F1480A5ED049A29BDB30DE65DBA4

Function 00A981DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A5F3AB,00000000,?,?,00000000,?,00A5682C,00000004,00000000,00000000), ref: 00A9824C
EnableWindow.USER32(?,00000000), ref: 00A98272
ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A982D1
ShowWindow.USER32(?,00000004), ref: 00A982E5
EnableWindow.USER32(?,00000001), ref: 00A9830B
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A9832F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: f3e42d429e1302608b01d4c86199b8c55ae954da2b1d590f714c19c4d8b4b0b7
Instruction ID: 41513ff057d9702e5db00cfb8b234b7688b35db65dc702a26bc8f71d1bfcb7dd
Opcode Fuzzy Hash: f3e42d429e1302608b01d4c86199b8c55ae954da2b1d590f714c19c4d8b4b0b7
Instruction Fuzzy Hash: B141A334702644AFDF21CF55C899BE57BE0FB0B714F1841AAE5194F2A3CB39A842CB50

Function 00A64C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00A64C95
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A64CB2
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A64CEA
_wcslen.LIBCMT ref: 00A64D08
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A64D10
_wcsstr.LIBVCRUNTIME ref: 00A64D1A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
String ID:
API String ID: 72514467-0
Opcode ID: b4fd248394484812de68b25ff7a8c15bdb661adc80da9c002c15699e66e4ef7c
Instruction ID: f17684cdea2c4f6f915b35529e998546814ff7aa7c5ee4205c2d32ec94093575
Opcode Fuzzy Hash: b4fd248394484812de68b25ff7a8c15bdb661adc80da9c002c15699e66e4ef7c
Instruction Fuzzy Hash: B9212332604240BFEB259B79AD09E7B7BBCDF49760F10803AF905CA192EE65CC4192A0

Function 00A7581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON

Download Yara Rule

APIs

Part of subcall function 00A03AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A03A97,?,?,00A02E7F,?,?,?,00000000), ref: 00A03AC2

_wcslen.LIBCMT ref: 00A7587B
CoInitialize.OLE32(00000000), ref: 00A75995
CoCreateInstance.OLE32(00A9FCF8,00000000,00000001,00A9FB68,?), ref: 00A759AE
CoUninitialize.OLE32 ref: 00A759CC

Strings

.lnk, xrefs: 00A75876, 00A758C1, 00A75985

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
String ID: .lnk
API String ID: 3172280962-24824748
Opcode ID: c43ff43011dbd60d220f7efdfbb044f458d8e1e421bfc2068e782d615503ed89
Instruction ID: 4a48f8e26921f519df361aa05691acb94875db37a42af91bb0abd343b21c8f6e
Opcode Fuzzy Hash: c43ff43011dbd60d220f7efdfbb044f458d8e1e421bfc2068e782d615503ed89
Instruction Fuzzy Hash: 20D16471A047059FC714DF24C980A2ABBE5FF89714F14885DF88A9B3A1DB71EC45CB92

Function 00A6175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A60FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A60FCA
Part of subcall function 00A60FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A60FD6
Part of subcall function 00A60FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A60FE5
Part of subcall function 00A60FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A60FEC
Part of subcall function 00A60FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A61002

GetLengthSid.ADVAPI32(?,00000000,00A61335), ref: 00A617AE
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A617BA
HeapAlloc.KERNEL32(00000000), ref: 00A617C1
CopySid.ADVAPI32(00000000,00000000,?), ref: 00A617DA
GetProcessHeap.KERNEL32(00000000,00000000,00A61335), ref: 00A617EE
HeapFree.KERNEL32(00000000), ref: 00A617F5

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 296d33eb27dd217fec96046231b6b3fe33890570f499d9b95f987e47fd60413d
Instruction ID: 9e2671dfd828c5a43d49ea4cbc838c73708b28f6421e5fbbd9775dea6c98a8af
Opcode Fuzzy Hash: 296d33eb27dd217fec96046231b6b3fe33890570f499d9b95f987e47fd60413d
Instruction Fuzzy Hash: B211A932600605EFDB10DFA4CC49FAE7BB9EB42365F284119F481A7210DB36AA41CF60

Function 00A614CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00A614FF
OpenProcessToken.ADVAPI32(00000000), ref: 00A61506
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00A61515
CloseHandle.KERNEL32(00000004), ref: 00A61520
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A6154F
DestroyEnvironmentBlock.USERENV(00000000), ref: 00A61563

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 16547be8acbd3eb87bc16636c618c2a62bf639b320af615824f74ed3b88ce9e2
Instruction ID: 0414117875b03b1671c0511ff84b22cafe411837f6e30a99979bc7cefb77886f
Opcode Fuzzy Hash: 16547be8acbd3eb87bc16636c618c2a62bf639b320af615824f74ed3b88ce9e2
Instruction Fuzzy Hash: CB112972601209ABDF11CFE8EE49FDE7BB9EF48758F084015FA05A2060C7758E61DB61

Function 00A23382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A23379,00A22FE5), ref: 00A23390
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A2339E
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A233B7
SetLastError.KERNEL32(00000000,?,00A23379,00A22FE5), ref: 00A23409

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ea4ae23a9ce7ff65873cf61ca0b4e8dfff31b3fe1f340803a90b961bcd894742
Instruction ID: 5c310506349c6f9e0950964ae93798d8d8a8b71998f7efaeb234ba776a6fa5e6
Opcode Fuzzy Hash: ea4ae23a9ce7ff65873cf61ca0b4e8dfff31b3fe1f340803a90b961bcd894742
Instruction Fuzzy Hash: 23012433208731BEEE24B7BC7D85A272A99EB07779720023AF410881F0FF194E035144

Function 00A32D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A35686,00A43CD6,?,00000000,?,00A35B6A,?,?,?,?,?,00A2E6D1,?,00AC8A48), ref: 00A32D78
_free.LIBCMT ref: 00A32DAB
_free.LIBCMT ref: 00A32DD3
SetLastError.KERNEL32(00000000,?,?,?,?,00A2E6D1,?,00AC8A48,00000010,00A04F4A,?,?,00000000,00A43CD6), ref: 00A32DE0
SetLastError.KERNEL32(00000000,?,?,?,?,00A2E6D1,?,00AC8A48,00000010,00A04F4A,?,?,00000000,00A43CD6), ref: 00A32DEC
_abort.LIBCMT ref: 00A32DF2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 6744beb4d566d1400fb5fced970564eec8abeccae913e86efabfb2788aef1b67
Instruction ID: 74eea2cd0f2f9b6f1f46d98381c43a73bcfc2fa5aecfb744ae39553bfba63419
Opcode Fuzzy Hash: 6744beb4d566d1400fb5fced970564eec8abeccae913e86efabfb2788aef1b67
Instruction Fuzzy Hash: 35F0F632645A102BD62277B9BD0AF5F2669AFC27F1F250519F828D71E2EF3488035360

Function 00A98A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00A19639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196A2
Part of subcall function 00A19639: BeginPath.GDI32(?), ref: 00A196B9
Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196E2

MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A98A4E
LineTo.GDI32(?,00000003,00000000), ref: 00A98A62
MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A98A70
LineTo.GDI32(?,00000000,00000003), ref: 00A98A80
EndPath.GDI32(?), ref: 00A98A90
StrokePath.GDI32(?), ref: 00A98AA0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: fc1181c4db4e405b9d50b7398f90cdc7a1dec7db8430a949b6444017ce84f394
Instruction ID: f1f16c95e15adf28856db22ce8a093a06689e78649e42220e3583e3252f132d2
Opcode Fuzzy Hash: fc1181c4db4e405b9d50b7398f90cdc7a1dec7db8430a949b6444017ce84f394
Instruction Fuzzy Hash: FC11CC76140149FFDF11DFD4EC48E9A7F6DEB04364F048012FA1996161CB719D56DB60

Function 00A651FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00A65218
GetDeviceCaps.GDI32(00000000,00000058), ref: 00A65229
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A65230
ReleaseDC.USER32(00000000,00000000), ref: 00A65238
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A6524F
MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A65261

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: cf0060e75d099411b044052d0970c5c8cc9e4c62fdd08fbc5f0a8b59a3a3a5af
Instruction ID: d86f078c78ac607f304fa7cf88e05e8ac160a1f3d98c8e60029ab0ac39033b7a
Opcode Fuzzy Hash: cf0060e75d099411b044052d0970c5c8cc9e4c62fdd08fbc5f0a8b59a3a3a5af
Instruction Fuzzy Hash: 30014475E00B14BBEB109BF59C49A5EBFB8EF44761F144066FA04A7281DA709905CB60

Function 00A01BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A01BF4
MapVirtualKeyW.USER32(00000010,00000000), ref: 00A01BFC
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A01C07
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A01C12
MapVirtualKeyW.USER32(00000011,00000000), ref: 00A01C1A
MapVirtualKeyW.USER32(00000012,00000000), ref: 00A01C22

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: d0b2e48712477675de595c67c3d9a12fcfcd2c13929a87173cacb73c0c896d29
Instruction ID: d59b012671a552ab9af5031eb7f5e11aec87810618e417dafd9cb8c593d45c03
Opcode Fuzzy Hash: d0b2e48712477675de595c67c3d9a12fcfcd2c13929a87173cacb73c0c896d29
Instruction Fuzzy Hash: BD016CB0902B597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5

Function 00A6EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A6EB30
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A6EB46
GetWindowThreadProcessId.USER32(?,?), ref: 00A6EB55
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB64
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB6E
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A6EB75

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 6855f4fc8a48b7e53b0ce7f4e443acb86fee0f1ba39b4ce742f52198e9811c6d
Instruction ID: 1e1ee81b0f1fcf9c806b6f8d25715af7e6a9f681fdd2d4bbd260dd1874641aac
Opcode Fuzzy Hash: 6855f4fc8a48b7e53b0ce7f4e443acb86fee0f1ba39b4ce742f52198e9811c6d
Instruction Fuzzy Hash: 8CF05472340958BBE72197929C0EEEF7E7CEFCAB21F00415AF601D1091DBA45A02C6B5

Function 00A57439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 00A57452
SendMessageW.USER32(?,00001328,00000000,?), ref: 00A57469
GetWindowDC.USER32(?), ref: 00A57475
GetPixel.GDI32(00000000,?,?), ref: 00A57484
ReleaseDC.USER32(?,00000000), ref: 00A57496
GetSysColor.USER32(00000005), ref: 00A574B0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClientColorMessagePixelRectReleaseSendWindow
String ID:
API String ID: 272304278-0
Opcode ID: 8ef4f941042f58323d201fdffb0ae80b0a69371680e2aacf1b4def237a55fb4b
Instruction ID: cf6bc9378648e34db58272fe58cd67263710f754979e82a03ef3382a067b224d
Opcode Fuzzy Hash: 8ef4f941042f58323d201fdffb0ae80b0a69371680e2aacf1b4def237a55fb4b
Instruction Fuzzy Hash: F6014B31600615EFDB519FA8EC08BAE7BB5FB04322F614165FE16A21A1CF311E52EB50

Function 00A61874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A6187F
UnloadUserProfile.USERENV(?,?), ref: 00A6188B
CloseHandle.KERNEL32(?), ref: 00A61894
CloseHandle.KERNEL32(?), ref: 00A6189C
GetProcessHeap.KERNEL32(00000000,?), ref: 00A618A5
HeapFree.KERNEL32(00000000), ref: 00A618AC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 45058d3460852b82d17ca90a3f80d46ee397cf1e05304e8134004b82166bbb67
Instruction ID: 39223bf13f0c78dd19ff82e4f26d758fa219ca552a274ea899b37b72cca18e08
Opcode Fuzzy Hash: 45058d3460852b82d17ca90a3f80d46ee397cf1e05304e8134004b82166bbb67
Instruction Fuzzy Hash: E1E0C236204901BBDA019BE1EE0C90ABB29FB49B32B208222F22585070CF329422DB64

Function 00A6C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A6C6EE
_wcslen.LIBCMT ref: 00A6C735
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A6C79C
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A6C7CA

Strings

0, xrefs: 00A6C6AF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ItemMenu$Info_wcslen$Default
String ID: 0
API String ID: 1227352736-4108050209
Opcode ID: 5e259d3c657634546cac368fb90ff245f052f48fafa060d170f004e55c71a0df
Instruction ID: 6026c9ed2ba2e4e0ab7a6fd70f3b55ba9958cdfd0fd9ae00663f969b567fa453
Opcode Fuzzy Hash: 5e259d3c657634546cac368fb90ff245f052f48fafa060d170f004e55c71a0df
Instruction Fuzzy Hash: AA51CD71604340ABD7109F28D985B7BB7F8AF49324F040A2AF9E6D32E1DB70D9448B96

Function 00A8AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(0000003C), ref: 00A8AEA3

Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625

GetProcessId.KERNEL32(00000000), ref: 00A8AF38
CloseHandle.KERNEL32(00000000), ref: 00A8AF67

Strings

@, xrefs: 00A8AE72
<, xrefs: 00A8AE6B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell_wcslen
String ID: <$@
API String ID: 146682121-1426351568
Opcode ID: e2475e299acc9afc3ecc4b504404d4983f4a642d1707f84332ad1b57263a7b62
Instruction ID: b6669b0cb916bd908a94419e5a292a6b014b19a9fa52a7a48c565284dfd145ec
Opcode Fuzzy Hash: e2475e299acc9afc3ecc4b504404d4983f4a642d1707f84332ad1b57263a7b62
Instruction Fuzzy Hash: A6717B71A00619DFDB14EF94D584A9EBBF0FF08314F04849AE816AB392CB75ED85CB91

Function 00A6719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A67206
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A6723C
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A6724D
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A672CF

Strings

DllGetClassObject, xrefs: 00A67242

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: ad44950683faf3462fcf1b3350c502c5053ee19d1d67bda5117a1658e5540795
Instruction ID: be58f5e44c5eb6243ddf1acba8247e47155d7bddefbb4e3a1dd0b700930f51f8
Opcode Fuzzy Hash: ad44950683faf3462fcf1b3350c502c5053ee19d1d67bda5117a1658e5540795
Instruction Fuzzy Hash: 2B417EB1A14204EFDB15CFA4C894A9E7BB9EF44718F2480ADFD059F20AD7B0D945CBA0

Function 00A93D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A93E35
IsMenu.USER32(?), ref: 00A93E4A
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A93E92
DrawMenuBar.USER32 ref: 00A93EA5

Strings

0, xrefs: 00A93D89

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: b15da153d5212495545841fb7d3b941517d12d8ea22558a5db07c51ed14ecdc3
Instruction ID: b4cf87a107e8144532104bdd84a3c6c39fb511e425d7d018d28bbea143d08f4f
Opcode Fuzzy Hash: b15da153d5212495545841fb7d3b941517d12d8ea22558a5db07c51ed14ecdc3
Instruction Fuzzy Hash: ED411876A01209AFDF10DF94D884AAABBF9FF49364F044129E905AB250D730AE55CF50

Function 00A61DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A61E66
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A61E79
SendMessageW.USER32(?,00000189,?,00000000), ref: 00A61EA9

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

Strings

ComboBox, xrefs: 00A61DF0
ListBox, xrefs: 00A61E25

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$_wcslen$ClassName
String ID: ComboBox$ListBox
API String ID: 2081771294-1403004172
Opcode ID: ae26eb1d9e1e3182e70fd9a678e4a8bc7826310393058a75b8b1c4b391b99eb0
Instruction ID: ce66fdbcaee863eead2e02d33891752140884ec0ec24bf27e0b1dc7955e3071a
Opcode Fuzzy Hash: ae26eb1d9e1e3182e70fd9a678e4a8bc7826310393058a75b8b1c4b391b99eb0
Instruction Fuzzy Hash: 2C212772E00108BEDB14ABA4DD45DFFBBB8EF45360B184519F925A71E1DB398D0A9620

Function 00A8C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A8C9F1
_wcslen.LIBCMT ref: 00A8CA68
_wcslen.LIBCMT ref: 00A8CA9E
_wcslen.LIBCMT ref: 00A8CAF9
_wcslen.LIBCMT ref: 00A8CB2F
_wcslen.LIBCMT ref: 00A8CB7F

Strings

HKLM, xrefs: 00A8CA98, 00A8CA9D
HKEY_LOCAL_MACHINE, xrefs: 00A8CA62, 00A8CA67

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen
String ID: HKEY_LOCAL_MACHINE$HKLM
API String ID: 176396367-4004644295
Opcode ID: e42fb251255f5e58b2e5431efb75e70a5c8e8bdbbc9a25522f2b65308f5ce1be
Instruction ID: 850b90e42f9664406b5a2aa0d2644f80a774d0c6b8f5f5e9eebfa7dfe07eb98d
Opcode Fuzzy Hash: e42fb251255f5e58b2e5431efb75e70a5c8e8bdbbc9a25522f2b65308f5ce1be
Instruction Fuzzy Hash: B631F873A001694BCB28FF6C99405BFB3939BA17E4B15402AE855AB345F671CE84DBB0

Function 00A92F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A92F8D
LoadLibraryW.KERNEL32(?), ref: 00A92F94
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A92FA9
DestroyWindow.USER32(?), ref: 00A92FB1

Strings

SysAnimate32, xrefs: 00A92F68

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$DestroyLibraryLoadWindow
String ID: SysAnimate32
API String ID: 3529120543-1011021900
Opcode ID: a5891a14aeac3d6b7330ba24e2eedae3673c22fe23b319a64716ed8d5ad3b2e0
Instruction ID: c040788bda2f914ed54f1cd814d360e45fcaa45dd3a48c3d25de15fb349ae8d3
Opcode Fuzzy Hash: a5891a14aeac3d6b7330ba24e2eedae3673c22fe23b319a64716ed8d5ad3b2e0
Instruction Fuzzy Hash: 9C218872300209BBEF108FA4DC84FBB37F9EB59364F104619FA5492190D771DC619760

Function 00A24D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A24D1E,00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002), ref: 00A24D8D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A24DA0
FreeLibrary.KERNEL32(00000000,?,?,?,00A24D1E,00A328E9,?,00A24CBE,00A328E9,00AC88B8,0000000C,00A24E15,00A328E9,00000002,00000000), ref: 00A24DC3

Strings

CorExitProcess, xrefs: 00A24D98
mscoree.dll, xrefs: 00A24D86

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2743bca03155dec652b8af684155eca8288858f01da9f691c5eeff3d33f69f9b
Instruction ID: 78ee3b45ada72faf3f98995a5aec838d125340859a6ae17d7e12b668357b8809
Opcode Fuzzy Hash: 2743bca03155dec652b8af684155eca8288858f01da9f691c5eeff3d33f69f9b
Instruction Fuzzy Hash: 65F06234A40618BBDB119FD4EC49FAEBFB5EF48761F4001A5F809A22A0CF345D41CB94

Function 00A04E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E9C
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A04EAE
FreeLibrary.KERNEL32(00000000,?,?,00A04EDD,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04EC0

Strings

kernel32.dll, xrefs: 00A04E94
Wow64DisableWow64FsRedirection, xrefs: 00A04EA8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 145871493-3689287502
Opcode ID: f77a1d1b84d7aca3da2dd7e86062fd7d2c3d1fbe866c46084bef00cbbcd0af86
Instruction ID: 679f7aa8226b20c40453a0ca06dddb066e21fbf6f73453acc0fe36d1a6491b20
Opcode Fuzzy Hash: f77a1d1b84d7aca3da2dd7e86062fd7d2c3d1fbe866c46084bef00cbbcd0af86
Instruction Fuzzy Hash: 46E08636B059226BD2215765BC18B9B6554BF85F727150216FD04D2150DF64CD0340E4

Function 00A04E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E62
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A04E74
FreeLibrary.KERNEL32(00000000,?,?,00A43CDE,?,00AD1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A04E87

Strings

kernel32.dll, xrefs: 00A04E5B
Wow64RevertWow64FsRedirection, xrefs: 00A04E6E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 145871493-1355242751
Opcode ID: 046f4604775e9526fc463d2dc9fdbc1a82c657beb209de51035b36f645833fc9
Instruction ID: 973f82e7c58c34baffe6155ed56ea155c4b5f3bea64f8428112b1576b9f72e0e
Opcode Fuzzy Hash: 046f4604775e9526fc463d2dc9fdbc1a82c657beb209de51035b36f645833fc9
Instruction Fuzzy Hash: B5D0C232702E2167CA221B24BC08ECB2A18BF89F31315061AFA09A2190CF24CD0281D4

Function 00A72947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72C05
DeleteFileW.KERNEL32(?), ref: 00A72C87
CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A72C9D
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72CAE
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A72CC0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: 7aba6ae40e778e50d0e62d714894c6191caf54f4f9d367b85035eca88ae1d627
Instruction ID: 20886968a658521a7ff6536041a08dd0b97f5e19acc6973d33c93135e9bd5ac7
Opcode Fuzzy Hash: 7aba6ae40e778e50d0e62d714894c6191caf54f4f9d367b85035eca88ae1d627
Instruction Fuzzy Hash: 28B13D72D0012DABDF11DFA4DD85EDEB7BDEF49350F1080A6F509E6141EA309A448F61

Function 00A8A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00A8A427
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A8A435
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A8A468
CloseHandle.KERNEL32(?), ref: 00A8A63D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$CloseCountersCurrentHandleOpen
String ID:
API String ID: 3488606520-0
Opcode ID: a3c21338f3b6529bb22f88cb0c5bd00846f23d2bbf04346c59097b33837eb10f
Instruction ID: 8ebe37126079eb4e6333eeb7daef571d0c15157dda3d69e6961c953d5f5bbae3
Opcode Fuzzy Hash: a3c21338f3b6529bb22f88cb0c5bd00846f23d2bbf04346c59097b33837eb10f
Instruction Fuzzy Hash: 34A1C1716043019FE720EF28D986F2AB7E1AF94714F14881DF55A9B2D2DBB0EC41CB92

Function 00A6E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A6CF22,?), ref: 00A6DDFD

Part of subcall function 00A6DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A6CF22,?), ref: 00A6DE16

Part of subcall function 00A6E199: GetFileAttributesW.KERNEL32(?,00A6CF95), ref: 00A6E19A

lstrcmpiW.KERNEL32(?,?), ref: 00A6E473
MoveFileW.KERNEL32(?,?), ref: 00A6E4AC
_wcslen.LIBCMT ref: 00A6E5EB
_wcslen.LIBCMT ref: 00A6E603
SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A6E650

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
String ID:
API String ID: 3183298772-0
Opcode ID: b136ecf96fca992380443993a7ee84912d69ac693d231cd2d3dddf0c9b38d40d
Instruction ID: a441ac083c3932a5828867dbf16d47c9a47e9a4519f68f33a7765ebe770d1a1f
Opcode Fuzzy Hash: b136ecf96fca992380443993a7ee84912d69ac693d231cd2d3dddf0c9b38d40d
Instruction Fuzzy Hash: 7C51A6B25083849FC724EBA4DD819DF73ECAF84340F00492EF689D3191EF75A6888766

Function 00A8B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A8C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A8B6AE,?,?), ref: 00A8C9B5
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8C9F1
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA68
Part of subcall function 00A8C998: _wcslen.LIBCMT ref: 00A8CA9E

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A8BAA5
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A8BB00
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A8BB63
RegCloseKey.ADVAPI32(?,?), ref: 00A8BBA6
RegCloseKey.ADVAPI32(00000000), ref: 00A8BBB3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 826366716-0
Opcode ID: bd7b41f33b9444d4d4e90bc33ce4de13cb866463e0387c3b821fd5f4167a1089
Instruction ID: a1cec1487fd8217669209f3e8e3c17e28d1fb76e709ffbd4edbe83dc11847b54
Opcode Fuzzy Hash: bd7b41f33b9444d4d4e90bc33ce4de13cb866463e0387c3b821fd5f4167a1089
Instruction Fuzzy Hash: 7161C131218245EFD314EF14C494E2ABBE5FF84348F14855CF4998B2A2DB31ED45CBA2

Function 00A68BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00A68BCD
VariantClear.OLEAUT32 ref: 00A68C3E
VariantClear.OLEAUT32 ref: 00A68C9D
VariantClear.OLEAUT32(?), ref: 00A68D10
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A68D3B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 74e37abc527953135ed2e216847eb2dc16ced205b5cbbae4e97f0d449ca60151
Instruction ID: cb85d848ac305a2708d25f898836cd42037ec7dab6ea5414ac712b2957518ead
Opcode Fuzzy Hash: 74e37abc527953135ed2e216847eb2dc16ced205b5cbbae4e97f0d449ca60151
Instruction Fuzzy Hash: 05517BB5A00619EFCB10CF68C884AAAB7F8FF89310B158559F915DB350EB34E911CFA0

Function 00A78AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A78BAE
GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A78BDA
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A78C32
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A78C57
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A78C5F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: f6107db572091390e2f5aa4951bd17353f05f8322092ad22c83344795cbe0f56
Instruction ID: df54a7b35975c5257fb5e0b6d2219913ed42608df30b7fd7297eed5cf2cb322e
Opcode Fuzzy Hash: f6107db572091390e2f5aa4951bd17353f05f8322092ad22c83344795cbe0f56
Instruction Fuzzy Hash: D5513A35A002199FCB01DF64C985AADBBF5BF48314F08C459E84AAB3A2CB35ED41CB90

Function 00A88EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A88F40
GetProcAddress.KERNEL32(00000000,?), ref: 00A88FD0
GetProcAddress.KERNEL32(00000000,00000000), ref: 00A88FEC
GetProcAddress.KERNEL32(00000000,?), ref: 00A89032
FreeLibrary.KERNEL32(00000000), ref: 00A89052

Part of subcall function 00A1F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A71043,?,753CE610), ref: 00A1F6E6
Part of subcall function 00A1F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A5FA64,00000000,00000000,?,?,00A71043,?,753CE610,?,00A5FA64), ref: 00A1F70D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 11b36b1c1e63987998cc5ff679aaa4398478d2bec6ba6864c2443bdb5451cc60
Instruction ID: 13503d135921f7dee3039b2cbde48057286721356ea64f81255de090f4e4c245
Opcode Fuzzy Hash: 11b36b1c1e63987998cc5ff679aaa4398478d2bec6ba6864c2443bdb5451cc60
Instruction Fuzzy Hash: D3514035605205DFC711EF54C5848AEBBF1FF49324B488099E91A9B362DB31ED86CF91

Function 00A96B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A96C33
SetWindowLongW.USER32(?,000000EC,?), ref: 00A96C4A
SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A96C73
ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A7AB79,00000000,00000000), ref: 00A96C98
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A96CC7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Long$MessageSendShow
String ID:
API String ID: 3688381893-0
Opcode ID: cc84716b8fe38a0f53e7134c881d52736aee1ed5cc42f2b49414ab9c822fef5b
Instruction ID: 4a363215b8c02cd0fbccb14b664e4e05b5a828b2c9d0c7280b815294bffd712b
Opcode Fuzzy Hash: cc84716b8fe38a0f53e7134c881d52736aee1ed5cc42f2b49414ab9c822fef5b
Instruction Fuzzy Hash: CC41AE35B04104AFDF24CF68CD98FA97BE5EF09360F150229F999A72A0D771AD41CA50

Function 00A32051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A320C3
_free.LIBCMT ref: 00A320E3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 51aa75ec95fbfb2a17f6e6f88b7b4bf8fb69ea548a1b5397194dd40f8b2ab1c8
Instruction ID: 9307b560e2bfbb5a727d4bf68968204168cbf2491b9fadc4f139f117826d673b
Opcode Fuzzy Hash: 51aa75ec95fbfb2a17f6e6f88b7b4bf8fb69ea548a1b5397194dd40f8b2ab1c8
Instruction Fuzzy Hash: E741B132A00200AFCB24DF78C981B5EB7B5EF89714F1545A9F616EB391DA31AD01CB80

Function 00A1912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A19141
ScreenToClient.USER32(00000000,?), ref: 00A1915E
GetAsyncKeyState.USER32(00000001), ref: 00A19183
GetAsyncKeyState.USER32(00000002), ref: 00A1919D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 975c824cd6f9ef9dea6a6bc2abe8cc918874c8423fa6aeda228ae07efa95c2e6
Instruction ID: 9fe5dfc5bb04af64d29e6c0b42b1bb7b2097e211f4e22a78cccaa8f43f7ad739
Opcode Fuzzy Hash: 975c824cd6f9ef9dea6a6bc2abe8cc918874c8423fa6aeda228ae07efa95c2e6
Instruction Fuzzy Hash: ED414075A0851ABBDF159F64D858BEEB7B4FB05324F204315E829A72E0C7306994CB51

Function 00A73874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON

Download Yara Rule

APIs

GetInputState.USER32 ref: 00A738CB
TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A73922
TranslateMessage.USER32(?), ref: 00A7394B
DispatchMessageW.USER32(?), ref: 00A73955
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A73966

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Message$Translate$AcceleratorDispatchInputPeekState
String ID:
API String ID: 2256411358-0
Opcode ID: 5a23b7118d87c938faae469d00fa88637b92e6d3f675c216e35705c691bfcb2a
Instruction ID: 3fe6224245ae54e277d60265203044073d9b1059e34f9d90f2cbe8d2c3e930c0
Opcode Fuzzy Hash: 5a23b7118d87c938faae469d00fa88637b92e6d3f675c216e35705c691bfcb2a
Instruction Fuzzy Hash: E1312B72605341AEEF34CBB4DC68BB637E8AB05300F05C56ED56B86190D7F49686EB11

Function 00A7CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CF38
InternetReadFile.WININET(?,00000000,?,?), ref: 00A7CF6F
GetLastError.KERNEL32(?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFB4
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFC8
SetEvent.KERNEL32(?,?,00000000,?,?,?,00A7C21E,00000000), ref: 00A7CFF2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: EventInternet$AvailableDataErrorFileLastQueryRead
String ID:
API String ID: 3191363074-0
Opcode ID: 9f99997ebb7b128c0b5ea18b785bb38632fbb418cb2bcd8ffe120bea7d31f1d4
Instruction ID: ae8368b4f7f968a5f652e233dc9e013dcff3a40c02d75068f1e213a9de152619
Opcode Fuzzy Hash: 9f99997ebb7b128c0b5ea18b785bb38632fbb418cb2bcd8ffe120bea7d31f1d4
Instruction Fuzzy Hash: 77314871600705AFDB20DFA5DD84AABBBF9EB14365B10C42EF50AE2141DB30AE41DB60

Function 00A61901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A61915
PostMessageW.USER32(00000001,00000201,00000001), ref: 00A619C1
Sleep.KERNEL32(00000000,?,?,?), ref: 00A619C9
PostMessageW.USER32(00000001,00000202,00000000), ref: 00A619DA
Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A619E2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 57d24810a7dc5f34c4adb251edb5ac1421e419cc1777f203c3c59c7b66c79d91
Instruction ID: 19e0d62a5a4ce8aa60570a2778015c84231e182a1991c92f8bd3154abaea5da3
Opcode Fuzzy Hash: 57d24810a7dc5f34c4adb251edb5ac1421e419cc1777f203c3c59c7b66c79d91
Instruction Fuzzy Hash: 1931C072A00219EFCB00CFA8CD99ADE3FB5EB04325F144229FA21A72D1C7709944CB90

Function 00A95706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A95745
SendMessageW.USER32(?,00001074,?,00000001), ref: 00A9579D
_wcslen.LIBCMT ref: 00A957AF
_wcslen.LIBCMT ref: 00A957BA
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A95816

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$_wcslen
String ID:
API String ID: 763830540-0
Opcode ID: 4f240ba0b22478a0d3beb63253c0ac92dd810cc3c6818370fd74399a5fd5d25b
Instruction ID: aecf2d0006e03b38973ed860b6ac8e1ddf88e0f35c54996e9872a7509de3a3c3
Opcode Fuzzy Hash: 4f240ba0b22478a0d3beb63253c0ac92dd810cc3c6818370fd74399a5fd5d25b
Instruction Fuzzy Hash: 0021A271E04618AADF21CFB4DC86AEE77F9FF44720F108216E929EA180D7748A85CF50

Function 00A80930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00A80951
GetForegroundWindow.USER32 ref: 00A80968
GetDC.USER32(00000000), ref: 00A809A4
GetPixel.GDI32(00000000,?,00000003), ref: 00A809B0
ReleaseDC.USER32(00000000,00000003), ref: 00A809E8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 821a1a98bb33742153dc60282c4341f53e893ce802705bd2b769512e961079ea
Instruction ID: 233b1afd734121e1934ced1394b2f107dd8970d34ec82aeb2bdf4bbbf5f5e8a5
Opcode Fuzzy Hash: 821a1a98bb33742153dc60282c4341f53e893ce802705bd2b769512e961079ea
Instruction Fuzzy Hash: 3D218135600204AFD714EFA9DD84EAEBBF5EF48710F048069E85A97362DB30AC45CB50

Function 00A3CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00A3CDC6
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A3CDE9

Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A3CE0F
_free.LIBCMT ref: 00A3CE22
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A3CE31

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: a3b82a15538bb5bd8d43a4bbf2c5440ea1e86f66b3b0f69b4c42e9ede9afc700
Instruction ID: 50fb3b615565c8cbd430db8defca39829d0824a78bc2a17be3297b72020f22d1
Opcode Fuzzy Hash: a3b82a15538bb5bd8d43a4bbf2c5440ea1e86f66b3b0f69b4c42e9ede9afc700
Instruction Fuzzy Hash: D301F7726016257FA32167B67C8CD7B796DDEC6FB1B25012AFD05E7201EE618D0283B0

Function 00A19639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
SelectObject.GDI32(?,00000000), ref: 00A196A2
BeginPath.GDI32(?), ref: 00A196B9
SelectObject.GDI32(?,00000000), ref: 00A196E2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 27004e0414888d6abc86530aeb435d834778c0e5e056a9dacce424c35e6e3eb1
Instruction ID: 9c698bfe9f34a13daa270c2dc566a059126c62d7ae6a2cec38a95ba45a29e811
Opcode Fuzzy Hash: 27004e0414888d6abc86530aeb435d834778c0e5e056a9dacce424c35e6e3eb1
Instruction Fuzzy Hash: 16214F70902305FBDB11DFA4EC247EA3BB8BB50365F500217F832A61B1D7705896CBA5

Function 00A1990C Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A198CC
SetTextColor.GDI32(?,?), ref: 00A198D6
SetBkMode.GDI32(?,00000001), ref: 00A198E9
GetStockObject.GDI32(00000005), ref: 00A198F1
GetWindowLongW.USER32(?,000000EB), ref: 00A19952

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Color$LongModeObjectStockTextWindow
String ID:
API String ID: 1860813098-0
Opcode ID: 890eb222ffb7741905a9437c7fb39b37de4fe70bcabcd83605233395aeb57fe4
Instruction ID: 2cf01ada42b638b18110af098a933ee82c89fba5cd25244bbde2929007e79930
Opcode Fuzzy Hash: 890eb222ffb7741905a9437c7fb39b37de4fe70bcabcd83605233395aeb57fe4
Instruction Fuzzy Hash: B9212731246250AFCB128F64EC64AEB3B70EF13771B18425EF9928E1B1CB314982CB51

Function 00A65711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBVCRUNTIME ref: 00A65726
_memcmp.LIBVCRUNTIME ref: 00A65744
_memcmp.LIBVCRUNTIME ref: 00A65757
_memcmp.LIBVCRUNTIME ref: 00A6576F
_memcmp.LIBVCRUNTIME ref: 00A65787

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: bbf89b7803b0ca77f776078dd43f48cb7bf60019f4e54c7fbf6dc8c3a2a0ddb8
Instruction ID: 1ecb057d2465bf82627e3c1dda88e109bf2535628c7c7e6063a767060c298ddc
Opcode Fuzzy Hash: bbf89b7803b0ca77f776078dd43f48cb7bf60019f4e54c7fbf6dc8c3a2a0ddb8
Instruction Fuzzy Hash: 88015271B41619BE96089625AF82EBA63ADAB613A4F004831FD04AE641F661ED2082A5

Function 00A32DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00A2F2DE,00A33863,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6), ref: 00A32DFD
_free.LIBCMT ref: 00A32E32
_free.LIBCMT ref: 00A32E59
SetLastError.KERNEL32(00000000,00A01129), ref: 00A32E66
SetLastError.KERNEL32(00000000,00A01129), ref: 00A32E6F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 8bb39c4a74987f698f5e783a5ca2d2a86b9fc3a475f77c0e3ad59d901037f584
Instruction ID: 02732ed2f91cf8ed0c859eac605fe74d289a8f1124a06a4c54ecbbb08dae9366
Opcode Fuzzy Hash: 8bb39c4a74987f698f5e783a5ca2d2a86b9fc3a475f77c0e3ad59d901037f584
Instruction Fuzzy Hash: DA012832205A006BCA12A7B57D47F2B2E6DABD53B1F350129F425A32D2EF748C025320

Function 00A6000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?,?,00A6035E), ref: 00A6002B
ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60046
lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60054
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?), ref: 00A60064
CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A5FF41,80070057,?,?), ref: 00A60070

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: ade3bee65eba24dbd44846da5440b2bf64a49b7cbdae1b46138551cbcfb3d409
Instruction ID: 101e40950ba63da1b79d5fbd3647a978cc2826e6341260cce97b4cc864b4cfe7
Opcode Fuzzy Hash: ade3bee65eba24dbd44846da5440b2bf64a49b7cbdae1b46138551cbcfb3d409
Instruction Fuzzy Hash: E9018B72600604BFDB118FA8DC08FAB7ABDEB447A2F158125F905D6210EBB1DD818BA0

Function 00A6E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00A6E997
QueryPerformanceFrequency.KERNEL32(?), ref: 00A6E9A5
Sleep.KERNEL32(00000000), ref: 00A6E9AD
QueryPerformanceCounter.KERNEL32(?), ref: 00A6E9B7
Sleep.KERNEL32 ref: 00A6E9F3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 721ca464ba7b5768199e9da42906bb25c9992d9e4108b1e5ca3136aa799ab292
Instruction ID: 0c535de7a9f2c8124ee1f653b8a194cafd24f80cbc26ccab5b3228fde1841dc2
Opcode Fuzzy Hash: 721ca464ba7b5768199e9da42906bb25c9992d9e4108b1e5ca3136aa799ab292
Instruction Fuzzy Hash: B5015736D01A29DBCF00EFE5DC59AEDFB78FF08B11F100646E502B2241CB3095528BA5

Function 00A610F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A61114
GetLastError.KERNEL32(?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61120
GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A6112F
HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A60B9B,?,?,?), ref: 00A61136
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A6114D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 827aad5ce8c368659ac53628999686e074eafdd5bddc494b2b8bf6e231062881
Instruction ID: c93e927c7b119286f0fcf53d5604c6e961f3c4db56427abd5c7b4303fb83be9d
Opcode Fuzzy Hash: 827aad5ce8c368659ac53628999686e074eafdd5bddc494b2b8bf6e231062881
Instruction Fuzzy Hash: 420169B5200605BFDB118FA4DC49A6A3F7EEF8A3A4B64441AFA41C7360DE31DC018A60

Function 00A60FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A60FCA
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A60FD6
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A60FE5
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A60FEC
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A61002

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: a5108117ae5c986483bd943b3e472a7c3cea85ce6bc73156cb81550ffced509e
Instruction ID: 48363efb599037a27e54772bcd87541d64c2928b5bd66f3e292d6b60135ae1f5
Opcode Fuzzy Hash: a5108117ae5c986483bd943b3e472a7c3cea85ce6bc73156cb81550ffced509e
Instruction Fuzzy Hash: 70F04935200711ABDB218FA49C49F5A3FADEF89762F654426FA46C6261CE70DC418A70

Function 00A61014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A6102A
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A61036
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61045
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A6104C
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61062

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 28041edd6ed666a572b58a96bd37f3b43cf006ce284cf74b432b86c2f911ea60
Instruction ID: a92120eac476aefc21a70bcefec27f2baab0b663cad73d2c597e6f6adb3cb1ef
Opcode Fuzzy Hash: 28041edd6ed666a572b58a96bd37f3b43cf006ce284cf74b432b86c2f911ea60
Instruction Fuzzy Hash: 58F04935200711ABDF219FA4EC49F5A3FADEF89761F650426FA45C6260CE70D8418AB0

Function 00A7030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70324
CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70331
CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A7033E
CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A7034B
CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70358
CloseHandle.KERNEL32(?,?,?,?,00A7017D,?,00A732FC,?,00000001,00A42592,?), ref: 00A70365

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d02aac1378304f555f90b72c956e5890753829a14f5232cb50eec266f908283d
Instruction ID: 2ce346ca514176ba4b860f85a8932369e058d0b492f785948d50bc46c5037c65
Opcode Fuzzy Hash: d02aac1378304f555f90b72c956e5890753829a14f5232cb50eec266f908283d
Instruction Fuzzy Hash: B6019C72800B15DFCB30AF66DC90812FBF9BE60215315CA3FD1AA96931C7B1A959CE80

Function 00A3D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A3D752

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

_free.LIBCMT ref: 00A3D764
_free.LIBCMT ref: 00A3D776
_free.LIBCMT ref: 00A3D788
_free.LIBCMT ref: 00A3D79A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 11acaf5b7de7a1653807b6802720db3bffcf7393ae7b1615acbb408d5ea310c9
Instruction ID: 5914ccdffadc1f388180d3b5ec996becf0d32926e5a1719fb72451a6861c34c1
Opcode Fuzzy Hash: 11acaf5b7de7a1653807b6802720db3bffcf7393ae7b1615acbb408d5ea310c9
Instruction Fuzzy Hash: D5F0BD72545218EBC625EBA8FAC6E1A7BDDBB84720FA50C45F049E7552CB30FC818B64

Function 00A65C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00A65C58
GetWindowTextW.USER32(00000000,?,00000100), ref: 00A65C6F
MessageBeep.USER32(00000000), ref: 00A65C87
KillTimer.USER32(?,0000040A), ref: 00A65CA3
EndDialog.USER32(?,00000001), ref: 00A65CBD

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 36935781bf09d89d30cffed909284bd8b1547c3121cd9102e9055c6f75770468
Instruction ID: ad78c37a428a6b9068f2ca7eb53d9d7ab1e74e954ae45a28e89f573b2be2402f
Opcode Fuzzy Hash: 36935781bf09d89d30cffed909284bd8b1547c3121cd9102e9055c6f75770468
Instruction Fuzzy Hash: 1B018B30A00B049FEB245B60DD8EF9577B8BB01705F00155AA643A10E1DFF099458B50

Function 00A322A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A322BE

Part of subcall function 00A329C8: HeapFree.KERNEL32(00000000,00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000), ref: 00A329DE
Part of subcall function 00A329C8: GetLastError.KERNEL32(00000000,?,00A3D7D1,00000000,00000000,00000000,00000000,?,00A3D7F8,00000000,00000007,00000000,?,00A3DBF5,00000000,00000000), ref: 00A329F0

_free.LIBCMT ref: 00A322D0
_free.LIBCMT ref: 00A322E3
_free.LIBCMT ref: 00A322F4
_free.LIBCMT ref: 00A32305

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d3250012aabdab070aae5b9ab5debdeb7eee812627d2b8f310b72d8f4079918b
Instruction ID: f02410b43b5178ff8e66c782a0d38d1d91e25e92d5cec12cda54850322e63ad0
Opcode Fuzzy Hash: d3250012aabdab070aae5b9ab5debdeb7eee812627d2b8f310b72d8f4079918b
Instruction Fuzzy Hash: 07F0B7798021209BC612EFD8BD01F893B65F758761F16059BF416D62B1C7310953AFE4

Function 00A195C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00A195D4
StrokeAndFillPath.GDI32(?,?,00A571F7,00000000,?,?,?), ref: 00A195F0
SelectObject.GDI32(?,00000000), ref: 00A19603
DeleteObject.GDI32 ref: 00A19616
StrokePath.GDI32(?), ref: 00A19631

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: d7ffce62a8d8ccbaa6d61a554b0162bb9f2afc585d75de69b4fdda4713e5fe4b
Instruction ID: 2b3669a2b752de7f344ec0c9654288c248786406ab24ab36680bdc36f3c60a3a
Opcode Fuzzy Hash: d7ffce62a8d8ccbaa6d61a554b0162bb9f2afc585d75de69b4fdda4713e5fe4b
Instruction Fuzzy Hash: 7DF0EC31106604EBDB16DFA9ED2C7A53B65AB01332F548216F476550F1CB308997DF34

Function 00A30F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00A310F9
__freea.LIBCMT ref: 00A31117

Part of subcall function 00A31537: _free.LIBCMT ref: 00A3154F

Strings

a/p, xrefs: 00A311DE
am/pm, xrefs: 00A3117A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: __freea$_free
String ID: a/p$am/pm
API String ID: 3432400110-3206640213
Opcode ID: 73840406fafde0dc17377e467b0cc9ce364f605d9ad369d8890b804b235c32fb
Instruction ID: cd281fbb3994b15fc40aa4804f9ab34a19ce65af5879f631bf62fd11189109aa
Opcode Fuzzy Hash: 73840406fafde0dc17377e467b0cc9ce364f605d9ad369d8890b804b235c32fb
Instruction Fuzzy Hash: A8D11471900206DBDB689F68C895BFEB7B1FF06700F28426AF941AF651D3759D80CB91

Function 00A87B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 00A20242: EnterCriticalSection.KERNEL32(00AD070C,00AD1884,?,?,00A1198B,00AD2518,?,?,?,00A012F9,00000000), ref: 00A2024D
Part of subcall function 00A20242: LeaveCriticalSection.KERNEL32(00AD070C,?,00A1198B,00AD2518,?,?,?,00A012F9,00000000), ref: 00A2028A

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A200A3: __onexit.LIBCMT ref: 00A200A9

__Init_thread_footer.LIBCMT ref: 00A87BFB

Part of subcall function 00A201F8: EnterCriticalSection.KERNEL32(00AD070C,?,?,00A18747,00AD2514), ref: 00A20202
Part of subcall function 00A201F8: LeaveCriticalSection.KERNEL32(00AD070C,?,00A18747,00AD2514), ref: 00A20235

Strings

Variable must be of type 'Object'., xrefs: 00A87C3A
5, xrefs: 00A87C78
G, xrefs: 00A87C7F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
String ID: 5$G$Variable must be of type 'Object'.
API String ID: 535116098-3733170431
Opcode ID: 20599ef0dbdd1946d154cd92114ad2f07a028b3733e4d80b828bf3e5138273a0
Instruction ID: 2510798b9498510f7d3bf591157fa69323f27f341310f3f2a807cf1c4e80e0b8
Opcode Fuzzy Hash: 20599ef0dbdd1946d154cd92114ad2f07a028b3733e4d80b828bf3e5138273a0
Instruction Fuzzy Hash: 2B915875A04209EFCB14EF98D991DADB7B2FF48304F248059F806AB292DB71EE45CB51

Function 00A62716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A6B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A621D0,?,?,00000034,00000800,?,00000034), ref: 00A6B42D

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A62760

Part of subcall function 00A6B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A621FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00A6B3F8

Part of subcall function 00A6B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00A6B355
Part of subcall function 00A6B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A62194,00000034,?,?,00001004,00000000,00000000), ref: 00A6B365
Part of subcall function 00A6B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A62194,00000034,?,?,00001004,00000000,00000000), ref: 00A6B37B

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A627CD
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A6281A

Strings

@, xrefs: 00A62832

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 415b2211b50bcfd51d57b13d73f229afced8b093e7a471f9821b567a52cff02e
Instruction ID: 8a871380b80e17aff9cc5f2d6ea7e1cc2413c2487f95069e100bdf134c96d582
Opcode Fuzzy Hash: 415b2211b50bcfd51d57b13d73f229afced8b093e7a471f9821b567a52cff02e
Instruction Fuzzy Hash: AC41FB76A00218AFDB10DFA4CD46FEEBBB8AF09700F108055FA55B7181DB706E85DBA1

Function 00A3172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00A31769
_free.LIBCMT ref: 00A31834
_free.LIBCMT ref: 00A3183E

Strings

C:\Users\user\Desktop\file.exe, xrefs: 00A31760, 00A31767, 00A31796, 00A317CE

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\file.exe
API String ID: 2506810119-1957095476
Opcode ID: 4209abaa02aec1b45911df0bafa7710eb53cebce6109b0f7ef0efc8f6d477051
Instruction ID: 6ed037ce93f42389936c587309eb988de3bad39b56ab3eb5b9e6e1d6778e5b85
Opcode Fuzzy Hash: 4209abaa02aec1b45911df0bafa7710eb53cebce6109b0f7ef0efc8f6d477051
Instruction Fuzzy Hash: 13316975A01218FFDB21DB999D85E9EBBFCEB85310F1441ABF80597211DA708E41CBA4

Function 00A6C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A6C306
DeleteMenu.USER32(?,00000007,00000000), ref: 00A6C34C
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AD1990,00F95568), ref: 00A6C395

Strings

0, xrefs: 00A6C2DF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: b87cf487f839a2397bb42db136ba51dcedab373d97ec8ef81d35f193824ada58
Instruction ID: 1d2c24a4f65a41b64c593825230d5596344490ca0b2d25c834dfc2f6f8b770c2
Opcode Fuzzy Hash: b87cf487f839a2397bb42db136ba51dcedab373d97ec8ef81d35f193824ada58
Instruction Fuzzy Hash: 59419E712043019FD720DF29D884B6ABBF8AF85320F148A1EF9A59B3D1D730E904CB62

Function 00A94416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A9CC08,00000000,?,?,?,?), ref: 00A944AA
GetWindowLongW.USER32 ref: 00A944C7
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A944D7

Strings

SysTreeView32, xrefs: 00A9447C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: b85c0681b3afc41f6a6d06a708dd106286bee74302504c58ab522cde607d2c61
Instruction ID: ad98061aa46175b343176c5698db15c4625965c0ffcb8bfea93ea13696cf65b6
Opcode Fuzzy Hash: b85c0681b3afc41f6a6d06a708dd106286bee74302504c58ab522cde607d2c61
Instruction Fuzzy Hash: 58317A32210605ABDF208F78DC45FEA7BE9EB48334F214719F979A21E0DB70AC529B50

Function 00A8304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A8335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A83077,?,?), ref: 00A83378

inet_addr.WSOCK32(?), ref: 00A8307A
_wcslen.LIBCMT ref: 00A8309B
htons.WSOCK32(00000000), ref: 00A83106

Strings

255.255.255.255, xrefs: 00A83095, 00A8309A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide_wcslenhtonsinet_addr
String ID: 255.255.255.255
API String ID: 946324512-2422070025
Opcode ID: 2d393be148fdc0cf275aea9f6a43e76078b55b719c9c48449524c4f18f57db1c
Instruction ID: 2fbd8e8bb7806d652f2a0c437a82209548d481bbd0e5c0025a87d3e44a4f4742
Opcode Fuzzy Hash: 2d393be148fdc0cf275aea9f6a43e76078b55b719c9c48449524c4f18f57db1c
Instruction Fuzzy Hash: 4931C1366042059FCF10EF68C585EAA77F0EF14B18F248159E9168B392DB72EE46C761

Function 00A93EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00A93F40
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A93F54
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A93F78

Strings

SysMonthCal32, xrefs: 00A93F0B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 4b4ce78f02cb80ce3db970d549cff52d4b21e6453a66683d90190058aff6ab92
Instruction ID: 23c7b2c9e904510fe47af9bd59a399524ee5f25fe2873eb90079efc6be6aefb5
Opcode Fuzzy Hash: 4b4ce78f02cb80ce3db970d549cff52d4b21e6453a66683d90190058aff6ab92
Instruction Fuzzy Hash: 72219C33600219BFDF25CF90DC46FEA3BB9EF48724F110215FA156B1D0DAB5A9518BA0

Function 00A94653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A94705
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A94713
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A9471A

Strings

msctls_updown32, xrefs: 00A94684

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: ba5509ccd8293b392ef94c02cb7823784de45c0fddb21ac502a2be9021f5e725
Instruction ID: 70f640599521648f0af704305768db8a84987f178316afef62210d3249cac9a4
Opcode Fuzzy Hash: ba5509ccd8293b392ef94c02cb7823784de45c0fddb21ac502a2be9021f5e725
Instruction Fuzzy Hash: 7E214FB5600208AFEB10DFA4DCD1DBA37EDEB5E3A4B140459F6019B251DB30EC12CA60

Function 00A695AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A6961D

Strings

#requireadmin, xrefs: 00A695D9
#OnAutoItStartRegister, xrefs: 00A695F3
#notrayicon, xrefs: 00A695B7

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 176396367-2734436370
Opcode ID: 361762902d75cde93068a5ba8ec5b17c94e2c664bc64fe3286dc2ed57b3bc02c
Instruction ID: 8a0486762c77c3b463b330839c3a44260908aeaca6540bad24659868cfa8e74c
Opcode Fuzzy Hash: 361762902d75cde93068a5ba8ec5b17c94e2c664bc64fe3286dc2ed57b3bc02c
Instruction Fuzzy Hash: 9B215B722046206AD731AB28ED02FBB73FCAF51300F14443AFA4AD7081EB75ED45C295

Function 00A937B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A93840
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A93850
MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A93876

Strings

Listbox, xrefs: 00A9380F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 7ff2a2411d93153ec00a9d30416b5dd6f73762dc9157b0bb352e017942eca107
Instruction ID: dd5a93cb1cbb14b1ffd61714656b4781739701b1cb31cee2af987992adf4a54d
Opcode Fuzzy Hash: 7ff2a2411d93153ec00a9d30416b5dd6f73762dc9157b0bb352e017942eca107
Instruction Fuzzy Hash: D4217C72710218BBEF21CF94DC85EBB37BAEF89764F118125F9059B190CA759C528BA0

Function 00A749F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00A74A08
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A74A5C
SetErrorMode.KERNEL32(00000000,?,?,00A9CC08), ref: 00A74AD0

Strings

%lu, xrefs: 00A74A6F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: 08a0922a6dbc3fd6b1495173065623087dd19d82ff46ecc6a444b9cfbb7a7b61
Instruction ID: 0e1c3368cdd011cbe6bc4e85aaa4b943d4ac78d0fd99b0fc5fb5dc60358c1776
Opcode Fuzzy Hash: 08a0922a6dbc3fd6b1495173065623087dd19d82ff46ecc6a444b9cfbb7a7b61
Instruction Fuzzy Hash: CA315175A00109AFDB10DF54C985EAA7BF8EF08318F1480A9F909DB252DB71ED46CB61

Function 00A941EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A9424F
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A94264
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A94271

Strings

msctls_trackbar32, xrefs: 00A94226

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: c0a7ec35a6625d3a2aa8a3945d4016a26ec4aa49ea7284357f69b44ef445ffe8
Instruction ID: 130f0d428032cd200bf0079079ddefeaee6e81916992833f79fa82cb686cdf3f
Opcode Fuzzy Hash: c0a7ec35a6625d3a2aa8a3945d4016a26ec4aa49ea7284357f69b44ef445ffe8
Instruction Fuzzy Hash: C611E332340208BEEF209F69CC06FEB3BECEF89B64F110524FA55E6090D671D8529B20

Function 00A62F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A06B57: _wcslen.LIBCMT ref: 00A06B6A

Part of subcall function 00A62DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A62DC5
Part of subcall function 00A62DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A62DD6
Part of subcall function 00A62DA7: GetCurrentThreadId.KERNEL32 ref: 00A62DDD
Part of subcall function 00A62DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A62DE4

GetFocus.USER32 ref: 00A62F78

Part of subcall function 00A62DEE: GetParent.USER32(00000000), ref: 00A62DF9

GetClassNameW.USER32(?,?,00000100), ref: 00A62FC3
EnumChildWindows.USER32(?,00A6303B), ref: 00A62FEB

Strings

%s%d, xrefs: 00A62FFF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
String ID: %s%d
API String ID: 1272988791-1110647743
Opcode ID: addf90b2b4ec69954d5e5a0ab61fd31ef51b5ebfff6eba8800cfd01ce1ba8a53
Instruction ID: 1c92905ed93d921659e44adfa316d681e9fa1eeeab33e1723525e6311e2e87e3
Opcode Fuzzy Hash: addf90b2b4ec69954d5e5a0ab61fd31ef51b5ebfff6eba8800cfd01ce1ba8a53
Instruction Fuzzy Hash: DA11A2B6700209ABDF14BF70DD85FED377AAF94314F048075F9099B192DE309A4A8B60

Function 00A95882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A958C1
SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A958EE
DrawMenuBar.USER32(?), ref: 00A958FD

Strings

0, xrefs: 00A9588F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: 0
API String ID: 3227129158-4108050209
Opcode ID: 93b5d4fe425d5fd816f8a4ffde062400cc5725b7c61ded54faf03dafe1219c01
Instruction ID: ccaaa1db9dc0a86f5089388acde202d60577553597a15f5efaec2ef940d51f99
Opcode Fuzzy Hash: 93b5d4fe425d5fd816f8a4ffde062400cc5725b7c61ded54faf03dafe1219c01
Instruction Fuzzy Hash: F4016D31A00218EFDF229F61DC45BAEBBF5FB45760F10809AE849D6151DB308A84DF21

Function 00A5D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A5D3BF
FreeLibrary.KERNEL32 ref: 00A5D3E5

Strings

X64, xrefs: 00A5D2A8
GetSystemWow64DirectoryW, xrefs: 00A5D3B9

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: GetSystemWow64DirectoryW$X64
API String ID: 3013587201-2590602151
Opcode ID: 8e1b97ad67c44b68ab9271633eea0f70f9719315e563c5d71f448c495ee179e0
Instruction ID: 3e0bc4b28803f2c5a4e62c4305db1691dd366971bda1c3f12bc4add7b3399a46
Opcode Fuzzy Hash: 8e1b97ad67c44b68ab9271633eea0f70f9719315e563c5d71f448c495ee179e0
Instruction Fuzzy Hash: 6AF0E571505B11ABD77597108C489EE7228BF10B23F60865AF817E90A9EB70C98DCA96

Function 00A6007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad85870cc57afa6e3b587c4744a946066665b0c3e05d7c7101ee776c1de0fd8
Instruction ID: e3892496e0f569dd0b6dc0aa060ca441b1b77012305eb2f02b29669e83064dcf
Opcode Fuzzy Hash: 5ad85870cc57afa6e3b587c4744a946066665b0c3e05d7c7101ee776c1de0fd8
Instruction Fuzzy Hash: 7DC13975A00206AFDB14CFA8C894EAEB7B5FF48705F218598E505EB251D731ED81DB90

Function 00A33E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A33F0B
__alldvrm.LIBCMT ref: 00A3410C
__alldvrm.LIBCMT ref: 00A3412E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction ID: e4ba6f93ce5a0463b3f3cd73c573b03e9f2f1e66cbeff6967112049be19d41cc
Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
Instruction Fuzzy Hash: 7DA17B76E047869FEB15CF18C8917AEBBF4EF6A350F14426DF5859B281C238AD81C750

Function 00A8342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A83459
CoUninitialize.OLE32 ref: 00A83463
VariantInit.OLEAUT32(?), ref: 00A8346E
VariantClear.OLEAUT32(?), ref: 00A8371B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Variant$ClearInitInitializeUninitialize
String ID:
API String ID: 1998397398-0
Opcode ID: 25c6724642342a827d8f99de94794a545ade0c927cc6d49766c4a9a5f340b81f
Instruction ID: f9d5b3b2e1ab812649d46dd2993dad83b3175ab8fc03f764c287b3c8ed89c98a
Opcode Fuzzy Hash: 25c6724642342a827d8f99de94794a545ade0c927cc6d49766c4a9a5f340b81f
Instruction Fuzzy Hash: 61A12A756046059FCB00EF28D985A6EB7E5FF88714F048859F98A9B3A2DB30FE41CB51

Function 00A60436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A605F0
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A60608
CLSIDFromProgID.OLE32(?,?,00000000,00A9CC40,000000FF,?,00000000,00000800,00000000,?,00A9FC08,?), ref: 00A6062D
_memcmp.LIBVCRUNTIME ref: 00A6064E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 93c8cc8a7a66f0ad2cbed3d9a7f84331e6f6a7c1b4f02bc85692fd523e2a884e
Instruction ID: fdbdbfc71cd92c76ff6cc31a4e6030f2eaf5200566bba6b1f5e8d1205842d62b
Opcode Fuzzy Hash: 93c8cc8a7a66f0ad2cbed3d9a7f84331e6f6a7c1b4f02bc85692fd523e2a884e
Instruction Fuzzy Hash: CC81FC75A00109EFCB04DF98C984DEEB7B9FF89315F208558E516EB250DB71AE46CB60

Function 00A41391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A414C0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: c37f55f8bc5d4601c96c35d28699c34d172b98c59c342ee5b7e14d7696386eef
Instruction ID: b3dc3f48c987576ec0cf77331aeabc05e26814b51d638437ed281b6b41237326
Opcode Fuzzy Hash: c37f55f8bc5d4601c96c35d28699c34d172b98c59c342ee5b7e14d7696386eef
Instruction Fuzzy Hash: E0412A7DA00610ABDB216BFDAD45AFE3AB4EFC2370F244235F419D6192E77488C15762

Function 00A96278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A962E2
ScreenToClient.USER32(?,?), ref: 00A96315
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A96382

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: 9d78816722b908c125012c8e6b3655ebaa1d9ed8a71ea8c86b62eabcd29cc442
Instruction ID: 70dfaea26173251af31a02e06d303e5b4f5766ae706635927f8b01352241a012
Opcode Fuzzy Hash: 9d78816722b908c125012c8e6b3655ebaa1d9ed8a71ea8c86b62eabcd29cc442
Instruction Fuzzy Hash: D0510974A00609AFDF10DF68D990AAE7BF5FF45360F10816AF9159B2A0D730ED81CB50

Function 00A81AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00A81AFD
WSAGetLastError.WSOCK32 ref: 00A81B0B
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A81B8A
WSAGetLastError.WSOCK32 ref: 00A81B94

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 85d4b70cfdc19a707b37f65e4eb8aba7b6d3f4ca571e1f1624d9472e9b227834
Instruction ID: 66e92313d8244516832a3bbd82a85fc6ce0e5b3e85214ad6aeb01256e8bbd674
Opcode Fuzzy Hash: 85d4b70cfdc19a707b37f65e4eb8aba7b6d3f4ca571e1f1624d9472e9b227834
Instruction Fuzzy Hash: 7341A374600200AFE720AF24D98AF6977E5AB44718F54C458F91A9F3D2D772ED82CB91

Function 00A3B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae5853dac9e95d8dba1a3276954053d069ccd100ae81bb0eb500e958c948b00
Instruction ID: 56dc2a340804991cb1435386430d439ab64d6a75e7858538af876835d3b737a5
Opcode Fuzzy Hash: 5ae5853dac9e95d8dba1a3276954053d069ccd100ae81bb0eb500e958c948b00
Instruction Fuzzy Hash: 63412B75A10314BFD7249F38CD42BAABBFAEB84710F10853EF252DB281D771994187A0

Function 00A756D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A75783
GetLastError.KERNEL32(?,00000000), ref: 00A757A9
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A757CE
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A757FA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 67428ccb80cc1b630a0ad1f2e2d55bd0a4695794fea8142056791096625c9745
Instruction ID: a536b3671b694a8451a87abbbcdd1527a04bba71a9b952990ec6824adb5ea0d7
Opcode Fuzzy Hash: 67428ccb80cc1b630a0ad1f2e2d55bd0a4695794fea8142056791096625c9745
Instruction Fuzzy Hash: 12414F35A00A14DFCB11EF55D944A5EBBF1EF49720B19C888E84A5B3A2CB70FD41DB91

Function 00A3D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00A26D71,00000000,00000000,00A282D9,?,00A282D9,?,00000001,00A26D71,8BE85006,00000001,00A282D9,00A282D9), ref: 00A3D910
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A3D999
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A3D9AB
__freea.LIBCMT ref: 00A3D9B4

Part of subcall function 00A33820: RtlAllocateHeap.NTDLL(00000000,?,00AD1444,?,00A1FDF5,?,?,00A0A976,00000010,00AD1440,00A013FC,?,00A013C6,?,00A01129), ref: 00A33852

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 9ade8d59299ca06fc4b628d6080416825238dbcec312a4d1a3f5e323e356929c
Instruction ID: fc7082a5b94228e8965369d3712b9ffd3d0e933645fd8520a3f4cdb8e633796e
Opcode Fuzzy Hash: 9ade8d59299ca06fc4b628d6080416825238dbcec312a4d1a3f5e323e356929c
Instruction Fuzzy Hash: 2F31BC72A0021AEBDF25DFA4EC41EAE7BA5EB44310F154269FC04DB251EB35DD51CBA0

Function 00A952C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001024,00000000,?), ref: 00A95352
GetWindowLongW.USER32(?,000000F0), ref: 00A95375
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A95382
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A953A8

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LongWindow$InvalidateMessageRectSend
String ID:
API String ID: 3340791633-0
Opcode ID: f5be4d647af11bd4e184904dfaf4a463dfbbe3feb550f9cef889f4e482a14a09
Instruction ID: e3eb6a4d2ca9f0860873e324a9ad0f3a28d338196ef315c7bd2515f17310425a
Opcode Fuzzy Hash: f5be4d647af11bd4e184904dfaf4a463dfbbe3feb550f9cef889f4e482a14a09
Instruction Fuzzy Hash: 0B31CF34F55A08EFEF269B74CC27BEA37E1AB05390F584102FA119E1E1C7B49981AB51

Function 00A6AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00A6ABF1
SetKeyboardState.USER32(00000080,?,00008000), ref: 00A6AC0D
PostMessageW.USER32(00000000,00000101,00000000), ref: 00A6AC74
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00A6ACC6

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: d0244d0ac1c2524d6238e54089e4452392770926d5823c0739f04dc9f8fe4c3c
Instruction ID: 62b3a8d7908f202137ecc12ec63a8b297a74949c81760e7e99cee8cccb4bebb2
Opcode Fuzzy Hash: d0244d0ac1c2524d6238e54089e4452392770926d5823c0739f04dc9f8fe4c3c
Instruction Fuzzy Hash: 33310730A407186FEF35CBA58C047FA7BB5ABA9320F04431AE485A21D1C375D9859B62

Function 00A97674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00A9769A
GetWindowRect.USER32(?,?), ref: 00A97710
PtInRect.USER32(?,?,00A98B89), ref: 00A97720
MessageBeep.USER32(00000000), ref: 00A9778C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 6642214b9bf0a863595573da8159540885153cf96ed73e229fc873a66d140684
Instruction ID: aa02ba317f2afa804dc0ce849402296cf78eb24336563cf666c9eacb08587e2a
Opcode Fuzzy Hash: 6642214b9bf0a863595573da8159540885153cf96ed73e229fc873a66d140684
Instruction Fuzzy Hash: 35415A38B19214EFCF11CFE8C894EADB7F5BB49314F1541A9E9159B261C730A942CBA0

Function 00A916DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00A916EB

Part of subcall function 00A63A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A63A57
Part of subcall function 00A63A3D: GetCurrentThreadId.KERNEL32 ref: 00A63A5E
Part of subcall function 00A63A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A625B3), ref: 00A63A65

GetCaretPos.USER32(?), ref: 00A916FF
ClientToScreen.USER32(00000000,?), ref: 00A9174C
GetForegroundWindow.USER32 ref: 00A91752

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: b17ffcd40d5e0f34b1e1b46c16120c911f1217cd1907326e03bc2c10b1a5c514
Instruction ID: b532e3ae10db4b79e6ac1f5954bf4356c2da10468d60f0e269928786ce069e15
Opcode Fuzzy Hash: b17ffcd40d5e0f34b1e1b46c16120c911f1217cd1907326e03bc2c10b1a5c514
Instruction Fuzzy Hash: 6B315275E00249AFDB00EFA9D981CAEB7F9EF48314B5080AAE415E7251DB319E45CFA1

Function 00A6DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625

_wcslen.LIBCMT ref: 00A6DFCB
_wcslen.LIBCMT ref: 00A6DFE2
_wcslen.LIBCMT ref: 00A6E00D
GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A6E018

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$ExtentPoint32Text
String ID:
API String ID: 3763101759-0
Opcode ID: 918c77366748eca4d46a9a64dfe0677a2227f25fba2aec38493a5c8b907b4c6f
Instruction ID: 7aa7aa68f512c11aa0f6aab1b7dae607395a1d254b29b50424d67711c20932e1
Opcode Fuzzy Hash: 918c77366748eca4d46a9a64dfe0677a2227f25fba2aec38493a5c8b907b4c6f
Instruction Fuzzy Hash: 8021E275D40224EFCB20DFA8DA81BAEB7F8EF45750F104065E815BB282D7B09E41CBA1

Function 00A6D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00A6D501
Process32FirstW.KERNEL32(00000000,?), ref: 00A6D50F
Process32NextW.KERNEL32(00000000,?), ref: 00A6D52F
CloseHandle.KERNEL32(00000000), ref: 00A6D5DC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 28f2203f660066931b1cd981e7e50da21a87ddac7c24b14eb775101ec4640758
Instruction ID: 1335366f8ca703f128c0beba125ffc1aaea47c3eb4d5ec1cd84c5f273508bdb4
Opcode Fuzzy Hash: 28f2203f660066931b1cd981e7e50da21a87ddac7c24b14eb775101ec4640758
Instruction Fuzzy Hash: F531D6716083049FD300EF54D981AAFBBF8EF99394F10052DF586871A2EB719949CB93

Function 00A98FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

GetCursorPos.USER32(?), ref: 00A99001
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A57711,?,?,?,?,?), ref: 00A99016
GetCursorPos.USER32(?), ref: 00A9905E
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A57711,?,?,?), ref: 00A99094

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 3de18ef9cbff504741503718347bc13af9c2cc1c2b2e97478dd4bf2b97d0e417
Instruction ID: 20aea0447ba11c8277fcae55f73d83dfb352a3388cc37959c0522ef772f00b79
Opcode Fuzzy Hash: 3de18ef9cbff504741503718347bc13af9c2cc1c2b2e97478dd4bf2b97d0e417
Instruction Fuzzy Hash: 9E217C35700018BFCF25CF99C898EEB7BF9EB49360F04405AF9154B261C73299A1DB61

Function 00A6D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00A9CB68), ref: 00A6D2FB
GetLastError.KERNEL32 ref: 00A6D30A
CreateDirectoryW.KERNEL32(?,00000000), ref: 00A6D319
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A9CB68), ref: 00A6D376

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 70d962cad9fcce28acbf39d4243ac63aaa93670cfde9f9e3dd47170efa041a19
Instruction ID: 3c355c4f701615430c84a7ab6e0c834d24d924b7e4d9b138181ce6e82f1f2a6b
Opcode Fuzzy Hash: 70d962cad9fcce28acbf39d4243ac63aaa93670cfde9f9e3dd47170efa041a19
Instruction Fuzzy Hash: 9C219170A042019FC710EF64D9818AB77F4AE553A4F504A1DF499DB3E1EB30D946CB93

Function 00A61571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A61014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A6102A
Part of subcall function 00A61014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A61036
Part of subcall function 00A61014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61045
Part of subcall function 00A61014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A6104C
Part of subcall function 00A61014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A61062

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00A615BE
_memcmp.LIBVCRUNTIME ref: 00A615E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A61617
HeapFree.KERNEL32(00000000), ref: 00A6161E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 84b9c478402aaa14b5953865d4dfccd14cff27071ffff2a000302e39f034bb9d
Instruction ID: 5b063b117d0ba403d629cc94f3d33bc172f8243844f2574b57cea977cdefa101
Opcode Fuzzy Hash: 84b9c478402aaa14b5953865d4dfccd14cff27071ffff2a000302e39f034bb9d
Instruction Fuzzy Hash: 7F217C75E00109EFDF10DFA8C945BEEBBB8EF44354F194459E441AB241EB70AA05CBA0

Function 00A92782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00A9280A
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A92824
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A92832
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A92840

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 10ed45f434b1f2f49f90ae1d9a72770e30898d4db464530125da5f2884146007
Instruction ID: a61e797f736fbd29800a2e60e8ec58d47e1f029baae5308bc3fc4a15cdf40138
Opcode Fuzzy Hash: 10ed45f434b1f2f49f90ae1d9a72770e30898d4db464530125da5f2884146007
Instruction Fuzzy Hash: A021BD31304511BFDB14DB24CC44FAA7BA5AF85324F148259F42A8B6E2CB71FC82CBA0

Function 00A678F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00A68D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?), ref: 00A68D8C
Part of subcall function 00A68D7D: lstrcpyW.KERNEL32(00000000,?,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A68DB2
Part of subcall function 00A68D7D: lstrcmpiW.KERNEL32(00000000,?,00A6790A,?,000000FF,?,00A68754,00000000,?,0000001C,?,?), ref: 00A68DE3

lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67923
lstrcpyW.KERNEL32(00000000,?,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67949
lstrcmpiW.KERNEL32(00000002,cdecl,?,00A68754,00000000,?,0000001C,?,?,00000000), ref: 00A67984

Strings

cdecl, xrefs: 00A6797B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 2643003f3ffea8a4f279826d58dc1fda8e94879b41d168db48a245e45890983f
Instruction ID: ded635a6ca30a101a1a784ee240d98b6f22fe1eb600ef95c8d88e2a21a65e8ac
Opcode Fuzzy Hash: 2643003f3ffea8a4f279826d58dc1fda8e94879b41d168db48a245e45890983f
Instruction Fuzzy Hash: 5711003A200242AFCB159F38C844E7A77F9FF85394B50802AF806CB2A4EF319801C7A1

Function 00A97CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00A97D0B
SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A97D2A
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A97D42
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00A7B7AD,00000000), ref: 00A97D6B

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 4a750c39ef7c5e49b809463c7a6a83ee08ec36413fa036fad23b41d4a56adf6d
Instruction ID: c1f45890f2c7300521bf29f303e43146e691e7c5002edcaa4059b94f0a99286f
Opcode Fuzzy Hash: 4a750c39ef7c5e49b809463c7a6a83ee08ec36413fa036fad23b41d4a56adf6d
Instruction Fuzzy Hash: DA118C71629615AFCF10DFA8DC04AAA3BA5AF45360F154725F83AC72E0DB309D52CB60

Function 00A95660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001060,?,00000004), ref: 00A956BB
_wcslen.LIBCMT ref: 00A956CD
_wcslen.LIBCMT ref: 00A956D8
SendMessageW.USER32(?,00001002,00000000,?), ref: 00A95816

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend_wcslen
String ID:
API String ID: 455545452-0
Opcode ID: 717837b78b7917a35b2c26fc86f816d45a01bfce8d97bc27fab4a3752ebab88c
Instruction ID: f9849cae54a6c2da4ff746e8c473e0dd67ec79a074e0887908ac195fc10d87df
Opcode Fuzzy Hash: 717837b78b7917a35b2c26fc86f816d45a01bfce8d97bc27fab4a3752ebab88c
Instruction Fuzzy Hash: 4F11B471F00614A6DF21DFB5DC86AEE77FCAF51760B108026FA15D6081EB748980CBA0

Function 00A31D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1832179f30c2399cc3dd5e2af1c6d1ba1d99498cc162afe0a26a0c550b7431
Instruction ID: 704e0c0c1b95bbc3082a5883ac81292c889c59924bde492f772cd57c1869fcb2
Opcode Fuzzy Hash: 2f1832179f30c2399cc3dd5e2af1c6d1ba1d99498cc162afe0a26a0c550b7431
Instruction Fuzzy Hash: DD0181B2209A167EF6212BB87CC1F67676DDF867F8F340326F521A11D2DB609C015170

Function 00A61A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00A61A47
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A59
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A6F
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A61A8A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: a5c3c5ba7c4403a3a18d071a11db5d69cd89882d12b41d7b47c4bee37e627cd1
Instruction ID: 0838ec502c51af8115628b08a327a16e43c778add029afcf7191a5d863c3aab1
Opcode Fuzzy Hash: a5c3c5ba7c4403a3a18d071a11db5d69cd89882d12b41d7b47c4bee37e627cd1
Instruction Fuzzy Hash: 9E11393AD01219FFEB11DBE4CD85FADBB78EB18750F240492EA04B7290D6716E50DB94

Function 00A6E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A6E1FD
MessageBoxW.USER32(?,?,?,?), ref: 00A6E230
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A6E246
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A6E24D

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: b81b14355c4ea47698bb2db0ab543e830cbb9c1cf786af9b638cfb671b4eb106
Instruction ID: bad64b993f77ba0c665a92f7932e90dff94dc29d8516185a4c777fba1e08d44f
Opcode Fuzzy Hash: b81b14355c4ea47698bb2db0ab543e830cbb9c1cf786af9b638cfb671b4eb106
Instruction Fuzzy Hash: 2711C876A04254BBCB01DBF89C09ADE7FBDAB45320F144256F915D7291D6708A0587A0

Function 00A2D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,00A2CFF9,00000000,00000004,00000000), ref: 00A2D218
GetLastError.KERNEL32 ref: 00A2D224
__dosmaperr.LIBCMT ref: 00A2D22B
ResumeThread.KERNEL32(00000000), ref: 00A2D249

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Thread$CreateErrorLastResume__dosmaperr
String ID:
API String ID: 173952441-0
Opcode ID: ccdcfb598d3d85f1f526ed754ff33a381746c55d24537d5f1cf410e15142eccf
Instruction ID: d516fa80b8a16416c6d950ec6e02992b4ac817a143e477a42a7a65731d95630d
Opcode Fuzzy Hash: ccdcfb598d3d85f1f526ed754ff33a381746c55d24537d5f1cf410e15142eccf
Instruction Fuzzy Hash: 5F01C436505224BBDB115BA9EC09BEE7A69EF81730F100239F925961D1CF708901C7A0

Function 00A99EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 00A19BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A19BB2

GetClientRect.USER32(?,?), ref: 00A99F31
GetCursorPos.USER32(?), ref: 00A99F3B
ScreenToClient.USER32(?,?), ref: 00A99F46
DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00A99F7A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 297db2bf5a6fd24f7e61036112a50c94e252e99ec44eccb9a654a0bca11998d1
Instruction ID: bb887d0305ca1a4610ff749f6a2a801d5ae562f3a2e04cd9e9b0e6ee01c40eb3
Opcode Fuzzy Hash: 297db2bf5a6fd24f7e61036112a50c94e252e99ec44eccb9a654a0bca11998d1
Instruction Fuzzy Hash: D0111532A0051ABBDF10DFA8D9899EFB7B9FB45311F40045AF912E7150D730BA82CBA1

Function 00A0600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
GetStockObject.GDI32(00000011), ref: 00A06060
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 9f271e7405eabcd8c9c018798e264111ceccc90dec8a77450d4ad7a3142d8c87
Instruction ID: c5f4279b20ae61f99206132607e56f8a80bd990dfca8606b35ab37651e7c6e33
Opcode Fuzzy Hash: 9f271e7405eabcd8c9c018798e264111ceccc90dec8a77450d4ad7a3142d8c87
Instruction Fuzzy Hash: B611A17250150CBFEF128FD4DC44EEA7B69EF08369F044202FA0452050DB329C60DBA0

Function 00A23B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 00A23B56

Part of subcall function 00A23AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A23AD2
Part of subcall function 00A23AA3: ___AdjustPointer.LIBCMT ref: 00A23AED

_UnwindNestedFrames.LIBCMT ref: 00A23B6B
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A23B7C
CallCatchBlock.LIBVCRUNTIME ref: 00A23BA4

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction ID: 8004581a8a9123efcf5f816695b88dba15a0dd6c0c554cb52267a06c14b5db80
Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
Instruction Fuzzy Hash: D4012933100158BBDF126F9AED42EEB3F6AEF49754F044024FE4856121C736E961DBA0

Function 00A33073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A013C6,00000000,00000000,?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue), ref: 00A330A5
GetLastError.KERNEL32(?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue,00AA2290,FlsSetValue,00000000,00000364,?,00A32E46), ref: 00A330B1
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A3301A,00A013C6,00000000,00000000,00000000,?,00A3328B,00000006,FlsSetValue,00AA2290,FlsSetValue,00000000), ref: 00A330BF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 69c24edae25213b735c8e73c2e25fe67b29fd1645ffae57cc23df21de1963667
Instruction ID: 0714ef217ff92d95fd1d19af37316fa52c361908b8511d39bd83cf447ce1d3ed
Opcode Fuzzy Hash: 69c24edae25213b735c8e73c2e25fe67b29fd1645ffae57cc23df21de1963667
Instruction Fuzzy Hash: 1D01AC33749732ABCF358BB9AC44A5777989F46771F210621F946D7150DB21DD02C6E0

Function 00A67464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00A6747F
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00A67497
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00A674AC
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00A674CA

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: fc35bb38a3aa17799cb01d62a7b6048f27c3cd8c397f2ef1c52a048bdf77661b
Instruction ID: 90c771b78e7ce0899cde014d71f0f44e07800f7a6eb94408b58b6216158c01e4
Opcode Fuzzy Hash: fc35bb38a3aa17799cb01d62a7b6048f27c3cd8c397f2ef1c52a048bdf77661b
Instruction Fuzzy Hash: C811ADB5315710ABE720CF58DD0CB9A7BFCEB40B18F50856AA616D6191DFB0E904DBA0

Function 00A6B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0C4
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0E9
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B0F3
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A6ACD3,?,00008000), ref: 00A6B126

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 7b4d088afe67b7d8c12160c2682d7c80211dd9bd61a39ef893efbcf1e9f76515
Instruction ID: 0fcfb8a4cc998fc8076b8e1f7e8717cff5ae32edb75e2586e34758037ad78b86
Opcode Fuzzy Hash: 7b4d088afe67b7d8c12160c2682d7c80211dd9bd61a39ef893efbcf1e9f76515
Instruction Fuzzy Hash: 42115E31D1192CE7CF00DFE4E9586EEBF78FF0A711F114286D941B2145CB3095918B65

Function 00A97E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00A97E33
ScreenToClient.USER32(?,?), ref: 00A97E4B
ScreenToClient.USER32(?,?), ref: 00A97E6F
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A97E8A

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 44b2ac7f83054980735b29488f5d1408f9723742174eb7d79f16d0e6c14737c1
Instruction ID: 0b2d943428e43dd30e7579cb9bf1e45f71ca076d47c2f88ee15a50dbdf42b462
Opcode Fuzzy Hash: 44b2ac7f83054980735b29488f5d1408f9723742174eb7d79f16d0e6c14737c1
Instruction Fuzzy Hash: 771113B9E0064AAFDB41DF98C9849EEBBF5FB08310F505056E915E2210D735AA55CF50

Function 00A62DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A62DC5
GetWindowThreadProcessId.USER32(?,00000000), ref: 00A62DD6
GetCurrentThreadId.KERNEL32 ref: 00A62DDD
AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A62DE4

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 66c96867295f95b4dbb3b43bdc1db020072f4fa9b88bbb3b4a47b4daaa9b62ad
Instruction ID: d94925ae98c8d83358e8d5adf6638b604c7ccdc006ac0e40c0cc92d42c0acfe8
Opcode Fuzzy Hash: 66c96867295f95b4dbb3b43bdc1db020072f4fa9b88bbb3b4a47b4daaa9b62ad
Instruction Fuzzy Hash: 8AE06D71201A24BADB205BA29C0DFEB7E7CEB42BB1F401516B205D10909AA18942C7B0

Function 00A98863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00A19639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A19693
Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196A2
Part of subcall function 00A19639: BeginPath.GDI32(?), ref: 00A196B9
Part of subcall function 00A19639: SelectObject.GDI32(?,00000000), ref: 00A196E2

MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A98887
LineTo.GDI32(?,?,?), ref: 00A98894
EndPath.GDI32(?), ref: 00A988A4
StrokePath.GDI32(?), ref: 00A988B2

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 9cceb47d378750a699f9f5a36f28c881cb2ed7cf87484565d61bee2ce40b2cff
Instruction ID: 4a12b9ed25d50a4cc5ca1cc45ed1cb64edc5094f3b32dd897e75ae30934ee5d0
Opcode Fuzzy Hash: 9cceb47d378750a699f9f5a36f28c881cb2ed7cf87484565d61bee2ce40b2cff
Instruction Fuzzy Hash: B1F05E36242658FADB12AFD4AC09FCE3F59AF06320F448102FA22650E1CB795552CFF9

Function 00A198B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A198CC
SetTextColor.GDI32(?,?), ref: 00A198D6
SetBkMode.GDI32(?,00000001), ref: 00A198E9
GetStockObject.GDI32(00000005), ref: 00A198F1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Color$ModeObjectStockText
String ID:
API String ID: 4037423528-0
Opcode ID: 6618d8c72677d3248620b20b706915db92149d8f97ed64017c6e199632c20255
Instruction ID: 336d1b6b52ae8ee8871438488a279aec7ab6e39e8be4cca7ed37e5830c49f7fe
Opcode Fuzzy Hash: 6618d8c72677d3248620b20b706915db92149d8f97ed64017c6e199632c20255
Instruction Fuzzy Hash: 62E06D31344A80ABDB219BB4BC09BED3F20AB12336F14831AFAFA580E1CB714645DB10

Function 00A6162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00A61634
OpenThreadToken.ADVAPI32(00000000,?,?,?,00A611D9), ref: 00A6163B
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00A611D9), ref: 00A61648
OpenProcessToken.ADVAPI32(00000000,?,?,?,00A611D9), ref: 00A6164F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 9bbbcbe536ac788a8dd2efc6440e5fe4955c6176c30f99b7ac82b2cd95ece48e
Instruction ID: f453d45511f0c8f242a4706b57a3a5b35dff982aa5d4f7edd42acad5e2e6327f
Opcode Fuzzy Hash: 9bbbcbe536ac788a8dd2efc6440e5fe4955c6176c30f99b7ac82b2cd95ece48e
Instruction Fuzzy Hash: D0E08639701211EBDB205FE09E0DB873F7CAF447A5F188809F345C9080DE344542C760

Function 00A5D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A5D858
GetDC.USER32(00000000), ref: 00A5D862
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A5D882
ReleaseDC.USER32(?), ref: 00A5D8A3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 7f80aaa12568f6ffb2b3c2c46206e9578ccc07d36732f9430c679d7f1dc07f64
Instruction ID: 00058388e89d7c65f40bedddc94778b8f70bfe0eb390d37e7b2c53c2a31cc2fc
Opcode Fuzzy Hash: 7f80aaa12568f6ffb2b3c2c46206e9578ccc07d36732f9430c679d7f1dc07f64
Instruction Fuzzy Hash: 23E01AB5900605DFCF41DFE0D90866DBBB1FB08321F14900AE906E7250CF399942AF50

Function 00A5D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00A5D86C
GetDC.USER32(00000000), ref: 00A5D876
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A5D882
ReleaseDC.USER32(?), ref: 00A5D8A3

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 1495102c1b1bdd16c5b7aba3e3eb1988a735c57864ab18454a228c1d03615e8d
Instruction ID: d40fef7d361b3529daaf0ad96b7e0d9fb2f5cc6aaca4b6da5d8ef6500cf65010
Opcode Fuzzy Hash: 1495102c1b1bdd16c5b7aba3e3eb1988a735c57864ab18454a228c1d03615e8d
Instruction Fuzzy Hash: 92E092B5A00605EFCF51EFE0D90866DBBB5BB08321F14944AEA4AE7250CF399942AF50

Function 00A74D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00A07620: _wcslen.LIBCMT ref: 00A07625

WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A74ED4

Strings

LPT, xrefs: 00A74DFB
*, xrefs: 00A74E10

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Connection_wcslen
String ID: *$LPT
API String ID: 1725874428-3443410124
Opcode ID: 25448fac6ebe4f25bd44f3985a974517e0f5c0c94a1534bbd4e34efce2a788b5
Instruction ID: ef5dd510de09d9257f930336a2aa8c8056de670c53ed8c799a3611e432d53d83
Opcode Fuzzy Hash: 25448fac6ebe4f25bd44f3985a974517e0f5c0c94a1534bbd4e34efce2a788b5
Instruction Fuzzy Hash: 94917175A002049FCB14DF58C984EAABBF5BF48714F19C099E80A9F3A2D735ED85CB91

Function 00A2E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00A2E30D

Strings

pow, xrefs: 00A2E2E5, 00A2E302

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 07cf807acd2faf2c17c1ace3afd170985e647aabca7694275ee0280ff1be65bc
Instruction ID: d33295125624fcdd27119aa13e877883a3bc95a1f52810c47212f7505e96e20c
Opcode Fuzzy Hash: 07cf807acd2faf2c17c1ace3afd170985e647aabca7694275ee0280ff1be65bc
Instruction Fuzzy Hash: F5513DB1A0C20296CB35F71CEA417BD3BA4AF40781F344978F496462E9DB358CD59B86

Function 00A1E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#, xrefs: 00A1E1B1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: a31a85eff4211af3702de4ddda38b05690f02a0e2e148598474519ee15445653
Instruction ID: e3092182d3e78e4c313c10ce93ed8f647562bd9f3e8b5f4b482622bb681db9dd
Opcode Fuzzy Hash: a31a85eff4211af3702de4ddda38b05690f02a0e2e148598474519ee15445653
Instruction Fuzzy Hash: C8513271A00256DFDF19DF68D091AFA7BA9FF29311F244059FC919B2C0D6309E86CBA0

Function 00A1F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00A1F2A2
GlobalMemoryStatusEx.KERNEL32(?), ref: 00A1F2BB

Strings

@, xrefs: 00A1F2AF

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: f29423f939949d273c7f298400a7bafc329ec4bee7e7a2d80d12c3c92546a9b6
Instruction ID: 26807b64d2219ab06e36f5f3728af13ad3466ce93afc334501c5622e396cdca6
Opcode Fuzzy Hash: f29423f939949d273c7f298400a7bafc329ec4bee7e7a2d80d12c3c92546a9b6
Instruction Fuzzy Hash: EC5155718087499BD320EF50E986BAFBBF8FB84310F81894DF199411A5EB309529CB67

Function 00A85745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00A857E0
_wcslen.LIBCMT ref: 00A857EC

Strings

CALLARGARRAY, xrefs: 00A857E6, 00A857EB

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: BuffCharUpper_wcslen
String ID: CALLARGARRAY
API String ID: 157775604-1150593374
Opcode ID: 97f3108c565f606a008cd721671a8a76b3c1c80613e0ee1a40231de4a15c4927
Instruction ID: 0b33954887aeb35f64a227650a85cbdffd8dfd0cc1dde1f77adff6bba2103099
Opcode Fuzzy Hash: 97f3108c565f606a008cd721671a8a76b3c1c80613e0ee1a40231de4a15c4927
Instruction Fuzzy Hash: 29419171E006099FCB14EFB9C9819EEBBF5FF59324F10406AE905A7291EB709D81DB90

Function 00A7D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A7D130
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A7D13A

Strings

|, xrefs: 00A7D10B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CrackInternet_wcslen
String ID: |
API String ID: 596671847-2343686810
Opcode ID: 210e42364f57ffc6f1fbbf6141389d8b5e810312160121f54f3eb640bdf2ca6b
Instruction ID: 12dc46bab57ad61784c3c6d67ee5dcc54c3c0784e829cbe282ae3cd1283c433c
Opcode Fuzzy Hash: 210e42364f57ffc6f1fbbf6141389d8b5e810312160121f54f3eb640bdf2ca6b
Instruction Fuzzy Hash: 41313E71D00219ABCF15EFA4DD85AEE7FB9FF04304F404119F819A61A2E731AA56CB60

Function 00A9356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00A93621
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A9365C

Strings

static, xrefs: 00A935BC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: d3fdf7c085f9d58987702a85c4cac6d4d984d0deae59f2c6f64f8ae9ec951243
Instruction ID: 96e33243aec671736260ef21c1838102a60d82f92288871578335fcb330dfe75
Opcode Fuzzy Hash: d3fdf7c085f9d58987702a85c4cac6d4d984d0deae59f2c6f64f8ae9ec951243
Instruction Fuzzy Hash: 65317872200604AEDF10DF68D880ABB73F9FF88724F10961AF9A5D7280DA31A991D760

Function 00A94537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A9461F
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A94634

Strings

', xrefs: 00A9458E

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: fd9c074450b10d11fba2c59e99b83a2890921231802a22793039397e4f12c24b
Instruction ID: 269388906a6dedbcd9c95cc0bfd3702ffafd4eb116cca13f3626ba5f826cfa6a
Opcode Fuzzy Hash: fd9c074450b10d11fba2c59e99b83a2890921231802a22793039397e4f12c24b
Instruction Fuzzy Hash: 933117B4B012099FDF14CFA9C990BDA7BF5FB09300F11416AE905AB341E770A942CF90

Function 00A931EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A9327C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A93287

Strings

Combobox, xrefs: 00A93249

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: c6e68b2a2555fd126bb945860717103d74d6b46e9c9c519b30106dfc6bab8ad3
Instruction ID: 11c632a20383bf9c9d4b01bb3de57714fb1e4906af9c0af2b131c3ad2aae1aee
Opcode Fuzzy Hash: c6e68b2a2555fd126bb945860717103d74d6b46e9c9c519b30106dfc6bab8ad3
Instruction Fuzzy Hash: 6E11B2723002087FFF25DF94DC84EFB37AAEBA4364F104529FA1997290D6759D518760

Function 00A93710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00A0600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A0604C
Part of subcall function 00A0600E: GetStockObject.GDI32(00000011), ref: 00A06060
Part of subcall function 00A0600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A0606A

GetWindowRect.USER32(00000000,?), ref: 00A9377A
GetSysColor.USER32(00000012), ref: 00A93794

Strings

static, xrefs: 00A93757

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 78dfec82e00f8f1153ee8554d507b9d059f6704e19639f3e10b5a103d5597bda
Instruction ID: 84fd2f1f3e58e4b4d46d79d237f8f9e89d4af875594c2dc666693165b21bf15a
Opcode Fuzzy Hash: 78dfec82e00f8f1153ee8554d507b9d059f6704e19639f3e10b5a103d5597bda
Instruction Fuzzy Hash: 1C1126B2610209AFDF00DFA8CD46AEA7BF8FB08314F004915F956E2250EB35E8619B60

Function 00A7CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A7CD7D
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A7CDA6

Strings

<local>, xrefs: 00A7CD66

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 7aa1dab7c6af8b39940f21187559a9cd9a29af724f5b9a9c0daa4bc3cd8a465e
Instruction ID: 71b0468a880698e8d54a4d3d45984c1a02041f194db0d2a94abb5086abc31c92
Opcode Fuzzy Hash: 7aa1dab7c6af8b39940f21187559a9cd9a29af724f5b9a9c0daa4bc3cd8a465e
Instruction Fuzzy Hash: 3811A071205631BAD7384BA68C49EE7BEACEB127B4F00C22EB10D82181D6649941D6F0

Function 00A93429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00A934AB
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00A934BA

Strings

edit, xrefs: 00A9348F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 708c1ca1fb7f08657bf83b1d52244d77f08c5b27e6d3ce502109816d465ccb8c
Instruction ID: bf4a69558cf6e653c9994751061732d187c06cbf149c6ebc4f8e0e86cdeeb3c3
Opcode Fuzzy Hash: 708c1ca1fb7f08657bf83b1d52244d77f08c5b27e6d3ce502109816d465ccb8c
Instruction Fuzzy Hash: 10116D72200108AAEF118F64DC44AAA37FAEB85779F514724F965931D0C775EC519760

Function 00A66C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

CharUpperBuffW.USER32(?,?,?), ref: 00A66CB6
_wcslen.LIBCMT ref: 00A66CC2

Strings

STOP, xrefs: 00A66CBC, 00A66CC1

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen$BuffCharUpper
String ID: STOP
API String ID: 1256254125-2411985666
Opcode ID: e55d6c521c93dfc3ce420039c12320caa43d08512263e75b1e3fa4ccb889c48b
Instruction ID: 0483fe8beeea1c490312d422be816918011758a0765de8fa254b286b9757ef5f
Opcode Fuzzy Hash: e55d6c521c93dfc3ce420039c12320caa43d08512263e75b1e3fa4ccb889c48b
Instruction Fuzzy Hash: DB01D232A0092ACBCB20AFFDDD809BF77B5EF65714B100538E862971D1EB31D940C650

Function 00A61CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A61D4C

Strings

ComboBox, xrefs: 00A61CEB
ListBox, xrefs: 00A61D16

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: bc2c67483f60637f693a848ba33419c4a34c4c6469c193e45598e00d60a27c42
Instruction ID: 8e97d3ff186cf048b9a5b82b0da644b35bab70cef61432584fcb7577cda5287a
Opcode Fuzzy Hash: bc2c67483f60637f693a848ba33419c4a34c4c6469c193e45598e00d60a27c42
Instruction Fuzzy Hash: 5901B571A01218ABCF04EBA4DD51DFF7BB8FB56350F040919F822573C2EA30590D8660

Function 00A61BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,00000180,00000000,?), ref: 00A61C46

Strings

ComboBox, xrefs: 00A61BE5
ListBox, xrefs: 00A61C10

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: 61e1d128858cadce18ed9d9c21db7954dcc60a6d8b06696efcd70f21c1d672e0
Instruction ID: 96226f7fbc310f41266a0850a1c11d24c6549d7863831fb2a139ab1d3b126bd0
Opcode Fuzzy Hash: 61e1d128858cadce18ed9d9c21db7954dcc60a6d8b06696efcd70f21c1d672e0
Instruction Fuzzy Hash: 3401A775B811086ADF04EBA0DA52EFF7BB89B11340F140019B506672C2EA249E1C96B1

Function 00A61C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,00000182,?,00000000), ref: 00A61CC8

Strings

ComboBox, xrefs: 00A61C69
ListBox, xrefs: 00A61C94

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: b9af66f8b79b8936aa32efa03d4b5fb65b993f5a429a042932c012f9bfb0b9d7
Instruction ID: 8479dc9130bec1a25188bfed30bfdd4c03b488b0160afea70ab57714eb6d1e6c
Opcode Fuzzy Hash: b9af66f8b79b8936aa32efa03d4b5fb65b993f5a429a042932c012f9bfb0b9d7
Instruction Fuzzy Hash: 5001A7B1A4011866DB04E7A0DB01EFF7BB89B11340F140415B801732C2EA209F19D671

Function 00A61D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A09CB3: _wcslen.LIBCMT ref: 00A09CBD

Part of subcall function 00A63CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A63CCA

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A61DD3

Strings

ComboBox, xrefs: 00A61D75
ListBox, xrefs: 00A61DA0

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ClassMessageNameSend_wcslen
String ID: ComboBox$ListBox
API String ID: 624084870-1403004172
Opcode ID: eb45d6d24d7f5784d4f75fe895e73ece3ff2c144db775e0ba0f7d42ab0f5f1f8
Instruction ID: 18ce55277a2d09eae34cea6aa43c87883eda6bebbd93d858ba585232b96d280a
Opcode Fuzzy Hash: eb45d6d24d7f5784d4f75fe895e73ece3ff2c144db775e0ba0f7d42ab0f5f1f8
Instruction Fuzzy Hash: 89F0A471F41218AADB04E7A4DE52FFF7BB8AB01350F080D19B922632C2EA60690D8261

Function 00A8747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00A87493
_wcslen.LIBCMT ref: 00A874B9

Strings

3, 3, 16, 1, xrefs: 00A87483

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: _wcslen
String ID: 3, 3, 16, 1
API String ID: 176396367-3042988571
Opcode ID: 70370a97feae3e58f5f5a4493f2a5b81c52e819972f3e6f01f6475343c416291
Instruction ID: 9de4e2a349c86fd234508ce4d8daffe07d0b342fe07db665cc48fa9670e3e31d
Opcode Fuzzy Hash: 70370a97feae3e58f5f5a4493f2a5b81c52e819972f3e6f01f6475343c416291
Instruction Fuzzy Hash: 01E02B02204230209331337DADC1A7F5689DFC9750734183BF995C2266EAD4CDD193A0

Function 00A60B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A60B23

Strings

AutoIt, xrefs: 00A60B17
Error allocating memory., xrefs: 00A60B1C

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: 1c267838235e7048e0f8ecde2f16937c16b0fe725969424f825e7a4d4396d79b
Instruction ID: 6c033f17a417524e8942489964cc6f67b5c0b44c7938aea57754ddfb243ddfe6
Opcode Fuzzy Hash: 1c267838235e7048e0f8ecde2f16937c16b0fe725969424f825e7a4d4396d79b
Instruction Fuzzy Hash: 59E0DF323887183AD61037947D03FCA7AC49F09B64F10082AFB88994C38EE224E006A9

Function 00A20D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00A1F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A20D71,?,?,?,00A0100A), ref: 00A1F7CE

IsDebuggerPresent.KERNEL32(?,?,?,00A0100A), ref: 00A20D75
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A0100A), ref: 00A20D84

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A20D7F

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 53dd62170cced23a14f53385aec95f9c5834fd91c2c27f195576ab0523766aa1
Instruction ID: 67f0bf4e16775ebfc0e97c3fb8f8cad2ff48c7b11f48e0443f2adc59cd76bc39
Opcode Fuzzy Hash: 53dd62170cced23a14f53385aec95f9c5834fd91c2c27f195576ab0523766aa1
Instruction Fuzzy Hash: E1E06D743017518FD760EFBCE504B827BE0AB00740F00493EE482C6652EBB0E4458B91

Function 00A73017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A7302F
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A73044

Strings

aut, xrefs: 00A73038

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 9088b4043ecaf5b7cbca19888d8380a5fe2fc5ec2ff23b2b65581c4244ee73d0
Instruction ID: 13400c0573b0a0ffcbd287b31fccd0de9e3735fe772184fe63c3982df145f9e0
Opcode Fuzzy Hash: 9088b4043ecaf5b7cbca19888d8380a5fe2fc5ec2ff23b2b65581c4244ee73d0
Instruction Fuzzy Hash: 24D05B7150031477DA20E7D89C0DFC73A6CD704760F0005527655D2091DEB09545CAD0

Function 00A5D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00A5D220

Strings

X64, xrefs: 00A5D2A8
%.3d, xrefs: 00A5D22B

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$X64
API String ID: 481472006-1077770165
Opcode ID: f264dc80c6e4682e0c26db7d3d8b485839ded9839aa4c1a1d2c55aff02363b54
Instruction ID: 63d8794a266382741623f6c7ec0710268c3749f257e3f5c28f0c7827c811e36e
Opcode Fuzzy Hash: f264dc80c6e4682e0c26db7d3d8b485839ded9839aa4c1a1d2c55aff02363b54
Instruction Fuzzy Hash: E8D012B580C148FDCB6097D0CC459FDB37CBB08302F508456FC0691040D634D54CAB61

Function 00A92322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A9232C
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A9233F

Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3

Strings

Shell_TrayWnd, xrefs: 00A92325

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: c1a3f66732c8d689999ee4330b07126d5c11d25b58880e99b14a331bd0a1788e
Instruction ID: 6fa356245a506a0c9efa57c9b2ea420452a38b2b403dbf3bfc0417d06483f1b6
Opcode Fuzzy Hash: c1a3f66732c8d689999ee4330b07126d5c11d25b58880e99b14a331bd0a1788e
Instruction Fuzzy Hash: 27D0C936394710B6E664E7B09C0FFC6AA24AF00B20F0149167745AA1D4C9A4A8028A54

Function 00A92356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A9236C
PostMessageW.USER32(00000000), ref: 00A92373

Part of subcall function 00A6E97B: Sleep.KERNEL32 ref: 00A6E9F3

Strings

Shell_TrayWnd, xrefs: 00A92365

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: f351dbe3bee7ccc8d5313af0c2245f7af543e51a122f081eba60467e8b8f2188
Instruction ID: 07a6fd3226b25ef7cc9a96b1952f615934bf535ff9f7e873619368cf4ac51f5c
Opcode Fuzzy Hash: f351dbe3bee7ccc8d5313af0c2245f7af543e51a122f081eba60467e8b8f2188
Instruction Fuzzy Hash: 98D0C9363C17107AE664E7B09C0FFC6A624AB04B20F0149167745AA1D4C9A4A8028A54

Function 00A3BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A3BE93
GetLastError.KERNEL32 ref: 00A3BEA1
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A3BEFC

Memory Dump Source

Source File: 00000000.00000002.2931461462.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2931438743.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000A9C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931544239.0000000000AC2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931610299.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2931636525.0000000000AD4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: f30803284fcd569138ebfe137607432e2cc720968c0e6c88609b75d8cc9aeec9
Instruction ID: 6f7f2c627aea8653ff983b9fd4818989a63c0e088727f41d39dfaf026117f52a
Opcode Fuzzy Hash: f30803284fcd569138ebfe137607432e2cc720968c0e6c88609b75d8cc9aeec9
Instruction Fuzzy Hash: 3241D734615216AFCF21CFA8DD54ABABBB6AF41320F245169FA599B1A1DB30CD01CB70

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.67

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Static File Info

General

File Icon

Windows Analysis Report
file.exe

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre